Browser makers, now including Mozilla’s Firefox, are already ditching Google’s proposed cookieless ad targeting method FLoC

acxiom privacy

Privacy-centric browser Brave and browser extension DuckDuckGo have decided to block Google’s proposed method of tracking and targeting ads to groups of people without cookies, and now Mozilla tells Digiday it, too, has no plans to implement Google’s FLoC — or Federated Learning of Cohorts — in its Firefox browser.

“We are currently evaluating many of the privacy preserving advertising proposals, including those put forward by Google, but have no current plans to implement any of them at this time,” a Mozilla spokesperson told Digiday.

Those proposals thwarted by Mozilla and others have been put forward by Google as part of its Privacy Sandbox initiative which includes a variety of tactics the company has introduced — some developed in conjunction with other participants in the open-source environment of the Worldwide Web Consortium — to mimic long-used practices enabled with third-party cookies for tracking individuals, targeting ads and measuring their effectiveness. 

“We don’t buy into the assumption that the industry needs billions of data points about people, that are collected and shared without their understanding, to serve relevant advertising,” said the Mozilla spokesperson. The company enables enhanced tracking protection by default in its Firefox browser, which is used by less than 4% of global web users, according to Statcounter. 

Brave, another browser marketed as a privacy-protecting alternative to Google’s Chrome browser, said on April 14 it “has removed FLoC,” citing in a blog post its concerns that the technique, “harms privacy directly and by design” because it “tells sites about your browsing history in a new way that browsers categorically do not today.” Though a reliable measure of Brave’s user base is not available, the company’s share of the browser market is likely a sliver of even what browsers like Firefox or Apple’s Safari — which garners around 20% of the market — have.  

DuckDuckGo, yet another company that sells itself as a defender of personal data privacy, also said earlier this month it will let people using its Chrome extension tool block FLoC. The company also said it has configured its search product to opt out from FLoC tracking whether or not people use its browser extension.

The adversarial drumbeats knocking FLoC grow louder even as testing of the targeting approach gets underway in the U.S. and other countries. However, as privacy concerns stall trials in Europe and others including a U.S. lawmaker, criticize its potential discriminatory impact, Google’s FLoC will live on for now in the search giant’s own Chrome browser, which happens to be the world’s most prolific browser. That means advertisers, publishers and Google’s ad tech partners will have every intention of giving it a try.

“Even if Chrome is the only browser where [FLoC is] enabled, it has massive scale,” said Ian Trider, vp of real time bidding platform operations at ad tech firm Centro, who added that ad inventory won’t be affected if other browsers don’t allow it. “Ads can be served on sites loading on those browsers. FLoC just won’t be available as a targeting technique,” he said.

Why FLoC needs browsers

FLoC needs browser support in order to work. The cookieless targeting method uses an algorithmic process inside the browser to generate cohorts composed of at least one thousand people based on the sites they have visited in recent days, the content on pages they viewed and other factors. Google assigns a FLoC ID to each cohort, or group of people, without including any individual-level data. FLoC is one of Google’s ways of replacing the tracking and targeting enabled by the third-party cookies the company plans to disable in Chrome by January 2022. The idea is to use behavioral information showing what sites people visit to track and target them in aggregate rather than individually, which Google claims protects people’s privacy. 

Notably, when Google announced in March it would rely on FLoC and other Privacy Sandbox methods in its industry leading ad exchange, it did so through a blog post written by David Temkin, director of product management, ads privacy and trust at Google. Before joining Google in 2020, Temkin served as chief product officer at Brave Software, which makes the very Brave browser that is saying “no” to FLoC. 

Privacy and data ethics advocates argue that, by lumping people into groups based on their online and mobile site visits, Google will create a whole new level of personal data that can be attached to other individual-level profiles. They worry the FLoC process could unfairly categorize people into groups, which would enable discriminatory targeting or data use. Meanwhile, FLoC has piqued the interest of at least one U.S. lawmaker. U.S. Rep. Yvette Clarke of New York in March raised concerns about bias and disparate impact of FLoC when addressing Google CEO Sundar Pichai during a U.S. House Energy and Commerce Committee hearing on disinformation. 

How browsers block FLoC

Some browsers don’t have to do anything to stop FLoC though. Browsers including Brave and Microsoft Edge are built on Chromium, the open-source code that serves as the foundation for Google Chrome. As a result, those browsers would actually have to enable specific code to get FLoC to work.

Related
consumer panels
Member Exclusive
Digiday Research: The pandemic sped the wrong things up for publishers

“[FLoC] wouldn’t have been enabled unless Brave chose to enable it,” said Bennett Cyphers, a staff technologist at the Electronic Frontier Foundation, a digital privacy advocacy organization, who has been digging deep into how FLoC functions. The same goes for Edge, he said. “FLoC is not turned on in Edge right now because Microsoft would have had to go out of their way to do that,” he said, adding, “In the future Google might make it so that you have to turn the FLoC switch off, but that’s not the case now.” A Google spokesperson did not respond to an email asking the company to confirm that Chromium-based browsers need to actively enable FLoC support.

Krzysztof Franaszek, a computer scientist who has also investigated how FLoC works, backed up that assessment. “Whereas Google Chrome has code for tracking which websites you visit and uses that to calculate [a FLoC ID] to group you,” he said, “Brave has no such underlying mechanism.” As for browser extensions like DuckDuckGo’s, he said, the extension cannot strip out code from Chrome. “Instead, what that extension does is it blocks any websites or Javascript from reading a user’s FLoC ID. So if a user visits an e-commerce website or some website that uses FLoC IDs to try to target consumers, the extension blocks the website from being able to see or access the FLoC ID.”

Publishers are becoming conscientious FLoC objectors

During Google’s FLoC trial phase, publisher websites will be tracked by the system by default, so website publishers that do not want their sites included have to opt out from FLoC tracking, which is not simple to do. Publishers need to add a specific http header to their sites to block FLoC, and a few including The Guardian and The Markup have done so. Google researchers expect publishers of sensitive content or content that people might not want to be associated with Google’s new tracking regime — like healthcare providers, banks or porn sites — to join that club of conscientious FLoC objectors.

In general, advertisers and their agencies are testing FLoC along with a variety of other tracking and targeting methods that don’t use third-party cookies, and they’re not surprised that browsers made by companies other than Google won’t enable FLoC. Considering Chrome’s massive user base, said Amanda Martin, vp of enterprise partnerships at digital agency Goodway Group, “Chrome has the dominance to solve for the deprecation of the third-party cookie in a siloed approach.”

However, she added, “If that doesn’t raise flags from regulatory agencies is different question.” 

https://digiday.com/?p=410971
Digiday Top Stories