Google is attempting to spin its new plan for cookie-less targeted advertising as a privacy innovation, but advocates say it's more like a privacy nightmare.
Googe's plan, dubbed the Federated Learning of Cohorts (FLoC), relies on placing Chrome users into audience segments, or “cohorts,” based on their web browsing activity, and then transmitting data about those segments directly to publishers through a Javascript API.
Google describes this scheme as an “innovation” and claims it's an alternative to tracking -- even though, in reality, the scheme still relies on tracking people's web browsing in order to deduce their interests and serve them ads.
On Wednesady, the digital rights group Electronic Frontier Foundation pleaded with Google to abandon its “terrible idea,” calling it a “misguided” attempt at reinventing behavioral targeting.
Other watchdogs have already raised concerns with government officials, including acting Federal Trade Commission Chair Rebecca Kelly Slaughter, according to Jeff Chester, executive director of the Center for Digital Democracy
"It's clearly intrusive," Chester says. "We will be seeking a formal review at FTC, and will be bringing this up to Congress."
Advocates have several specific objections to the plan. For one, information sent by the Chrome browser to publishers can serve as a datapoint for device fingerprinting -- a tracking technique that involves identifying users based on data about their computers, including operating systems, IP addresses, browser versions, installed fonts and plug-ins.
A GitHub page devoted to FLoC mentions this risk: “A cohort could be used as a user identifier. It may not have enough bits of information to individually identify someone, but in combination with other information (such as an IP address), it might," the page says.
The Electronic Frontier Foundation raises the same issue.
“The more cohorts there are, the more specific they will be; longer cohort IDs will mean that advertisers learn more about each user’s interests and have an easier time fingerprinting them,” the organization writes.
Beyond fingerprinting, Google's plan raises a separate privacy problem: Chrome users will no longer be able to surf the web without also transmitting information about their potential interests.
“Every site you visit will have a good idea about what kind of person you are on first contact, without having to do the work of tracking you across the web,” the EFF writes.
The organization adds that consumers -- as opposed to Google -- should have the right to decide what information about themselves to transmit.
“If you visit a site for medical information, you might trust it with information about your health, but there’s no reason it needs to know what your politics are,” the group writes. “Likewise, if you visit a retail website, it shouldn’t need to know whether you’ve recently read up on treatment for depression.”
Googe's move stands in stark contrast to decisions by Apple and Mozilla, which are making it more difficult for companies to use behavioral targeting techniques without users' consent, Princeton professor and privacy expert Jonathan Mayer notes.
“Mozilla has shipped extremely effective privacy protections in Firefox. Apple has shipped extremely effective privacy protections in Safari and iOS. And Google is experimenting with new ad technologies,” he says.
Google has publicly said it will roll out some new controls for users next month, and will refine them as it receives feedback, but has offered little in the way of speifics.
The Electronic Frontier Foundation is predicting that Google's cohort-based system “will probably be opt-in for the advertisers that will benefit from it, and opt-out for the users who stand to be hurt.”
Privacy companies may also step in to offer new controls. Ghostery president Jeremy Tillman says the company's software will probably be able to block the data transmissions to publishers, but can't guarantee it.
“We haven't been able to do any tests directly,” he says. “I can't say with 100% certainty that we can block it, but it seems like we should be able to.”