EFF tells Google that replacing tracking cookies with FLoC can cause problems

The Electronic Frontier Foundation (EFF) has criticized the FLoC API promoted by Google as part of the Privacy Sandbox initiative, since Chrome 89 has begun the experimental implementation of a series of APIs that can replace third-party cookies used to track movements.

With that in the future, Google plans to completely remove the use of tracking cookies and end Chrome's support for third-party cookies that are set when visiting sites other than the current page domain.

The FLoC API is designed to determine the user's interest category without individual identification and without reference to history visits to specific sites.

flock allows you to highlight groups of users with similar interests without identifying individual users. User interests are identified by 'cohorts', short labels that describe different interest groups.

Cohorts are calculated on the browser side by applying machine learning algorithms to browsing history data and content that is opened in the browser. Details remain with the user, and only general information about cohorts that reflect interests and allow them to deliver relevant advertising without tracking a specific user is transmitted to the outside.

According to the EFF, the proposed API can replace some problems with others. If any site can obtain tags about interests, the conditions are created for the discrimination of the users, according to their preferences and points of view, as well as the active use of predatory targets.

Rather than abandon targeting entirely, Google is trying to replace the previous orientationr with a new method guidance with their own problems.

Some of his proposals show that he has not learned the right lessons from the ongoing reaction to the surveillance business model. This post will focus on one such proposition, Federated Cohort Learning (FLoC), which is perhaps the most ambitious and potentially the most damaging.

EFF believes that it is up to the user to decide what information to transmit to each site and not worrying about the fact that traces of your past activity can be used to manipulate you when opening sites. The introduction of FLoC may lead to the fact that information about user behavior will be like a stigma to follow you from one site to another.

New risks include:

  • The appearance of an additional factor for the hidden identification of the user's browser ("browser fingerprint"). Although the FLoC cohorts will reach thousands of people, they can be used to improve the accuracy of browser identification when used in combination with other indirect data such as screen resolution, list of supported MIME types, specific parameters in headers (HTTP / 2 and HTTPS), installed plugins and fonts, availability of certain web APIs, graphics card-specific rendering functions with WebGL and Canvas, CSS manipulation, keyboard and mouse functions.
  • Provide additional personal data to trackers that already identify users. For example, if a user is identified and logged into their account, the service can explicitly map the data about the preferences specified in the cohort to a specific user and, when changing cohorts, track the transformation of preferences. .
  • Reverse engineering of visit history based on cohort data is not excluded. Analysis of the cohort allocation algorithm will allow judging which sites the user is likely to visit. It is also possible to draw conclusions on the basis of cohorts about age, social status, gender orientation, political preferences, financial difficulties, or adversity experienced.
  • Discrimination based on user preferences. For example, job offers and loans can vary based on ethnicity, religion, gender, and age. Loans at inflated interest rates can be imposed on money-strapped users, and demographic and political preferences can be used to increase the credibility of misinformation.

Source: https://www.eff.org

The content of the article adheres to our principles of editorial ethics. To report an error click here!.

Be the first to comment

Leave a Comment

Your email address will not be published.



  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.