Categories
Privacy Tech

Google’s FLoC: What it is, why it’s bad and how to opt out

Third-party cookies are going extinct for good. Ahh, the days of consent popups. However, that doesn’t mean the tracking behavior is going away anytime soon. As a replacement for cookies, Google is introducing a new tracking method called Federated Learning of Cohorts, or FLoC for short. Google says it will better protect user data, but as we all know, Google isn’t the best when it comes to privacy. But what exactly is it anyway, and is it as good as Google claims?

Google’s Privacy Sandbox initiative

FLoC: Google’s proposed method to track you without cookies

FLoC lets advertisers use behavioral targeting on you without knowing who you are or using cookies. It runs natively in the browser and tracks your behavior through your browsing history, preferences, and activities. Then, it will assign the browser an identifier and put the browser in a “cohort” – a group that’s supposedly large enough to make you anonymous to the ad companies. Everything you do on the Internet is combined and calculated into a cohort ID. That ID would then be displayed everywhere you interact.

SimHash – the algorithm which Google uses for FLoC – does the job and calculates the ID on a weekly basis based on your activity the past week.

Okay, that sounds good though, why is it bad?

Third-party cookies generally have access to only a certain and small part of a user. However, with FLoC, it’s just not the case at all.

Predictability

Firefox and Safari had removed third-party cookies before Google, so Google ending it now is reasonable. But the replacement they proposed can and does track much more information compared to third-party cookies. They’re replacing a bad thing with a worse one, and that directly puts users at risk.

As I mentioned above, when you’re using Chrome with FLoC enabled, the data is put in a cohort ID. That ID contains everything you do on the Web, so Google and large corporations can easily predict everything about you, from your interests, demographics to your behavior. In other words, Google will know you way more than they already do now.

Browser fingerprinting

The most notorious issue that every security researcher is pointing at is browser fingerprinting. It’s the practice of collecting every small aspect of your browser (e.g: the browser languages, your cookie preferences, your timezone, your screen resolution, etc.) to create a unique and identifiable profile for the browser. To date, no browser has been able to stop fingerprinting entirely, because the metrics it uses are necessary for the website to display properly.

If FLoC gets adopted, it’ll give advertisers and organizations whatever they want and make fingerprinting go to the next level.

Linking of information through services

A lot of services allow you to log in using your Google Account. Because of this, there’s a possibility that they will tie the information they get through your Google profile to your cohort ID, and combining both information gives them a very detailed digital footprint of who you are.

Google is currently testing FLoC on 0.5% of Chrome users from Australia, Brazil, Canada, India, Indonesia, Japan, Mexico, New Zealand, the Philippines, and the US.

Will my browser implement FLoC?

If you’re using Chromium-based browsers apart from Chrome, you won’t need to worry, because no major browsers other than Chrome will support or join it for now. To summarize: Brave, Vivaldi, Opera and DuckDuckGo announced that they will block FLoC.

Microsoft, Firefox and Apple all said that they have no plans to implement it at this point of time, but are still evaluating.

I’m using Chrome, am I FLoC-ed?

To find out if you’ve been added to the experiment, visit EFF’s site “Am I FLoCed?” and click on the “CHECK FOR FLOC ID” button.

EFF’s “Am I FLoCed” site

How do I opt-out of FLoC?

For users

Don’t use Chrome. Migrate to another browser.

If you need Chrome however, there’s 2 methods to disable FLoC:

Method 1: Go into the browser settings and disable third-party cookies. This will also disable FLoC.

Method 2: Disable “Privacy Sandbox trials” to disable FLoC and prevent Chrome from enabling it in the future, if that option is available.

You’ll find both options on Chrome’s Settings screen. On Windows, click Menu (the 3 vertical dots) > Settings. On a Mac, click Chrome > Preferences.

For website owners

Websites can take steps to protect the privacy of their users by opting out of FLoC, which would be applicable to all their visitors. It’s done by simply sending the following Permissions-Policy HTTP response header:

Permissions-Policy: interest-cohort=()

For sites using WordPress, you can install Roy Tanck’s Disable FLoC plugin to opt out your website from FLoC. If you don’t want to install a plugin, copy and paste this code in your functions.php file:

/**
* Disable Google FLoC.
*/
function disable_floc($headers) { $headers['Permissions-Policy'] = 'interest-cohort=()'; return $headers; } add_filter('wp_headers', 'disable_floc');

I hope this helped you understand FLoC and its impact on your privacy! If you have any questions, leave a comment and I’ll do my best to answer!

Leave a Reply

Your email address will not be published.