Home | Ezine | Forums | Links | Contact
NitroExpress.com: Why You Should Avoid Google Chrome’s New FLoC Tracking

View recent messages : 24 hours | 48 hours | 7 days | 14 days | 30 days | 60 days | More Smilies


*** Enjoy NitroExpress.com? Participate and join in. ***

General >> Help desk - IT tips, queries & info

Pages: 1
Yochanan
.375 member


Reged: 26/01/03
Posts: 912
Loc: Volksdiktatur Schweden
Why You Should Avoid Google Chrome’s New FLoC Tracking
      #353376 - 13/05/21 06:23 AM

Why You Should Avoid Google Chrome’s New FLoC Tracking
Google dominates the browser market with Chrome—most of you will use it on at least one of your devices. And so the shocking new warnings about Chrome’s “creepy” new tracking should give you serious reason for concern. It might be time for you to quit.

The headlines this week have been dominated by Apple’s iOS 14.5. Finally we have the long-awaited crackdown on Facebook-style tracking. But while we've been distracted by Tim Cook versus Mark Zuckerberg, Google has quietly been testing its own new tracking on millions of unsuspecting Chrome users. But this secretive update is now coming under intense fire, with blocks and potential blocks, and regulatory concerns.

Part of the wider privacy backlash, fueled by Apple and others, has been a war on the cookie. The digital footprints you leave as you use the internet recognize you as you return to familiar sites but also track your activity, enabling shadowy data brokers to feed your profile to algorithms that pull your strings.

Google plans to banish cookies from Chrome, moving towards what it calls a “privacy first web.” Cookies have eroded user trust, Google says, confirming that it does not plan to replace these with “alternate identifiers to track individuals as they browse across the web.” But the danger for Chrome users is that the first privacy-preserving solution to be launched by Google is arguably little better—and could even be worse.

I’ve discussed FLoC before and its impact on Apple users. But the issue is much wider. Chrome’s Federated Learning of Cohorts algorithmically groups users by common traits—browsing behaviours and inferred characteristics. Each cohort of 1,000+ users has a unique identifier, which is presented to each website a cohort member visits.
MORE FROM FORBES VIDEO

The cohort ID does not detail the common traits that define the group—it’s for the ad industry to work this out. “Advertisers don't need to track individual consumers across the web to get the performance benefits of digital advertising,” Google says, assuring it can “hide individuals within large crowds of people with common interests.”

But however good FLoC might be in isolation and under laboratory conditions, when it’s deployed in combination with other technologies across a vast digital ad industry with billions of dollars at stake, the potential for abuse is huge.

FLoC has been roundly criticized for being tracking, just by another name. “FLoC is bad for privacy,” privacy-first DuckDuckGo warns. “It puts you in a group based on your browsing history—any website can get that group FLoC ID to target and fingerprint you... It's like walking into a store where they already know all about you!”

What DuckDuckGo means is that the enterprising digital ad industry, and the shadowy data brokers behind the scenes, can combine a FLoC ID with other data, such as your IP address, which means “you can continue to be tracked easily as an individual.”

None of Chrome’s main rivals have signed up to FLoC, with most watching to see what happens, albeit some are already critical. Mozilla told me “we don’t buy into the assumption that the industry needs billions of data points about people, that are collected and shared without their understanding, to serve relevant advertising.”

Vivaldi has gone further, “Google’s new data harvesting venture is nasty,” it said in a blogpost this month, describing FLoC as “a dangerous step that harms user privacy.”

I would be surprised if Google is still giving you the “privacy first” message, the head of privacy for another competing browser told me this week, dismissing FLoC’s privacy claims as “beyond the point of being taken seriously.”

DuckDuckGo has developed its own Chrome extension “to block FLoC's tracking,” but its advice is more simple than that: “Don't use Google Chrome,” it says. “Right now FLoC is only in Google Chrome, and no other browser vendor has expressed an intention or even interest to implement it.”

Meanwhile, EFF has launched a website that enables users to check if they have been enrolled into the initial Chrome FLoC trial. Because, if the privacy concerns around FLoC were not worrying enough, this early “origin trial” is co-opting millions of Chrome users into FLoC without any warning, notification or opt-out.

There’s something deeply unnerving about Chrome’s FLoC trial. It is difficult to find any justification for enrolling users without them opting-in. Doing so would likely contravene European GDPR regulations, and so Europeans are not impacted—yet.

But at the same time, it’s wholly unsurprising. Apple’s release of iOS 14.5, and the media firestorm that has built over recent months, centers on how unlikely it is that users will opt in to being tracked. Yet, the vast digital advertising industry needs this tracking to feed on itself. An Apple-like “allow Chrome to track you, yes or no,” even with its “anonymization” caveats, would likely yield a poor uptake.

As EFF cautions, users assigned to a cohort run the risk that “trackers may be able to reverse-engineer the cohort-assignment algorithm to determine that any user who belongs to a specific cohort probably or definitely visited specific sites.”

“Observers,” EFF says, meaning ad industry data analysts, “may learn that in general, members of a specific cohort are substantially likely to be a specific type of person. For example, a particular cohort may over-represent users who are young, female, and Black; another cohort, middle-aged Republican voters; a third, LGBTQ+ youth.”

GitHub has already blocked FLoC and a WordPress technical meeting debated treating it as a security issue. “WordPress should be taking an Apple like stance on privacy,” said one contributor, albeit another argued “it has nothing to do with security... disabling something in disguise of ‘security’ is taking away [user] choice.”

WordPress “powers” more than 40% of the web, which is why this debate has serious implications for Chrome’s successful (or otherwise) FLoC deployment. After the debate, the WordPress security team determined that FLoC is not a security issue—but it is a privacy issue, and its technical deployment remains under debate.

The real issue is whether FLoC actually prevents so-called fingerprinting, assembling unique digital identities for individual users by harvesting the digital trails left online.

“FLoC’s approach increases the risk of users being identified across sites, profiles and browsing sessions, by adding significant fingerprinting surface,” a Brave spokesperson told me this week. “FLoC exposes additional, new information about you (identified as you specifically) to sites who already know who you are.”

The issue isn’t FLoC itself but the combination of multiple data sources. Remember, a website and its trackers can collect information on you when you visit, especially when they know who you are anyway, because you've joined or transacted in the past. Your cohort ID just becomes another data point, helping algorithms understand you better.

Worse, your cohort might connect you to a sensitive demographic or interest group or political affiliation, albeit Google says it will try to stop this. And because cohorts are recut weekly, if a website or data broker has its own unique identifier for you, then it can build up a list of the multiple different cohorts you might be assigned to over time.

“The idea that Google can decide which behaviors count as ‘private’,” Brave told me, “and that such a determination would be the same for everyone, is nonsensical, unethical, and reflects a deeply cynical conception of privacy.”

Google, meanwhile, has told me that “we strongly believe that FLoC is better for user privacy compared to the individual cross-site tracking that is prevalent today. The FLoC origin trial is an early but important step toward the Privacy Sandbox's goal of an open web that is both private by default and economically sustainable.”

Economically sustainable is a soft way to refer to surging billions of dollars in ad revenue. The argument for relevant advertising is that it benefits websites that can better monetize traffic to fund their operations and that it enables companies of all sizes to better target customers. But follow the money. The $80 billion-plus and $100-billion-plus in ad revenues generated by Facebook and Google tells you the real story.

“It would be better for privacy,” those behind FLoC argue, “if interest-based advertising could be accomplished without needing to collect a particular individual’s browsing history.” The issue, of course, is that FLoC doesn’t remove every other form of tracking and analysis, but it does add to them.

Unless and until the digital ad industry is forced to rethink its approach, wholesale, the onus is on us to take control of our own privacy, at least by determining which apps and browsers we use. Until we select platforms that protect our privacy, and avoid those that don’t, we cannot feign surprise at the data leaks and spyware apps that fill our computers and phones, siphoning our data for the brokers that pay their way.
Chrome Vs Rivals

Chrome Vs Rivals Apple App Store / @UKZak

Google has made its intentions clear with Chrome—building cohort tracking into the very fabric of the browser. Never before has the difference between Chrome and Safari, DuckDuckGo, Brave and Firefox been clearer. Just as with the privacy label disparity I disclosed last month, Chrome is becoming more of a an outlier and its vast army of users need to decide if privacy matters enough to them to do something about this.

“Google doesn’t care about protecting user privacy,” DuckDuckGo warned at the time, “they care about protecting their surveillance business model. If they really cared about privacy, they would just stop spying on billions of people around the world.”

This year is proving to be a watershed for user privacy—never have you had so many options to protect your privacy, but that privacy has never been more under threat.

Whatever your views on the longer-term future of targeted ads and user tracking, though, you should certainly avoid being secretly enrolled into a large-scale trial without your knowledge. This is 2021, after all, not 1984.
Zak Doffman
https://www.forbes.com/sites/forbes-pers...sh=76deae8a10a2

--------------------
© "I have never been able to appreciate 'shock' as applied to killing big game. It seems to me that you cannot kill an elephant weighing six tons by ´shock´unless you advocate the use of a field gun." - W.D.M. Bell: Wanderings of an Elephant Hunter.


Post Extras: Print Post   Remind Me!   Notify Moderator  
Pages: 1



Extra information
0 registered and 166 anonymous users are browsing this forum.

Moderator:  NitroX 

Print Topic

Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      UBBCode is enabled

Rating:
Topic views: 1383

Rate this topic

Jump to

Contact Us NitroExpress.com

Powered by UBB.threads™ 6.5.5


Home | Ezine | Forums | Links | Contact


Copyright 2003 to 2011 - all rights reserved