Computer scientists from MIT Media Lab have exhumed the corpse of Google’s FLoC ad targeting scheme and found that it lacked its key advertised ingredient: privacy.
“FLoC provides a privacy-preserving mechanism for interest-based ad selection,” explains Sam Dutton, Google Chrome developer advocate, on Google’s web.dev site.
It was to have been one of a number of technologies with bird-themed names within what Google optimistically calls “The Privacy Sandbox” – an initiative “to create technologies that both protect people’s privacy online and give companies and developers tools to build thriving digital businesses.”
As an alternative to the current privacy hellscape – wherein websites and their embedded tracking scripts can identify visitors, know what websites they’ve visited, and serve them ads linked to all manner of personal characteristics and conditions – FLoC aimed to aggregate website visitors into numbered groups called cohorts. These cohorts corresponded to various interest categories derived from people’s browsing histories, but without making those people identifiable or exposing their browsing histories.
In theory, websites implementing FLoC could send a visitor’s cohort identification number to an ad server and fetch an ad likely to align with the visitor’s past browsing behavior without being able to surmise the identity of the visitor.
How FLoC worked
But FLoC barely made it off the ground. Following its initial code commit in August 2019, and its Chrome browser trial in early 2021, Google allowed its experiment to expire without renewal in July 2021, in order to make unspecified changes. Then, in January 2022, Google dispersed FLoC and replaced it with another interest-based ad scheme, also ostensibly privacy-preserving, called the Topics API.
Undaunted by rival browser makers like Apple, Brave, and Mozilla, or advocacy groups like the Electronic Frontier Foundation, who have questioned both Google’s motives and its technology, Google keeps repeating the word “privacy” in connection with its still-experimental adtech stack.
Yet in a recent research paper titled “Privacy Limitations Of Interest-based Advertising On The Web: A Post-mortem Empirical Analysis Of Google’s FLoC,” MIT Media Lab doctoral students Alex Berke and Dan Calacci argue that FLoC failed to provide privacy, and put personal information at risk.
Privacy advocates expressed those concerns about FLoC when it was being tested. But Google never revealed how its tests went, leaving observers to wonder about the results. So Berke and Calacci decided to investigate.
The two academics set about implementing FLoC using available open source code. They computed cohorts – interest groups – for users based on a dataset of more than 90,000 devices from about 50,000 households across the US, complemented by demographic data from those households.
Their analysis indicated that FLoC’s critics were spot-on, and they speculate that FLoC’s privacy problems were what led Google to trade FLoC for the Topics API.
“First, contrary to its core aims, FLoC enables the tracking of individual users across sites,” the paper states. “We find that more than 95 percent of user devices are uniquely identifiable after only four weeks. We then show how these estimates are extremely conservative, and that this risk increases with the use of common device fingerprinting methods.”
However, FLoC was not entirely without merit. The researchers note that while there’s a relationship between sensitive user demographics like race and income and browsing behavior, the FLoC algorithm they tested did not group users into cohorts based on race or income. That counts for something.
Berke and Calacci argue that those developing this sort of technology should publish tools, sample datasets, and code – as they have done – to allow other researchers to test whatever claims are being made.
“Google canceled FLoC in favor of a new approach (Topics), which is a more privacy-preserving step in the direction towards advertising based on contextual content,” the paper explains. “However, like FLoC, it is still premised on tracking users’ browsing behaviors and future work will need to demonstrate that this new approach goes far enough to preserve user privacy.” ®