Google's new proposal for targeted ad tracking has a number of properties that could pose "significant" privacy risks to users, according to Firefox maker Mozilla.
On Thursday, Firefox published the results of an analysis of Google's Federated Learning of Cohorts, or FLoC, proposal. Google believes the new "privacy-preserving" system could be used to replace third-party cookies for ad tracking purposes. Rescorla, however, says there are major privacy problems with the system.
FLoC works by using a new "cohort" identifier. Compared to cookies, "cohorts" identify a group of users with similar interests instead of a single person. Advertisers can then use these cohorts for ad tracking purposes without needing the browsing history of a specific user.
However, cohorts will likely only consist of thousands of users. That could allow trackers to narrow down specific users very quickly, Firefox CTO Eric Rescorla wrote.
For example, tracking companies could use browser fingerprinting to narrow down the list of potential users in a cohort to just a few. Firefox says trackers would only need "a relatively small amount of information" when combined with a FLoC cohort.
Additionally, trackers could use combinations of FLoC IDs in a given timeframe to distinguish individual users. That's because neither FLoC identifiers or user interests are constant.
FLoC identifiers also leak more information than cookies. Unlike site-specific cookies, FLoC IDs are the same across websites. Because of that, "they become a shared key to which trackers can associate data from external sources."
For example, it's possible for a tracker with a significant amount of first-party interest data to operate a service which just answers questions about the interests of a given FLoC ID. E.g., "Do people who have this cohort ID like cars?". All a site needs to do is call the FLoC APIs to get the cohort ID and then use it to look up information in the service. In addition, the ID can be combined with fingerprinting data to ask "Do people who live in France, have Macs, run Firefox, and have this ID like cars?" The end result here is that any site will be able to learn a lot about you with far less effort than they would need to expend today.
Google has proposed several countermeasures to mitigate these privacy problems, including making FLoC opt-in for websites and suppressing cohorts that it believes are too connected to "sensitive" topics. However, Firefox believes they're not enough.
"While these mitigations seem useful, they seem to mostly be improvements at the margins, and don't address the basic issues described above, which we believe require further study by the community," Rescorla wrote.
He added that the issues would only be a problem if FLoC was pushed out in its current form — they could still be fixed. Mozilla has published more information, and has offered some potential solutions, in a deeper analysis.
Since the announcement of the FLoC proposal, a number of browser companies — including Brave, Vivaldi, and Opera — have spoken out against the idea.
Follow all of WWDC 2021 with comprehensive AppleInsider coverage of the week-long event from June 7 through June 11, including details on iOS 15, iPadOS 15, watchOS 8, macOS Monterey and more.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get the latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.