Google’s new proposal for targeted ad tracking has a number of properties that could pose “significant” privacy risks to users, according to Firefox maker Mozilla.
On Thursday, Firefox published the results of an analysis from Google’s Federated Learning Cohort Proposal, or FLoC. Google believes that the new “privacy preservation” system could be used to replace third party cookies for ad tracking purposes. Rescorla, however, says there are significant privacy issues with the system.
FLoC works by using a new “cohort” identifier. Compared to cookies, “cohorts” identify a group of users with similar interests rather than a single person. Advertisers can use these cohorts for ad tracking purposes without requiring a specific user’s browsing history.
However, the cohorts are likely to only consist of thousands of users. That could allow trackers to target specific users very quickly, wrote Firefox CTO Eric Rescorla.
For example, tracking companies could use browser fingerprints to narrow the list of potential users in a cohort to just a few. Firefox says the trackers would only need “a relatively small amount of information” when combined with a cohort of FLoC.
Additionally, trackers could use combinations of FLoC IDs within a specified period of time to distinguish individual users. That’s because neither FLoC identifiers nor user interests are constant.
FLoC identifiers also filter more information than cookies. Unlike site-specific cookies, FLoC IDs are the same across websites. So “they become a shared key to which crawlers can associate data from external sources.”
For example, a crawler with a significant amount of first-party data of interest might operate a service that only answers questions about the interests of a given FLoC ID. For example, “Do people with this cohort ID like cars?” All a site has to do is call the FLoC APIs to get the cohort ID and then use it to look up information in the service. Also, the ID can be combined with fingerprint data to ask “Do people who live in France, have Macs, run Firefox and have this ID, like cars?” The bottom line here is that any site will be able to learn a lot about you with much less effort than you would need to spend today.
Google has proposed several countermeasures to mitigate these privacy concerns, including including FLoC on websites and removing cohorts that it believes are too connected to “sensitive” topics. However, Firefox believes that they are not enough.
“While these mitigations appear useful, they mostly appear to be margin enhancements and do not address the basic issues described above, which we believe require further study by the community,” Rescorla wrote.
He added that problems would only be a problem if FLoC was removed in its current form; could still be fixed. Mozilla has released more information and offered some potential solutions, in a deeper analysis.
Since the announcement of the FLoC proposal, several browser companies, including Brave, Vivaldi, and Opera, have spoken out against the idea.
Follow all WWDC 2021 with complete information AppleInsider One-week event coverage June 7-11, including details on iOS 15, iPadOS 15, watchOS 8, macOS Monterey, and more.
Stay on top of all the Apple news right from your HomePod. Say “Hey Siri, play AppleInsider” and you’ll get the latest AppleInsider podcast. Or ask your HomePod mini “AppleInsider Daily” instead and you’ll hear a quick update straight from our news team. And, if you’re interested in Apple-centric home automation, say “Hey Siri, play HomeKit Insider” and you’ll be listening to our new specialized podcast in no time.