What’s Google Floc? And How Does It Affect Your Privacy?

Google wants to change the way we’re tracked around the web, and given the widespread use of its Chrome browser, the shift could have significant security and privacy implications—but the idea has been less well-received by companies that aren’t Google.

The technology in question is FLoC, or Federated Learning of Cohorts, to give it its full and rather confusing name. It aims to give advertisers a way of targeting ads without exposing details on individual users, and it does this by grouping people with similar interests together: Football fans, truck drivers, retired travelers, or whatever it is.

“We started with the idea that groups of people with common interests could replace individual identifiers,” writes Google’s Chetna Bindra. “This approach effectively hides individuals ‘in the crowd’ and uses on-device processing to keep a person’s web history private on the browser.”

These groups (or “cohorts”) are generated through algorithms (that’s the “federated learning” bit), and you’ll get put in a different one each week—advertisers will only be able to see its ID. Any cohorts that are too small will get grouped together until they have a least several thousand users in them, to make it harder to identify individual users.

FLoC is based on the idea of a Privacy Sandbox, a Google-led initiative for websites to request certain bits of information about users without overstepping the mark. Besides FLoC, the Privacy Sandbox covers other technologies too: For preventing ad fraud, for helping website developers analyze their incoming traffic, for measuring advertising effectiveness, and so on.

screenshot

The FLoC code at the center of the storm.

Screenshot: David Nield via Google Chrome

Google wants FLoC to replace the traditional way of tracking people on the internet: Cookies. These little bits of text and code are stored on your computer or phone by your browser, and help websites figure out if you’ve visited before, what your site preferences are, where in the world you’re based, and more. They can be helpful for both websites and their visitors, but they’re also heavily used by advertisers and data brokers to build up patterns of our browsing history.

As Google points out, cookie tracking has become more and more invasive. Embedded, far-reaching trackers known as third-party cookies keep tabs on users as they move across multiple websites, while advertisers also use an invasive technique called fingerprinting to know who you are even with anti-tracking measures turned on (through your use of fonts, or your computer’s ID, your connected Bluetooth devices or other means).