Google has some good press a few weeks ago when it was in a blogpos that he will continue with his plans to remove third-party cookies from the Chrome browser. The move was announced early last year as part of the company’s Privacy Sandbox initiative, but now Google has said it does not intend to replace the cookies with a similar, replacement technology. Other browsers, including Safari and Firefox, already block third-party trackers, but since Chrome is by far the most popular browser in the world, with a market share in the 60-something percentage range, the news is widely considered a big step towards the end of hiring companies to target ads by locating people on the internet. “Google plans to stop selling ads based on individuals’ browsing of multiple sites” The Wall Street Journal post it.
However, this news has received some skepticism – and not just because Google, like other technology giants, has not always met similar commitments. Even at first glance, Google’s plan is hardly a change in the sea for privacy. It’s not even true that you should not allow more ads based on people’s browsing habits when researching them. Google’s announcement is a classic example of what your privacy theater might call: although marketed as a step forward for consumer privacy, it does little to change the underlying dynamics of an industry based on surveillance-based behavioral advertising.
To understand why, you need to look at what the business is actually planning. This is difficult because there are many suggestions in Google’s privacy sandbox, and it has not confirmed which suggestions will be implemented, or exactly how. They are also all very technical and leave open questions unresolved. I spoke to several professional online privacy experts, people doing it for a living, and interpretations varied. Yet the basic expositions are clear enough.
The most important proposal is something called Federated Learning of Cohorts, or FLoC. (This is pronounced ‘herd’. All the Google suggestions, somewhat charming, have bird-themed names.) Under this suggestion, Chrome itself will do the tracking instead of having someone track you from site to site. Then it will sort you into a small group, or group, of similar users based on common interests. When you visit a new website, advertisers will in theory not see you, Jane C. Doe; they will only see to whichever group you belong, say but thirty something unmarried white women interested in Bluetooth headphones. As the blog post, by David Temkin, Director of Product Management, Privacy and Advertising Confidence, puts it, FLoC will allow Chrome to ‘hide individuals from large crowds of people with common interests’. He cites technology as a step towards a future where there is no need to sacrifice relevant advertising and monetary earnings to deliver a private and secure experience. ‘
Privacy experts outside of Google have asked questions about exactly how secure the experience will be. Writing for the Electronic Frontier Foundation, Bennett Cyphers notes by dividing users into small groups, it can actually be easier to ‘fingerprintThey use information about someone’s browser or device to create a stable identifier for that person. As Cyphers points out, fingerprinting must gather enough information to distinguish one user from all. If sites already know someone is a member of a small group, they just need to differentiate them from the rest of the group. Google says it will develop ways to prevent fingerprints, but has not outlined its plans.