FLoC assigns users to "cohorts" based on their perceived interests. The cohort is then reported to websites so they can target ads, as an alternative to them tracking you online to figure out your interests.
Google claims this is better for privacy because all the interest tracking is done in the browser and kept local to your computer. The website only gets a general cohort identifier, and cohorts will contain thousands of users so are supposed to be of limited use in tracking individuals.
There are numerous problems. For a start the implementation is half baked, with the cohort generation system not being sufficiently resistant to deanonymization. An adversary could simulate thousands of browsing sessions and observe which cohorts result from them, or if they control a number of popular sites use those to force users towards selected cohorts.
Google claims that it will make sure that sensitive cohorts are blocked, so e.g. there will be no religious ones, nothing to do with sexual orientation or the like. Again though the problem is that their list, which they already use for other purposes, is incomplete and mostly based around Western taboos and social problems. It's very likely that abusive cohorts will be created, putting e.g. LGBTQ+ people in danger in countries where that is illegal, or by outing them.
FLoC also breaks private browsing mode. By default FLoC sends a null when there isn't enough data to assign a user to a cohort, or when they are in private browsing mode. That gives adversaries a way to detect private browsing.
Re:Maybe I'm overlooking something (Score:5, Interesting)
FLoC assigns users to "cohorts" based on their perceived interests. The cohort is then reported to websites so they can target ads, as an alternative to them tracking you online to figure out your interests.
Google claims this is better for privacy because all the interest tracking is done in the browser and kept local to your computer. The website only gets a general cohort identifier, and cohorts will contain thousands of users so are supposed to be of limited use in tracking individuals.
There are numerous problems. For a start the implementation is half baked, with the cohort generation system not being sufficiently resistant to deanonymization. An adversary could simulate thousands of browsing sessions and observe which cohorts result from them, or if they control a number of popular sites use those to force users towards selected cohorts.
Google claims that it will make sure that sensitive cohorts are blocked, so e.g. there will be no religious ones, nothing to do with sexual orientation or the like. Again though the problem is that their list, which they already use for other purposes, is incomplete and mostly based around Western taboos and social problems. It's very likely that abusive cohorts will be created, putting e.g. LGBTQ+ people in danger in countries where that is illegal, or by outing them.
FLoC also breaks private browsing mode. By default FLoC sends a null when there isn't enough data to assign a user to a cohort, or when they are in private browsing mode. That gives adversaries a way to detect private browsing.