Security News > 2021 > June > Mozilla Says Google's New Ad Tech—FLoC—Doesn't Protect User Privacy
Essentially, FLoC allows marketers to guess users' interests without having to uniquely identify them, thereby eliminating the privacy implications associated with tailored advertising, which currently relies on techniques such as tracking cookies and device fingerprinting that expose users' browsing history across sites to advertisers or ad platforms.
FLoC sidesteps the cookie with a new "Cohort" identifier wherein users are bucketed into clusters based on similar browsing behaviors.
"With FLoC, individual profiles are a potential source of additional information about the properties of the FLoC as a whole," Mozilla said.
Google has put in place mechanisms to address these undesirable privacy shortcomings, including making FLoC opt-in for websites and suppressing cohorts that it believes are closely correlated with "Sensitive" topics.
Mozilla said "These countermeasures rely on the ability of the browser manufacturer to determine which FLoC inputs and outputs are sensitive, which itself depends on their ability to analyze user browsing history as revealed by FLoC," in turn circumventing the privacy protections.
As potential avenues for improvement, the researchers suggest creating FLoC IDs per domain, partitioning the FLoC ID by the first-party site, and falsely suppressing the cohort ID belonging to users without sensitive browsing histories so as to protect users who cannot report a cohort ID. It's worth noting that the FLoC API returns an empty string when a cohort is marked as sensitive.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/KChC0ET19HA/mozilla-says-googles-new-ad.html