[HN Gopher] Brave disables Chromium FLoC features
___________________________________________________________________
Brave disables Chromium FLoC features
Author : brunoluiz
Score : 168 points
Date : 2021-04-10 21:01 UTC (1 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| simias wrote:
| That's a very interesting move. The patch seems fairly small, but
| now it's a patch that Brave needs to maintain and update every
| time they merge a new upstream version.
|
| That's what makes me wary of the whole Chromium fork concept.
| Every time Brave/Vivaldi/Edge/etc decide to take a different path
| from Google's they effectively add to their maintenance burden
| forever, even if like in this case they actually _disable_ an
| unwanted feature.
|
| How long until the list of patches to backport for every new
| version of Chromium becomes so large that they have to pick and
| choose which one to keep maintaining and which one to give up on?
| If tomorrow Google decides to push a very deep change to the way,
| say, extensions are handled that makes them less effective at ad
| blocking, will Brave accept the burden to suddenly have to
| maintain a very deep fork of the browser in order to maintain old
| functionality?
|
| I'm effectively FUDing right now, but my concern is genuine. I'm
| very perplex that you can make an effectively anti-ad, pro-
| privacy browser based on the source code of one of the biggest ad
| companies in the world.
| furbyhater wrote:
| The idea of a fork is that it is independent from what it was
| forked from, you pull what you like and leave aside negative
| changes, if the license allows this. At least that's the idea.
| Of course companies with huge manpower such as google can
| evolve "standards" in a pace that a small independent fork
| can't keep pace, but we shouldn't just give up.
| spideymans wrote:
| Forking from Chromium also effectively gives Google even more
| control over eve standards.
| sounds wrote:
| Fortunately, _removing_ a feature and _removing_ code is pretty
| easy. It 's when a feature is added that it requires much more
| thought and effort.
|
| It's not zero effort, but pretty easy.
| paulryanrogers wrote:
| My guess is they run the cost benefit analysis with every
| Chrome release. Then just give up and accept the change unless
| it's obviously low cost or in an area they've already forked.
| miedpo wrote:
| From what I'm remembering, Eich said that once they got big
| enough, they'd be willing to fork a browser if necessary. I
| wouldn't put that past Brave considering how many changes it's
| had (used to be on a different browser engine, also used to use
| Electron). They'll probably have to grow a bit before this
| happens though.
| mikl wrote:
| Good to see Brave sticking to their privacy guns. FLoC is a
| brazen attempt for Big Ad (aka. Google and its ilk) to keep their
| spying-on-users gravy train going, now that GDPR and similar laws
| are making their old methods illegal (without consent).
|
| No one wants to consent to being spied on, so FLoC is
| circumnavigating the GDPR consent requirements, letting them spy
| on all Chrome-users without consent.
| Daho0n wrote:
| Only in a world of Google dominance could Brave be seen as the
| good guy.
| judge2020 wrote:
| Except with FLOC you can watch your network connection in/out
| and see that, instead of a persistent identifier being used to
| track you, you only send your interest categories. FLOC's
| intent is to keep their money making operation afloat, but this
| time without direct web browsing activity tracking of users.
| xvector wrote:
| > but this time without direct web browsing activity tracking
| of users.
|
| Your FLOC cohort is a summary of your web browsing activity.
| FLOC doesn't solve the privacy problems that trackers create
| - it just hands them your browsing history on a silver
| platter.
| yunohn wrote:
| It's literally a cohort ID? Where did you get "hands them
| your browsing history on a silver platter" from?
| matkoniecz wrote:
| > you only send your interest categories
|
| Not sure why it is supposed to be significant improvement.
|
| "FLoC cohorts will comprise thousands of users each, so a
| cohort ID alone shouldn't distinguish you from a few thousand
| other people like you. However [a tracker now] only has to
| distinguish your browser from a few thousand others (rather
| than a few hundred million). In information theoretic terms,
| FLoC cohorts will contain several bits of entropy--up to 8
| bits, in Google's proof of concept trial. This information is
| even more potent given that it is unlikely to be correlated
| with other information that the browser exposes. This will
| make it much easier for trackers to put together a unique
| fingerprint for FLoC users."
|
| "as your FLoC cohort will update over time, sites that can
| identify you in other ways will also be able to track how
| your browsing changes [...] a FLoC cohort is nothing more,
| and nothing less, than a summary of your recent browsing
| activity."
|
| https://www.eff.org/deeplinks/2021/03/googles-floc-
| terrible-...
| mikl wrote:
| Yeah, and every time you log in somewhere, they can link your
| FLoC cohort to your real identity and use the information to
| build a profile on you.
| morelisp wrote:
| > Big Ad (aka. Google and its ilk)
|
| So to be clear, "Big Ad" is like, dentsu, Publicis, Omnicom,
| etc. Companies that don't show up on HN much (but do ultimately
| buy the services which pay a ton of HNer's salaries).
|
| They don't like Google very much, but Google owns a ton of
| space to put ads on, lots of first-party traffic with
| interesting properties, and more accurate targeting models than
| most other companies combined. So they have to work together.
| Real Big Ad would all rather keep the third-party cookie and
| not have to deal with FLoC, because they know they're already
| trapped in dealing with Google based on market demands, and
| FLoC will give Google even more forceful technical leverage.
| mikl wrote:
| Google is an integrated part of "Big Ad", they're the largest
| advertising company in the world. And now they're using their
| ownership of the most popular browser to sneakily install
| FLoC on their unwitting user's machines.
| phnofive wrote:
| The recursive irony here is that Alphabet implemented FLoC to put
| a moat around tracking adtech, and Brave consumes Chromium for
| its own means of generating revenue from vending a browser (BAT),
| so of course there's no reason to propagate FLoC.
| varispeed wrote:
| I don't understand why tracking is not being considered as
| mechanism helping companies to manipulate consumers into buying
| their stuff, essentially amounting to fraud? If you were going
| to track someone in real life and manipulating them into buying
| something, you would certainly end up in jail, so why is this
| allowed over the internet? Because consumers don't see
| companies who stalk them? In my opinion the whole tracking
| business should be illegal.
| kamaitachi wrote:
| Bad Voltage did a good show recently dedicated to FLoC.
|
| https://www.badvoltage.org/2021/04/01/3x26/
| Ygg2 wrote:
| I wonder how long, before Google sabotages Chromium to hurt Brave
| and other downwards forks?
| Daho0n wrote:
| >Brave ..... downwards forks
|
| Very fitting.
| Ygg2 wrote:
| Would downstream forks work better as a word there?
| lucasyvas wrote:
| Seeing: document.interestCohort
|
| is pretty abhorrent looking. First-class advertising support in a
| browser is a major turn-off. Google is probably only a few steps
| away from losing controlling stake in Chromium, and stuff like
| this certainly will lead others to flock away.
| sergiotapia wrote:
| I will never feel bad about using adblock. The sites can die for
| all I care, I'll just use something else. Will never tolerate
| ads, ever.
| heavyset_go wrote:
| What's really telling is how many people and companies think
| they're entitled to running ads on my computers and phones, as
| if I'm the one who is doing something wrong by choosing what I
| see or don't see.
| yunohn wrote:
| So the content creators have no right to demand compensation
| for creating "what you see"?
| fsflover wrote:
| Check whether your Chrome is FLoCed:
| https://news.ycombinator.com/item?id=26755313.
| riq_ wrote:
| care to explain what is Brave and what is FLoC?
| geofft wrote:
| Quoting https://en.wikipedia.org/wiki/Brave_(web_browser) :
|
| > _Brave is a free and open-source web browser developed by
| Brave Software, Inc. based on the Chromium web browser. It
| blocks ads and website trackers, and provides a way for users
| to send cryptocurrency contributions in the form of Basic
| Attention Tokens to websites and content creators along with
| the ability to keep the cryptocurrency they earned._
|
| Quoting https://amifloced.org/ :
|
| > _Third-party cookies are the technology that powers much of
| the surveillance-advertising business today. But cookies are on
| their way out, and Google is trying to design a way for
| advertisers to keep targeting users based on their web browsing
| once cookies are gone. It 's come up with FLoC._
|
| > _FLoC runs in your browser. It uses your browsing history
| from the past week to assign you to a group with other
| "similar" people around the world. Each group receives a label,
| called a FLoC ID, which is supposed to capture meaningful
| information about your habits and interests. FLoC then displays
| this label to everyone you interact with on the web._
| mcrittenden wrote:
| Brave [0] is a web browser, built from Chromium, but with built
| in ad and tracker blocking.
|
| FLoC stands for Federated Learning of Cohorts. The third party
| cookie is dying, and FLoC is a way for companies to group
| people together and track them, rather than tracking
| individuals. Here's more info about that [1] and here's an EFF
| article about why it's dangerous [2].
|
| [0] https://brave.com/ [1] https://github.com/WICG/floc [2]
| https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-...
| [deleted]
| morelisp wrote:
| FLoC is a way to make Google's ad network's targeting worth
| comparatively more than other ad networks'.
|
| Brave is an other ad network.
| einpoklum wrote:
| Can you expand on how Brave is an ad network?
| morelisp wrote:
| https://brave.com/brave-ads/
|
| _Company Overview & Core Offering_
|
| _Brave is the first global digital ad platform built for
| privacy, offering advertisers the opportunity to
| participate in a premium, brand safe, and opt-in ad
| ecosystem, designed for a future without 3rd party
| cookies._
| _eLRIC wrote:
| Brave claims to be a privacy oriented web browser. It is
| apparently based on Chromium and someone identified a Chromium
| feature that was phoning home (I.e. Google servers) with some
| informations reducing user anonimity (At least that's what I
| understood from a quick look)
| rq1 wrote:
| For those who like me wonder what is FLoC :
| https://github.com/WICG/floc
| mcint wrote:
| FLoC stands for Federated Learning of Cohorts which aims to
| target advertising better without it directly relying on
| singularly personal information.
|
| https://web.dev/floc/ FLoC enables ad selection
| without sharing the browsing behaviour of individual users.
| FLoC provides a privacy-preserving mechanism for interest-based
| ad selection. As a user moves around the web, their
| browser uses the FLoC algorithm to work out its "interest
| cohort", which will be the same for thousands of browsers with a
| similar recent browsing history. The browser recalculates its
| cohort periodically, on the user's device, without sharing
| individual browsing data with the browser vendor or anyone else.
|
| https://www.chromium.org/Home/chromium-privacy/privacy-sandb...
| qwerty456127 wrote:
| > FLoC enables ad selection without sharing the browsing
| behaviour of individual users.
|
| Nevertheless it seems a formidable addition to a browser user
| fingerprint.
| cblconfederate wrote:
| aka lipstick on a pig. Google could easily kill brave by
| adopting its ads model.
| lumost wrote:
| I would expect that it's practical to reverse engineer the
| cohorts into a browsing history. This means that an interested
| party could derive browsing information from a page visit
| rather than needing to instrument thousands of websites with
| cookies.
|
| There isn't really any hard bound on how much information could
| be leaked via these algorithms.
| morelisp wrote:
| Cohorts could be reverse-engineered to give you a probability
| space of browsing history, which would be identical for any
| user in the cohort given a single sample.
|
| > There isn't really any hard bound on how much information
| could be leaked via these algorithms.
|
| With ~33k cohorts, there is literally a hard bound of just
| above 15 bits per visit. That's still _theoretically_ a lot
| _if_ you have some other stable identifier, but practically
| speaking most users on most sites will have an identical
| cohort and it will drop off rapidly as cohorts stabilize into
| groups appropriate for ad targeting.
|
| Barring the other considerations I've mentioned in the
| comments here, that's still immeasurably better for
| individual privacy than ~infinite bits per visit from stable
| third-party cookies.
| benatkin wrote:
| Except the privacy conscious just won, so there is no need
| to compare it to the former status quo. Why squander our
| victory?
| mavhc wrote:
| If you want to pay to visit every site you go to, or see
| 10x as many ads because you'll be 10x less likely to find
| them useful, then you've won
| londons_explore wrote:
| If I must have ads, I'd prefer not be tracked by hundreds of
| untrustworthy companies, and I'd also prefer not see irrelevant
| ads... This therefore seems like the best bad option...
| JoshTriplett wrote:
| You don't have to have ads at all. The best option is an
| adblocker, and a non-Chrome-based browser.
| judge2020 wrote:
| I'd also like to support websites I visit, though, if I
| don't have the money to directly donate to them and if I am
| going to purchase a product anyways (think visiting an
| amazon product page, leaving it for a day, then clicking an
| ad for it to give x% to the website). Many websites today
| wouldn't exist without ads since a lot of their traffic is
| people who don't go out of their way to donate to websites
| they find useful. If I can do this without giving up
| privacy I'll turn off my ad blocker (and I already do for
| websites I find useful).
| jeffgreco wrote:
| Why are you spending time on websites you don't find
| useful?
| ChefboyOG wrote:
| Because when you visit a new site, you don't know ahead
| of time if it is useful or not.
|
| That's just how "new" works.
| londons_explore wrote:
| Using an adblocker is like stealing candy from the store...
|
| They can handle _some_ theft, but if literally everyone
| stole their candy, the store would close down and nobody
| can have candy.
| sennight wrote:
| Look up the legal definition of "theft". In your analogy
| the candy would be the user's privacy and attention,
| which the adblocker denies the store use of. It is only
| theft if the store owns the user's privacy and attention.
| Are you so owned?
| 13415 wrote:
| On the contrary, the websites who display ads steal
| screen space on my machine without paying me for it, some
| of them even steal computing time by running unauthorized
| scripts.
| lxgr wrote:
| By the same argument you are stealing the website's
| bandwidth by visiting it without clicking on the ads.
|
| These reductionist approaches don't really help with
| understanding ads (and communication in general).
| argvargc wrote:
| No. If advertising became impossible, vendors seeking to
| compete would be forced to make products good enough to
| be enthusiastically-shared, word-of-mouth, and everything
| in the world would be significantly better than it is.
| goalieca wrote:
| It's been said many times, but if the business model is
| advertising then you're the product.. not the quality
| journalism or content. They'll focus on generating
| content to increase engagement instead of perfecting what
| you think it is they are supposed to deliver.
|
| Perhaps it is time for an advertising model to die out as
| the default.
| cortesoft wrote:
| Ok, then don't patronize sites supported by ads.
| Nursie wrote:
| This is why I'm more than happy when sites say "adblocker
| detected, please disable or leave".
|
| I will not render your ads. I'd be happy to put that in
| the first http request to your site. If that means no
| site for me, then quite honestly 90% of my browsing is a
| waste of time anyway.
| simias wrote:
| Or they'll move on to a more sustainable business model
| that doesn't involve selling their user's privacy?
| jshen wrote:
| A business model that will exclude the poor.
| jay_kyburz wrote:
| Lets not pretend that ads help people with less money.
| Ads are designed to manipulate people into buying things
| they don't need.
|
| They encourage people to believe their self worth is
| linked to the things they own. That a persons status in
| society is somehow associated with how much money they
| have to spend.
| rewq4321 wrote:
| > Lets not pretend that ads help people with less money.
|
| Who's pretending? Ads naturally and quite effectively
| price-discriminate, and so they do make internet content
| cheaper for people with less money.
|
| You may have problems with excessive consumption, but
| many people in developing countries do not. They
| desperately need the free content (educational,
| informative, and otherwise) that the current internet
| model provides them.
| rapnie wrote:
| I still watch traditional TV. Whenever commercials start
| I zap to another channel immediately. Would I mind if
| these commercial channels disappeared? Probably not.
| HeckFeck wrote:
| I'm not stealing anything by instructing my computer not
| to run code against my consent. No one is entitled to my
| CPU time. Least of all are advertisers.
|
| Also, the store isn't freakishly stalking me and noting
| down all my habits whilst sharing what it has collected
| with its friends, or indeed anyone who will buy the data.
|
| Besides, candy is impossible to replicate in the same way
| that data is. Theft of physical objects is a materially
| different act from advert blocking and avoidance. I'm not
| obligated to view adverts in every public space because
| they fund the local government. I'm not denied access to
| the cinema because I arrive 10 minutes after the start
| time to avoid the adverts. Or back in the day when I
| taped TV shows and fast-forwarded the adverts, had I a
| responsibility to view them?
|
| They're useless noise that contribute no value to anyone
| beyond whoever pays for them, and therefore I find it a
| moral responsibility to limit my exposure to them and
| restrain the harm they do to others. And curiously, I am
| much more content and much less impulsive in my spending
| habits since I installed uBlock.
| karaterobot wrote:
| The person you're replying to is not accusing you of
| stealing, they are using stealing from a candy store as a
| metaphor for how a certain amount of behavior that a
| company doesn't like is tolerated because it is not worth
| the effort to stop. The point is that Google could
| prevent most people from using ad blockers any time they
| wanted, but don't view it as worth the bad PR (or choose
| not to for other reasons).
| lxgr wrote:
| > I'm not stealing anything by instructing my computer
| not to run code against my consent. No one is entitled to
| my CPU time. Least of all are advertisers.
|
| One might argue that you are then not entitled to view
| the content on ad-supported pages as well.
|
| I use an ad blocker too because many ads are just
| horribly intrusive, but I honestly can't blame any page
| circumventing ad blockers, nor do I believe that I am
| somehow morally entitled to an ad-free, compensation-free
| browsing experience.
|
| Narrowing all of this down to CPU time misses the point
| entirely in my opinion.
|
| > They're useless noise that contribute no value to
| anyone beyond whoever pays for them, and therefore I find
| it a moral responsibility to limit my exposure to them
| and restrain the harm they do to others.
|
| They're literally paying for the content you get to view
| for free.
| nitrogen wrote:
| _Also, the store isn 't freakishly stalking me and noting
| down all my habits whilst sharing what it has collected
| with its friends, or indeed anyone who will buy the
| data._
|
| Many retail stores do, actually, through wireless
| tracking, cameras, and/or purchase history. They will buy
| and sell consumer data through the likes of Acxiom.
|
| It would be great to have a ublock equivalent for the
| physical world.
| jeffgreco wrote:
| I would respect the Adblock crowd more if they didn't run
| around describing their actions as brave or "morally
| responsible." It's ok to admit that you're taking
| something without return!
| kmbfjr wrote:
| As if you have never run to the bathroom during a
| commercial break.
|
| No one is under any obligation to accept advertising.
| Only since the modern web have advertisers and content
| providers made this an argument on ethics.
| [deleted]
| [deleted]
| colonwqbang wrote:
| Using an ablocker is more like going to church wearing
| earplugs.
| hhvn wrote:
| Using an adblocker is more like walking down the street
| with earplugs that block out a preacher you didn't want
| to listen to.
| dathinab wrote:
| Honestly I have no problems with ad's as long as it doesn't
| involve any tracking (or lets call it what it is spying).
|
| If blog or similar can finance part of their cost with
| Ad's, why not.
|
| Sure on slow internet it's a somewhat different matter.
|
| Anyway Ad's okay, but tracking for me is spying and should
| be treated like that, i.e. it should be illegal.
|
| There are ways to have personalized ads without it, like
| local learning which then selects to get an add for a
| specific topic, with that a side could still track which
| ads you got, but it would be much less useful as FLoC, and
| then you add additional steps to even further decrees any
| chance of tracking.
|
| Companies still get implicit feedback by what adds get
| selected more then others.
|
| People can explicitly blacklist annoying (or offensive)
| adds making sure they don't see them ever again and if
| enough do so in turn making that app not seen much more at
| all etc. etc.
|
| But the FLoC cohorts are _WAY_ to small /identifiying to
| not allow you to be tracked fairly easy with it. Just
| combine it with other identifying aspects of browsers
| (there are a lot) and I wouldn't be surprised if it's often
| allows a 100% unique identification.
|
| And given that you likely wont be able to "ad-block" FLoC
| this makes it way worse then the status quo.
| Ntrails wrote:
| If you could give me a world in which ads were always
| static images with a link behind them and nothing more.
| Where they never move, never pop, never animate, never
| play sounds or video, never run scripts etc etc...
|
| Yeah, in that world, ads would be ok with me. Sure
| they're pointless because I won't click on them - but not
| really worse than having a blank spot in the page because
| of an ad blocker.
| HeckFeck wrote:
| Preach. I don't consent to tracking. I don't want my
| browser helping anyone track me in any way. I don't want to
| be pressured and manipulated into buying things I don't
| need. Advertising is not moral and I owe nothing to anyone
| who tries to manipulate me.
|
| Websites can move to more efficient and lighter methods of
| delivery to cover the absence of advertising revenue.
| Anyone skilled who works in the advertising industry is
| freed to offer his skills to better human endeavours.
| Everyone wins.
| somethingAlex wrote:
| What do you mean by "more efficient and lighter methods
| of delivery?"
| HeckFeck wrote:
| Plainer HTML and very little Javascript which will reduce
| development and running costs. As witness, this very
| website. It supplies all that is necessary and no more.
| It is very successful.
|
| With harmful incentives removed, this would encourage
| websites to focus on good writing and less on being
| 'content farms' to drive up engagement for the
| advertisers.
|
| All I want from most sites is the text. Not adverts,
| trackers and those damnable autoplaying videos that jump
| out and follow me down the page. I use the reader mode in
| most cases. Why is it necessary to use reader mode if not
| to cut the useless cruft? Why can't the web just be like
| that?
| calvinmorrison wrote:
| Most cost is producing content, not hosting.
| throwaway3699 wrote:
| > Anyone skilled who works in the advertising industry is
| freed to offer his skills to better human endeavours.
|
| I don't want to be rude, but won't they just end up
| losing their livelihoods? If the advertising industry
| goes, most programmers will see their salaries drop
| hugely. Even those not working in advertising will see a
| drop due to the flood of supply.
| dathinab wrote:
| It's not because the way it's made it _makes it easier for
| hundreds of untrustworthy companies_ to track you...
|
| It says it's about respecting the privacy of users better but
| in practice it fails very bad at doing so the only thing it
| archives is allowing Google to disable cookie based tracking
| and with that makes it harder for 3rd party trackers to be
| google independent (it not harder for 3rd party trackers if
| they use/abuse the FLoC Id and generay there are many ways to
| track users which are not cookie based so especially when it
| comes to the very bad offender of invasive tracking it
| doesn't make a difference or becomes even easier, but some of
| the smaller google ad (and analytic) alternatives will have
| it harder).
| Vinnl wrote:
| > I'd also prefer not see irrelevant ads.
|
| This sounded good when I first heard it, but by now I
| understand 'relevant' to mean 'tailored to optimally
| influence my behaviour', eg showing me articles about the
| futility of voting if my political preferences are likely to
| lean a particular way.
| matkoniecz wrote:
| I strictly prefer irrelevant ads less likely to influence me.
|
| I really have enough projects, TODO lists, interesting things
| to buy to last for lifetime of 250 years.
|
| Why I would want ads likely to influence me? There is
| basically no chance that ad will show me useful, worth using
| object or service to buy that I would not discover anyway.
|
| It would be just another scam more effectively targeting me.
| throwawayboise wrote:
| If ads are relevant to the content of the current page, no
| user profiling (even pseudo-anonymously) is necessary. To me
| that would be the best option.
| prepend wrote:
| I see irrelevant ads anyway. I'd rather block all this and
| use Brave and/or an ad blocker.
|
| A choice of least worst is not necessary.
| tssva wrote:
| Brave is a protection racket, crypto scam, privacy
| violating always with an excuse after company. Why the hell
| would I trust them?
| chrisco255 wrote:
| Brave is a free open source product that you don't have
| to pay for or use. It's a browser with an integrated ad
| blocker. I opted into Brave, no one forced me to. I
| asserted my right as a user to run software on my machine
| how I see fit when I browse the web. The ad model of the
| web is exploitative, monopolistic, privacy invasive,
| abusive to everyone, and makes the whole open web
| ecosystem bow down to the whims of Facebook and Google.
| tssva wrote:
| I have opted into using Chrome, no one forced me to. I
| have asserted my right as a user to run software on my
| machine how I see fit when I browse the web. The ad model
| of the web allows me to freely browse the web while
| providing a source of income to those who work hard to
| provide the services and information I seek on the web.
| foobiter wrote:
| the option to be tracked by one untrustworthy company? oh and
| they're also in charge of the "anonymization" algorithm, oh
| and they also decide who is exempt due to protected status
| (race, income, etc), did I also mention they make the browser
| most people use and are one of the world's largest
| advertising providers?
|
| where is the better part? is it the fact that this makes
| fingerprinting easier? or that floc makes more data available
| to advertisers than cookies?
| dialtone wrote:
| It is a very similar feature to Apple Segments[1] already
| implemented in iOS on which sadly not a lot of documentation is
| available.
|
| [1]: https://support.apple.com/en-us/HT205223
| 2OEH8eoCRo0 wrote:
| I'm fed up with all the ads and tracking and it saddens me
| that even Apple does this shit. I want none of it.
|
| This shouldn't exist in your operating system at all.
| comex wrote:
| Except that those aren't offered up to every website you
| visit.
| dialtone wrote:
| Very thin distinction here given that they can still be
| purchased by advertisers and Apple has every interest in
| being the only company monetizing on their platform so the
| number of parties seeing this is irrelevant if the point
| was the surveillance problem.
| einpoklum wrote:
| So, FLoC is a mechanism for facilitating your being targeted by
| commercial propaganda, but not as accurate/personalized as
| other mechanisms by Google, Amazon and others. Am I getting it
| right?
|
| But - if the regular, more accurate/personalized, mechanisms
| work in Chromium - why use the less-accurate ones?
| notriddle wrote:
| 1. The more accurate ones require a cookie banner.
|
| 2. The more accurate ones are going away.
| kmundnic wrote:
| This post might give some answers [1]. FL is a machine-
| learning framework where models can be trained while keeping
| users' data on their device rather than sending it to a
| server.
|
| [1] https://ai.googleblog.com/2017/04/federated-learning-
| collabo...
| jcampbell1 wrote:
| Because Chrome's competitors have all gotten rid of 3rd party
| cookies for privacy reasons, and Chrome wants to launch and
| claim the same feature but not damage the ad business.
| amboo7 wrote:
| Brave is a web browser, and I found this in the code:
| federated_learning::kFederatedLearningOfCohorts, I suppose that's
| what FLoC stands for.
| 1f60c wrote:
| If you want to temporarily _enable_ FLoC for some reason, start
| Chrome with the following flags (from [0]):
| --enable-blink-features=InterestCohortAPI --enable-features="Fede
| ratedLearningOfCohorts:update_interval/10s/minimum_history_domain
| _size_required/1,FlocIdSortingLshBasedComputation,InterestCohortF
| eaturePolicy"
|
| [0]: https://developer.chrome.com/blog/floc/#try-out-floc-as-a-
| we...
| dataflow wrote:
| Is there any evidence behind the idea that FLoC is more privacy-
| preserving than third-party cookies? Intuitively that is not
| obvious to me at all, especially given there are so many other
| fingerprinting techniques it could be combined with.
| heavyset_go wrote:
| FLoC is essentially something Google can point at and say "Shut
| up about privacy, at least we aren't tracking you the same way
| as before!"
|
| It's only being introduced because they're afraid of
| regulation.
| dialtone wrote:
| You can't use FLoC ID for fingerprinting, it changes
| continuously.
| dataflow wrote:
| Interesting, didn't know that. In that case then how does it
| identify a cohort in a useful manner? Surely websites will
| need to temporally tie together the values to be able to
| target ads?
| dialtone wrote:
| The cohort semantic meaning is stable, although not
| disclosed an ML system would learn its correlation to a
| given goal.
|
| Cohort membership changes pretty frequently instead. So the
| system may put all people that browse mostly golf sites
| together in cohort 12345 that only the algorithm knows it's
| about golf sites, people enter and leave that cohort on a
| daily basis and you can only be a member of a single cohort
| at a time.
| dataflow wrote:
| Why would the cohort membership change frequently? Isn't
| it based on your browsing habits? I don't think my habits
| change frequently--do most people's?
|
| Also, even if I take for granted that everyone's cohort
| changes daily, how does that imply anonymity? Like say my
| habit is that I check emails a ton on Monday, go on
| YouTube on Saturday, read the news on Sunday, etc... so
| my habits are changing daily, okay, but not weekly,
| right? Or maybe I do them in a different order on another
| week, but I'm not going to develop 1000 different habits
| across 1000 days, right? Shouldn't some kind of frequency
| analysis provide fairly consistent results?
| draz wrote:
| Cohorts cannot be too small (or they are not published),
| nor too big (or they are not particularly useful for
| capturing a particular set of behaviors/interests). The
| algorithm will balance these two constraints which will
| lead to any individuals coming in and out of particular
| cohorts. The semantic meaning of a cohort will likely
| change over time as well. For that, FLoC is proposing
| adding version IDs
| foobiter wrote:
| as long as cohorts are smaller than all traffic received
| it makes fingerprinting easier
| dataflow wrote:
| This is useful to know, but I'm confused how this
| addresses what I wrote in the above comment? It wasn't
| relying on cohort size being small or large.
| xvector wrote:
| "FLoC cohorts will comprise thousands of users each, so a
| cohort ID alone shouldn't distinguish you from a few thousand
| other people like you. However [a tracker now] only has to
| distinguish your browser from a few thousand others (rather
| than a few hundred million). In information theoretic terms,
| FLoC cohorts will contain several bits of entropy--up to 8
| bits, in Google's proof of concept trial. This information is
| even more potent given that it is unlikely to be correlated
| with other information that the browser exposes. This will
| make it much easier for trackers to put together a unique
| fingerprint for FLoC users."
|
| "as your FLoC cohort will update over time, sites that can
| identify you in other ways will also be able to track how
| your browsing changes [...] a FLoC cohort is nothing more,
| and nothing less, than a summary of your recent browsing
| activity."
|
| https://www.eff.org/deeplinks/2021/03/googles-floc-
| terrible-...
| [deleted]
| bobbylarrybobby wrote:
| I don't think that's the real goal. The real goal is to remove
| cookies so that compares other than google cannot use them for
| tracking. Then google uses FLOC as a substitute; they're the
| only ones who can use FLOC so it works out great for them.
| dataflow wrote:
| I suspect as much, but I'm trying to see if that's just
| speculation or if it's a conclusion I can reach given other
| factors.
| morelisp wrote:
| Google (and a small number of other companies, notably
| Facebook and Amazon) are also able to continue "traditional"
| profiling due to their extensive first-party traffic /
| backend integrations.
|
| If FLoC goes as they plan, there will be less tracking
| overall, but the tracking there is will be considerably more
| centralized, less technically transparent, and cement
| incumbent market advantages. (All totally coincidental
| unfortunate side-effects of Google's concern for your
| privacy.)
| mistrial9 wrote:
| FLoC is new to me .. a quick check Chrome Browser on a chrome-
| book shows Federated Learning of Cohorts -
| Version: 1.0.6 Chrome : 89.0.4389.116 (Official
| Build) (64-bit)
___________________________________________________________________
(page generated 2021-04-10 23:00 UTC)