Ongoing related thread:
<i>Ad tech firms test ways to connect Google’s FLoC to other data</i> - <a href="https://news.ycombinator.com/item?id=27459247" rel="nofollow">https://news.ycombinator.com/item?id=27459247</a> - June 2021 (183 comments)
What bothers me the most about FLOC is that there is no reason or advantage for me as a user to run it unless I'm forced to. Cookies, even if they get hijacked for tracking, are genuinely useful to persist state and having them on results in a better experience. Even in the case of something more invasive like DRM/EME, I might want to turn it on in exchange to be able to watch some new show on a streaming service. Turning on FLOC brings nothing to the user in return and feels like charity towards advertisers.
<i>"because FLoC IDs are the same across all sites, they become a shared key to which trackers can associate data from external sources"</i><p><i>"FLoC leaks more information than you want"</i><p><i>"The end result here is that any site will be able to learn a lot about you with far less effort than they would need to expend today."</i><p>Hmm. From someone (Firefox Team CTO) that probably knows this space well.
It's really a genius level move by Google here. Get rid of the cookie, implement your <i>own</i> solution, make it seem somewhat unique and rely on other data to identify users and claim impunity since it's nothing to do with them.<p>So how about this, Google must not, and cannot implement FLOC without it being a cross-browser standard; that is to say if <i>anyone</i> of Microsoft, Apple or Mozilla veto FLOC, it's dead.<p>This is how standards are <i>supposed</i> to work. Google should not be given the power to make a thing (like AMP) and just force it upon everyone.<p>We MUST start regulating Google's every product development, I'd rather it get held up for a year in court before it sees the light of day.
FLoC: micro market segmentation. Profiles versus data.<p>It requires on 33 bits to uniquely identify an individual. [0].<p>I would be interested to learn whether FLoC employed k-anonymity measures, and their report on it.<p>If I am retired, female, live in the 830* zip3, and own a sedan, it is probably hard to identify me. Add that I am Korean and am searching for thyroid cancer treatments on Tuesday at 8:43AM local, then I am way more identifiable. I don't understand how FLoC works, and how it gets around this type of intrusion.<p>The only solution I am aware of is to dramatically limit the category depth. But that sort of defeats the purpose of micro market segmentation. And that's a good thing, IMO.<p>[0] <a href="https://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy" rel="nofollow">https://www.eff.org/deeplinks/2010/01/primer-information-the...</a>
If you peel away the buzzwords, FLOC is basically just your browser tracking you, and telling advertisers which ads you are most likely to click on. Google claims to do this in a way that preserves your privacy, but ultimately these are empty promises. There is no way to spy on people without being creepy. Many (most?) people don't want to be tracked at all, "privately" or not.<p>It's such a pity that online advertising has turned in this direction. It started out so well intentioned! Search ads showed ads related to your search, Google adwords showed ads related to the content of the page you viewed. No invasive tracking necessary!<p>And now we have come to this. Tracking everyone everywhere has become so pervasive that an operating system vendor has just announced this week that they are building a first party VPN into the OS in a desparate attempt to reduce this ubiquitous tracking...
> FLoC is premised on a compelling idea: enable ad targeting without exposing users to risk<p>The second you open your browser you are exposed to risk. Many times I have had to tweak the default settings of my browser to comply with my (non paranoid) requirements. Basic things like putting DuckDuckGo as the default search engine, turning off various JS APIs like HTML5 Canvas, WebGL, using AD-blockers and other addons, tweaking about:config and hardening it, etc<p>Call me a power user if you want, but all this hardening stuff should ship out-of-the-box.
Given that the cohort id is computed client-side, FLoC also sounds like a nice opportunity to fool trackers. Why not send a random cohort id with every request? In the worst case they’ll fall back to conventional tracking techniques, in the best case it will add some noise to their data.
I’ve read here that in prison, if inmates are learning to code without internet access that they’re given offline dumps of stack overflow. Or maybe offline Wikipedia in the library is a better example.<p>I’d really like to be able to buy preloaded offline versions of certain websites to be able to use indiscriminately.<p>For things like embarrassing questions which I might want to search for within a given subreddit without broadcasting it to who knows what systems.<p>I don’t even necessarily care if there’s a result, or even if the information/responses/comments are a decade stale - i can live without current events.<p>I just want the peace of mind that I’m not being observed. That’s something that I’d pay for.
Well that's a great argument that it isn't perfect, but the real question is whether it's an improvement. Is it better than the state of the art, which is everyone dropping a shit ton of completely untraceable cookies? For example the browser fingerprinting piece that they highlight is already a problem with or without FLoC.<p>I don't have an opinion about FLoC <i>per se</i> but this piece feels like it's focused on finding flaws with it in the absolute, as if we didn't have pretty awful tracking now. I don't believe we can get to perfect, what with shadow browser fingerprinting techniques and all, I just want to know if it's an improvement.
This is a summary of the more detailed findings in their paper, which I found easy to read and has some intriguing suggestions for fixing privacy issues with the original proposal: <a href="https://mozilla.github.io/ppa-docs/floc_report.pdf" rel="nofollow">https://mozilla.github.io/ppa-docs/floc_report.pdf</a>
I doubt everyone behind a single household IP address is a homogeneous blob of interests. Their interests + the IP address will be enough to uniquely identify them if trackers are able to accurately identify a single home resident.<p>Did google ever seek proper peer review for FLoC before they started testing it on people?
FLoC is inherently anti-user, it serves literally no purpose other than to support tracking, while breaking all current anti-tracking tech by mandating its user across domains (a nice solid break of Same Origin policy).<p>That it came from google is hardly surprising, as they are hell bent on stealing every bit of information they can from everyone, whether or not that person has a relationship with them, let alone consented to the abuse.<p>I would be stunned if FLoC lasted more than a few months in the real world before google just started using it as an additional source of entropy to spy on people across domains.
I'll continue to just block everything, thanks but no thanks. I don't need or want any of this tracking garbage. I <i>definitely</i> don't want whatever Google is pushing.
Is there anyone on HN who believes Mozilla will not implement FLoC in Firefox. Mozilla has stated over and over that it is a firm believer in advertising as "essential" for the internet to survive. In practice, they never phrase it as an opinion or even an underlying assumption (that can be questioned), they try to state this as a "fact".[1] This is called advocacy. Mozilla is an advocate for online advertising. They derive their salaries from payments from a deal with an online advertising company and in return they send search queries on Firefox to that company. (This argument that ads are critical is total BS, IMO. The internet worked great without ads. It would work even better now. Anyone who tests these things can see the web without ads works much better than it does with ads.) What Mozilla really needs to state is that Mozilla believes online ads are critical to Mozilla's survival as an employer. If web browser authors and their bosses want to be paid, then they <i>assume</i> they must to sell out to advertisers. Why is there no privacy by default when using web browsers. This is why.<p>1. Note first sentence, underlying assumption, of Mozilla communications. This company is blinded by advertising payola and cannot see non-commercial use of the web as worth protecting.<p><a href="https://blog.mozilla.org/en/mozilla/the-future-of-ads-and-privacy/" rel="nofollow">https://blog.mozilla.org/en/mozilla/the-future-of-ads-and-pr...</a><p><a href="https://blog.mozilla.org/en/mozilla/building-a-more-privacy-preserving-ads-based-ecosystem/" rel="nofollow">https://blog.mozilla.org/en/mozilla/building-a-more-privacy-...</a>