Brave, a Chromium-based browser, has removed FLoC, Google’s controversial alternative identifier to third-party cookies for tracking users across websites.
FLoC, or Federated Learning of Cohorts, has just been released by Google for Chrome as its answer to improving privacy while still delivering targeted ads.
“The worst aspect of FLoC is that it materially harms user privacy, under the guise of being privacy-friendly,” says Brave in a blogpost.
FLoC has been been widely criticised by privacy advocates, even though it is an improvement to third-party cookies. The Electronic Frontiers Foundation (EFF) calls it a “terrible idea” because now Chrome shares a summary of each user’s recent browsing activity with marketers.
“A browser with FLoC enabled would collect information about its user’s browsing habits, then use that information to assign its user to a “cohort” or group,” writes Bennett Cyphers, an EFF technologist.
“Users with similar browsing habits — for some definition of “similar” — would be grouped into the same cohort. Each user’s browser will share a cohort ID, indicating which group they belong to, with websites and advertisers.”
Brave, a privacy-focused browser headed up by Mozilla co-founder and key JavaScript designer, Brendan Eich, says it has removed FLoC from the Nightly version of Brave for the desktop and Android.
Brave notes the California Consumer Privacy Act of 2018 (CCPA) and Europe’s General Data Protection Regulation (GDPR) as signs that consumers are demanding privacy on the web.
“In the face of these trends, it is disappointing to see Google, instead of taking the present opportunity to help design and build a user-first, privacy-first Web, proposing and immediately shipping in Chrome a set of smaller, ad-tech-conserving changes, which explicitly prioritize maintaining the structure of the Web advertising ecosystem as Google sees it,” Brave says in a blogpost.
The search engine DuckDuckGo last week released a Chrome extension to block FLoC tracking, comparing it to “walking into a store where they already know all about you”.
Brave argues that because the feature does impact user privacy, it should be something that users need to opt-in to.
“Given that FLoC can be harmful for site operators too, we recommend that all sites disable FLoC. In general, any new privacy-risking features on the web should be opt-in,” Brave says.
“This is a common-sense principle to respect Web users by default. One might wonder why Google isn’t making FLoC opt-in. We suspect that Google has made FLoC opt-out (for sites and users) because Google knows that an opt-in, privacy harming system would likely never reach the scale needed to induce advertisers to use it.”
Microsoft, which is also using Chromium as the basis for its new Edge browser, responded to ZDNet’s request for its position on FLoC as follows:
“We believe in a future where the web can provide people with privacy, transparency and control while also supporting responsible business models to create a vibrant, open and diverse ecosystem. Like Google, we support solutions that give users clear consent, and do not bypass consumer choice. That’s also why we do not support solutions that leverage non-consented user identity signals, such as fingerprinting. The industry is on a journey and there will be browser-based proposals that do not need individual user ids and ID-based proposals that are based on consent and first party relationships. We will continue to explore these approaches with the community. Recently, for example, we were pleased to introduce one possible approach, as described in our PARAKEET proposal. This proposal is not the final iteration but is an evolving document.”
According to the EFF, Google has rolled out FLoC to 0.5% of Chrome users in Australia, Brazil, Canada, India, Indonesia, Japan, Mexico, New Zealand, the Philippines, and the US. But the company hopes to roll it out to 5% of users.
Updated with Microsoft response at 17:30 BST, 13 April 2021