Mozilla analyzes FLoC’s privacy issues
As mainstream browsers have begun to ban third-party cookies, Google, which relies on advertising for most of its revenue, has proposed an alternative – Federated Learning of Cohorts (FLoC), which claims to be able to obtain users’ online behavior while protecting user privacy.
However, FLoC quickly caused controversy. Even if Google emphasized that FLoC is more privacy-friendly and can track users less, many Chromium-based browser developers have decided to disable FLoC. Even the Electronic Frontier Foundation (EFF) also thinks FLoC is a bad idea.
Firefox browser developer Mozilla analyzed FLoC and found that it has multiple privacy issues. FLoC uses an identifier that represents a group of users with similar interests. This identifier may represent thousands of users, but this does not mean that it cannot be used to track a single user This is because the user’s interest will change, as the interest changes, the FLoC ID will also change.
The FLoC ID is recalculated approximately once a week, and the website can track a single user by combining the weekly FLoC ID. In addition, in cookie-based tracking, the amount of information a tracker obtains is determined by the number of websites it embeds.
Mozilla pointed out that a website that wants to understand user interests must participate in tracking users on a large number of websites, cooperate with some reasonable large trackers, or cooperate with other trackers. Under the loose cookies policy, this type of tracking is directly synchronized using third-party cookies. However, when third-party cookies are blocked (or isolated by site in TCP), it is more difficult for trackers to collect and share information about user interests between websites
FLoC is premised on a compelling idea: enable ad targeting without exposing users to risk. But the current design has a number of privacy properties that could create significant risks if it were to be widely deployed in its current form. It is possible that these properties can be fixed or mitigated — we suggest a number of potential avenues in our analysis — further work on FLoC should be focused on addressing these issues.