Will ‘Federated Learning of Cohorts’ preserve user privacy? The jury is still out
Over the years, web developers have dreamed up dozens of cute error pages to remind visitors to switch on cookies in their browsers.
Most are riffs on the eponymous baked snack (“Will work for cookies”) or Sesame Street’s Cookie Monster.
But the Cookie Monster may soon have fewer job opportunities – at least, that’s if Google gets its way. The internet giant plans to replace at least part of the cookie ecosystem with its own technology. And these changes could have a far-reaching impact on security and privacy on the web.
The cookie crumbles
In 2020, Google announced that it would phase out support in Chrome for ‘third-party’ cookies, which are used by advertisers, and others, to track users as they move across the internet.
According to Gareth Haken, an analyst at the Information Security Forum (ISF), third-party cookies are favored by the large social media companies and are often placed on sites via social media buttons. But, he says, the tide has been turning against third-party cookies for some time.
Safari and Firefox blocked the technology some time ago, so Google is playing catch-up.
“This will speed up the death of third-party cookies, especially with Chrome banning them… but this will affect only those looking to track users around the internet, such as advertisers,” Haken told The Daily Swig.
What will not change is the way websites use their own cookies. Cookie technology is here to stay, with Google – and others – maintaining that first-party cookies are essential to the smooth running of the internet. “First party cookies are really useful. For instance, they mean you don’t have to log in each time you navigate to a new page on a website,” Haken explains. “It is third-party cookies that are more contentious.”
Google joins the FLoC
Unlike Apple and Firefox developer Mozilla – and unsurprisingly given its dependence on advertising revenues – Google is not doing away with tracking altogether. Instead, it aims to replace third-party cookies with its own technology: FLoC.
The system is part of Google’s wider Privacy Sandbox initiative.
FLoC – or ‘Federated Learning of Cohorts’ – allows advertisers to track internet users without revealing their identity. Instead, users will be placed within cohorts, according to their interests.
Internet privacy watchers say it is not yet clear exactly how this will work, although it is understood that browser history will play a part. All information will, though, be processed client side.
Google FLoC allows advertisers to track internet users without the need for cookies
According to a paper provided by Google to The Daily Swig, “federated learning simply means using machine learning and analytics without collecting and storing any raw data away from users’ devices.
“The main advantage of federated learning is that it enables product improvements and privacy without requiring sensitive data to be uploaded to datacenters. Instead machine learning models run on users’ devices and only the results of the computation are securely uploaded to servers.
“This also helps protect against potential risks relating to centralised data collection like theft and misuse of many users’ data at once.” (Google declined to comment further.)
Advertisers will be able to target ads at these interest-based groups. And, as the system combines cohorts, Google should be able to offer more granular targeting.
But it is the intersection between cohorts that raises worries among privacy advocates.
FLoC, and privacy red flags
Removing the need to store web users’ information on servers should boost privacy. And Google argues strongly that FLoC offers stronger privacy controls than third-party cookies, or alternatives such as browser fingerprinting.
Google describes FloC as a “privacy-preserving API”, in part because advertisers only have access to the cohort ID, not the identity of individual users.
But as cohorts shrink – or in advertiser speak, become more targeted – the risk of inadvertent identification grows.
“If I am a trader specialising in performance motorbikes anybody visiting my site will be placed into a cohort based partly on their interest in performance motorcycles,” explains the ISF’s Haken.
“If we say 1,000 people visit my site in one month and 500 of those people also visit a football website, they would in theory become part of the football liking motorcycle enthusiast cohort. If 300 of this cohort also visit sites concerning craft ale a new cohort would be formed and so on.”
DON’T FORGET TO READ Raising the bar: Tiki app aims to hand data ownership back to the individual
The privacy risk would become greater still if cohorts are created based on small geographical areas, or other links, such as to an employer. If just one craft ale-drinking biker worked for a particular employer, it might be possible to identify him or her.
Some interests will be kept out of cohorts – adult sites and medical information will not be tracked, for instance. But, Haken says, these interests are grouped together as ‘sensitive’ by FLoC; the system might not be able to distinguish between a history of viewing adult material from researching, say, Covid-19 symptoms.
Potentially, a website owner with access to their customers’ personal identifiable information could use that data to associate cohorts with individuals, Haken warns.
As yet, it’s not clear exactly how FLoC’s cohorts will work in practice, but Google staff have admitted that the system will not be trialed in the EU, over concerns that it breaches parts of the GDPR and the ePrivacy Directive.
Instead, FLoC is being tested in Australia, Brazil, Canada, India, Indonesia, Japan, Mexico, New Zealand, Philippines, and the US.
Privacy groups have urged caution over the rollout of FLoC
To the barricades: Why is FloC being met with resistance?
Support for FloC outside Google appears to be limited.
Privacy group the Electronic Frontier Foundation (EFF), for instance, describes the technology as “a terrible idea”.
The maintainers of WordPress, the most widely used content management system (CMS), are suggesting that FLoC should be treated as a security issue, while developers working with Drupal, another popular CMS platform, have similar concerns.
“So far, no major browsers besides Google Chrome are planning to include an implementation of FLoC, Joshua Long, chief security analyst at Intego, told The Daily Swig.
“Mozilla, the developer of Firefox, has explicitly stated that it has ‘no current plans to implement [FLoC] at this time’.”
Developers of other Chromium-based browsers, including Brave and Vivaldi, are even stronger in their opposition, even though they share much of the same codebase as Google Chrome.
As of last year, the most-used Chromium-based browser is Microsoft’s Edge.
If Microsoft opts not to support FLoC – and the company is working on its own alternative proposal, Parakeet – the system could struggle to gain traction.
There is also skepticism about Google’s motives.
“What I’ve been saying all along, whether it is FLoC or [other] alternatives to cookies, is who stands to make money here,” Cory Munchbach, a privacy advocate and former industry analyst, and now chief operating officer at customer data platform BlueConic, told The Daily Swig.
“That is why you can insert a layer of skepticism about this proposal. FLoC benefits Google and consolidates their influence under the guise of privacy.”
Most privacy and security experts do concede, however, that FLoC is preferable to the status quo.
Whether many internet users will worry about FLoC will depend largely on their perception of targeted advertising and sharing data.
Without revenues from targeted advertising, some web companies would no doubt struggle, although publishers will, of course, still be able to use first-party cookies.
“We are heading to the point where we need to have a conversation about why we say the internet is free,” says Munchbach. “It’s never been free!”.
Many internet users will no doubt continue to willingly trade privacy for free access to content.
For the rest, blocking FLoC is relatively easy. “The easiest way to avoid FLoC is to use literally any browser other than Google Chrome,” says Intego’s Long. And even Chrome users can block the technology by blocking third-party cookies in the browser settings.
Web developers can opt out of FLoC too. Mainstream web applications are unlikely to be impacted directly, as they use first party, rather than third party, cookies.
An uncertain future for web tracking
The main impact of replacing third-party cookies with FLoC will be on advertisers. To continue tracking, they may have to get on board with FLoC, or accept that advertising can no longer be so finely targeted.
Intego’s Long suspects a cynical motive behind FLoC.
“The whole idea seems to be that, since a lot of people block third-party cookies anyway, Google needed an excuse to develop a new tracking technology that they claim is better than cookies,” he says.
“Google is well known as a company that makes the majority of its revenue from ads and tracking. The fact that everyone else in the industry seems to be saying ‘no’ to FLoC is quite telling.”
Back in the late 1800s, the US retailer John Wanamaker is reported to have said: “Half the money I spend on advertising is wasted; the trouble is I don’t know which half”.
If privacy proponents get their way, that could eventually become true again for online advertisers.
YOU MIGHT ALSO LIKE Google and Mozilla will bake HTML sanitization into their browsers