FLoC stands for Federated Learning of Cohorts which aims to target advertising better without it directly relying on singularly personal information.
FLoC enables ad selection without sharing the browsing behaviour of individual users.
FLoC provides a privacy-preserving mechanism for interest-based ad selection.
As a user moves around the web, their browser uses the FLoC algorithm to work out its "interest cohort", which will be the same for thousands of browsers with a similar recent browsing history. The browser recalculates its cohort periodically, on the user's device, without sharing individual browsing data with the browser vendor or anyone else.
That's a very interesting move. The patch seems fairly small, but now it's a patch that Brave needs to maintain and update every time they merge a new upstream version.
That's what makes me wary of the whole Chromium fork concept. Every time Brave/Vivaldi/Edge/etc decide to take a different path from Google's they effectively add to their maintenance burden forever, even if like in this case they actually disable an unwanted feature.
How long until the list of patches to backport for every new version of Chromium becomes so large that they have to pick and choose which one to keep maintaining and which one to give up on? If tomorrow Google decides to push a very deep change to the way, say, extensions are handled that makes them less effective at ad blocking, will Brave accept the burden to suddenly have to maintain a very deep fork of the browser in order to maintain old functionality?
I'm effectively FUDing right now, but my concern is genuine. I'm very perplex that you can make an effectively anti-ad, pro-privacy browser based on the source code of one of the biggest ad companies in the world.
Seeing:
document.interestCohort
Good to see Brave sticking to their privacy guns. FLoC is a brazen attempt for Big Ad (aka. Google and its ilk) to keep their spying-on-users gravy train going, now that GDPR and similar laws are making their old methods illegal (without consent).
No one wants to consent to being spied on, so FLoC is circumnavigating the GDPR consent requirements, letting them spy on all Chrome-users without consent.
Is there any evidence behind the idea that FLoC is more privacy-preserving than third-party cookies? Intuitively that is not obvious to me at all, especially given there are so many other fingerprinting techniques it could be combined with.
If you want to temporarily enable FLoC for some reason, start Chrome with the following flags (from [0]):
--enable-blink-features=InterestCohortAPI --enable-features="FederatedLearningOfCohorts:update_interval/10s/minimum_history_domain_size_required/1,FlocIdSortingLshBasedComputation,InterestCohortFeaturePolicy"
Sites that respect user privacy can disable FLoC on the server side. I’ve already done so with the five that I manage.
The recursive irony here is that Alphabet implemented FLoC to put a moat around tracking adtech, and Brave consumes Chromium for its own means of generating revenue from vending a browser (BAT), so of course there’s no reason to propagate FLoC.
While FLoC does sound like a bad idea, I think it would be helpful if critistism was coupled with counter proposals. What do the critics see as ideal solution here: making all of the free services paid? having just more content-based ads? or something different?
For those who like me wonder what is FLoC : https://github.com/WICG/floc
Good.
Brave is a really, really great alternative to Chrome. I started using it about a year ago, and it is pretty much Chrome, with less ads and spyware in it. Great software.
Bad Voltage did a good show recently dedicated to FLoC.
The ecosystem is broken, add work but many products have marketing costs built into them that are over 30% of what you pay for, in some cases, over 50% of your monthly fees are marketing expenses. In fact, in SaaS software, a world class company spends 33% (3:1 CAC ratio) on sales and marketing. I don’t mind ads or even having embedded marketing costs in the products I buy, what frustrates me is how long and hard I have to work in addition to all of the waste on marketing to find what a product does, what it costs, what it’s strengths and weaknesses are. And google does nothing to help. I get millions of pages to read, thousands of reviews (many of them fake) and at the end of the day, everyone of us has to waste our time figuring these things out. Go shop for auto insurance or a mortgage or a new piece of software or anything that costs over $1000 annually and you will see what I am talking about.
What's going to happen is that sites will enumerate which FLoC IDs represent which set of interests, and just use send that data off together with whatever unique ID they're already tracking you with.
You can do this by just setting up a new profile and visiting various pages, then checking what the FLoC ID is. See here for an example by Jonathan Foote: https://twitter.com/footePGH/status/1380568421490905088
It's based on your browsing history, so companies will now be able to get an aggregate of your interests without having to actually track you across other sites.
My questions about FLoC are who controls the definitions of cohorts? Is it possible for someone to take advantage of cohort information in a way which leaves Google completely out of the loop? Do users (and system administrators) have any control over what cohort information is saved or transmitted by the browser? If they do have control over it, is it enforceable? (e.g. The DNT header is useless because services are not compelled to obey the request.)
I will never feel bad about using adblock. The sites can die for all I care, I'll just use something else. Will never tolerate ads, ever.
Too many folks commenting here seem to think that FLoC doesn't compromise privacy, when it is yet another bit of differentiation that can be used to fingerprint a browser.
It's a particularly granular one, as well, placing users into manageable cohorts of only a few dozen thousands in size, or so is claimed.
Combine FLoC with a handful of other fingerprint bits and you can track an individual.
I think there should be an option where you either pay for content you consume on the web or targeted (aka efficient) advertising pays for it. All I care about is my PII information not to leak and be accessible to random people.
I don't see any other way and I can't see what these people at EFF are arguing for? It's easy to just keep saying no to everything.
I wonder how long, before Google sabotages Chromium to hurt Brave and other downwards forks?
Check whether your Chrome is FLoCed: https://news.ycombinator.com/item?id=26755313.
Context: Chrome is doing an origin trial on FLOC since march 30: https://sites.google.com/a/chromium.org/dev/Home/chromium-pr...
To my knowledge, it's not yet available as a public web API.
Vivaldi:
>document.interestCohort()
>VM131:1 Uncaught TypeError: document.interestCohort is not a function at <anonymous>:1:10
Sorry if this has been asked before but why does google need any of this? Assuming a user is logged into Google, Google already knows a lot about the user.
Is this about users who are not logged into google? Is this to share information with vendors such as WPP? What is the point of this?
Blog post today from us on this topic: https://brave.com/why-brave-disables-floc/
FLoC is new to me .. a quick check Chrome Browser on a chrome-book shows
Federated Learning of Cohorts - Version: 1.0.6
Chrome : 89.0.4389.116 (Official Build) (64-bit)It's possible to disable the field trial in regular Chrome too:
--disable-blink-features=InterestCohortAPI,InterestCohortFeaturePolicy
How this is actually going to go -- people will find out in x months/years that it's fairly easy to create a cohort of 1, if you do enough filtering. The only issue is that now it's ostensibly outside of the scope of GDPR.
It's already happened with facebook targeting[0], imagine how much more specific the information at Google is.
[0]: https://medium.com/@MichaelH_3009/sniper-targeting-on-facebo...
care to explain what is Brave and what is FLoC?
can we just go back to the days of bonzibuddy and be happy with the internet?
I'm going to be that guy tonight. I never post online. I don't see value in posting online. But I feel as if I have to weight in on this conversation.
I run an online business. I depend on ads. I hate being tracked.
Here's the deal, Google is tracking you no matter what. Even if they aren't using your information for advertising, you still feed them all the best first party data in the world. You give them your search queries, emails, your phone location etc..
Your information is valuable. Even if you block online advertising, you are still going to be targeted in the real world the same way.
Facebook, yes they are shitty too, but again, they are fed all this information. Now, their information is 3rd party. They get pixel fires about you that allow them to coorelate data about you, but it isn't first part exactly.
In the advertising world you target the person or you target on page. The issue with on page is there just isn't enough content about a subject to target and frankly, just beacuse you read something, doesn't mean you are interested in buying it.
I don't care if it's a cookie, or FLoC, or what ever, people are going to be monitored, it's too large of a business. As an individual if you are afraid of it, you have the choice to use Brave or what ever. But at large scale, most people don't care. I believe that this tracking rhetoric is dangerous. At least we are having the conversation about tracking and allowing the people who don't want to be tracked to avoid it. If it were the inverse, these things would still happen behind closed doors, because it's extremely profitable.
Governements have been tracking people forever. Some choose to do evil, populations revolt. People can always beat governments.
Yes I am bias becuase my business does depend on paid advertising like many others. I understand the "big brother" effect. But I also know that other agencies (NSA/CIA) are already doing these things and are either forcing the tech companies to collect the data and share it or are willing to do it. The fact that we all focus on private companies being the crux of the problem and aren't focus on the 3 letter agencies.
Either way, we live in new uncertain times and the US economy has always been about consumerism. These ads have generated incredible amounts of wealth for indvidiaul companies and the tech companies. I do agree that Google makes too much money. As an advertiser, I know that their algorithm is essentially a black box and as an advertiser we are getting fucked. We have no real transparency that our bids are true. We are hoping to hit a CPA and just keep to it.
I can tell you that in the last 2 years, online advertising performance has dropped a lot. It's a combination of people having less money and our economy doing worse and there's a lot more competition. I suspect that these companies are inflating their bids artificially. We know that Facebook penalizes people it doesn't like but provides absolute no transparency on the system. These penalties also cost you more money - which is bullshit.
All of these companies have no support to contact and you are at the beck and whim of a 3rd world outsourced tech support agent that can't do anything.
To summerize. I agree tracking is bad. But you offer all of your data up every time you use email or a search engine. It's all collected and there is no better alterantive. At least these companies are providing a service for businesses to thrive. I think they make wayyyyy too much money. If you think disabling FLoC is going to stop anyting, you havn't looked at the big picture.
If people want to stop being tracked, get off the internet, don't use a search engine, don't use email. But that isn't practical. If you think any of these "Privacy Safe" companeis are doing anything other than just charging you and still handing your data over to what ever 3 letter agency requests it under an NSL, you're crazy.
Wow, that was...brave...
What is wrong with FloC and what's a better alternative?
Brave is a web browser, and I found this in the code: federated_learning::kFederatedLearningOfCohorts, I suppose that's what FLoC stands for.
Disabling FLoC is reactionary, performative, and honestly, counterproductive.
Ad industry: "Look. We listened to your concerns about ad privacy. Here's a solution that gives you everything you want. Now we can serve interest-based ads without tracking you across the internet. You win."
Brave: "We don't want a solution. We want to be sanctimonious and angry!"
Instead of more palatable user tracking, how about we tell advertisers and internet companies: fuck off, we don't want any tracking? How about we hunt down and eliminate all features that allow cross-site information sharing? How about we treat attacks on user privacy as security problems of the web standards, Ã la Tor, and build technology that aggressively hides any user signature in any layer, from rotating IP and MAC addresses to user agents, referers and canvas leaks?
But wait you say, how would the very useful internet ecosystem survive without advertising revenue? Well, there is nothing wrong with advertising per se, it's a natural part of a free market economy. It's ok to target ads to the user's search terms or social feed. The problem is that, in the pursuit of advertising revenue, a cutthroat economic competition pushed advertisers to mine more and more personal data simply to stay competitive. It's a low sum game: it doesn't bring much more money in advertising or make the internet significantly more useful, but it destroys the privacy of everyone. A spectacular market failure ripe for correction.