Google is running a Chrome “origin trial” to test out an experimental new tracking feature called Federated Learning of Cohorts (aka “FLoC”). According to Google, the trial currently affects 0.5% of users in selected regions, including Australia, Brazil, Canada, India, Indonesia, Japan, Mexico, New Zealand, the Philippines, and the United States. This page will try to detect whether you’ve been made a guinea pig in Google’s ad-tech experiment.
What is FLoC?
Third-party cookies are the technology that powers much of the surveillance-advertising business today. But cookies are on their way out, and Google is trying to design a way for advertisers to keep targeting users based on their web browsing once cookies are gone. It’s come up with FLoC.
FLoC runs in your browser. It uses your browsing history from the past week to assign you to a group with other “similar” people around the world. Each group receives a label, called a FLoC ID, which is supposed to capture meaningful information about your habits and interests. FLoC then displays this label to everyone you interact with on the web. This makes it easier to identify you with browser fingerprinting, and it gives trackers a head start on profiling you. You can read EFF’s analysis and criticisms of FLoC here.
The Chrome origin trial for FLoC has been deployed to millions of random Chrome users without warning, much less consent. While FLoC is eventually intended to replace tracking cookies, during the trial, it will give trackers access to even more information about subjects. The origin trial is likely to continue into July 2021, and may eventually affect as many as 5% of Chrome users worldwide. See our blog post about the trial for more information.
How can I opt out?
For now, the only way for users to opt out of the FLoC trial in Chrome is by disabling third-party cookies. This may reset your preferences on some sites and break features like single sign-on. You can also use a different browser. Other browsers, including independent platforms like Firefox as well as Chromium-based browsers like Microsoft Edge and Brave, do not currently have FLoC enabled.
If you are a website owner, your site will automatically be included in FLoC calculations if it accesses the FLoC API or if Chrome detects that it serves ads. You can opt out of this calculation by sending the following HTTP response header:
What does my FLoC ID mean?
If you have been assigned a FLoC ID, it means that your browser has processed your browsing history and assigned you to a group of “a few thousand” similar users. The FLoC ID is the label for your behavioral group. This numeric label is not meaningful on its own. However, large advertisers (like Google) and websites (like… Google) will be able to analyze traffic from millions of users to figure out what the members of a particular FLoC have in common. Those actors may use your FLoC ID to infer your interests, demographics, or past behavior.
To get more technical: your browser uses an algorithm called SimHash to calculate your FLoC ID. The system currently uses the list of domains you’ve visited in the past 7 days as input, and recalculates the FLoC ID once a week. The current version of the trial places each user into one of over 33,000 behavioral groups. You can view the code for the FLoC component here. Google has said that it intends to experiment with different grouping algorithms, and different parameters, throughout the trial.
Why does this matter?
FLoC exists because Google acknowledges the privacy harms of third-party cookies, but insists on continuing to let advertisers target you based on how you browse the web. We are happy Google will finally restrict third-party cookies in Chrome, but the last thing it should do is introduce new tracking technology. FLoC has privacy problems of its own, and it will likely continue to enable discrimination and other harms of targeted ads.
EFF believes browser developers should focus on providing a private, user-friendly experience without catering to the interests of behavioral advertisers. We should imagine a better future without the harms of targeted ads—and without Google’s FLoC.
To learn more about browser fingerprinting, and discover how well-protected your own browser is, check out EFF’s Cover Your Tracks project.
For an overview of how third-party trackers collect, use, and abuse your information both on and off the web, read our whitepaper, Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance.
To block third-party trackers using cookies, fingerprinting, and other sneaky methods, install EFF’s browser extension Privacy Badger.