[HN Gopher] Brave disables Chromium FLoC features ___________________________________________________________________ Brave disables Chromium FLoC features Author : brunoluiz Score : 168 points Date : 2021-04-10 21:01 UTC (1 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | simias wrote: | That's a very interesting move. The patch seems fairly small, but | now it's a patch that Brave needs to maintain and update every | time they merge a new upstream version. | | That's what makes me wary of the whole Chromium fork concept. | Every time Brave/Vivaldi/Edge/etc decide to take a different path | from Google's they effectively add to their maintenance burden | forever, even if like in this case they actually _disable_ an | unwanted feature. | | How long until the list of patches to backport for every new | version of Chromium becomes so large that they have to pick and | choose which one to keep maintaining and which one to give up on? | If tomorrow Google decides to push a very deep change to the way, | say, extensions are handled that makes them less effective at ad | blocking, will Brave accept the burden to suddenly have to | maintain a very deep fork of the browser in order to maintain old | functionality? | | I'm effectively FUDing right now, but my concern is genuine. I'm | very perplex that you can make an effectively anti-ad, pro- | privacy browser based on the source code of one of the biggest ad | companies in the world. | furbyhater wrote: | The idea of a fork is that it is independent from what it was | forked from, you pull what you like and leave aside negative | changes, if the license allows this. At least that's the idea. | Of course companies with huge manpower such as google can | evolve "standards" in a pace that a small independent fork | can't keep pace, but we shouldn't just give up. | spideymans wrote: | Forking from Chromium also effectively gives Google even more | control over eve standards. | sounds wrote: | Fortunately, _removing_ a feature and _removing_ code is pretty | easy. It 's when a feature is added that it requires much more | thought and effort. | | It's not zero effort, but pretty easy. | paulryanrogers wrote: | My guess is they run the cost benefit analysis with every | Chrome release. Then just give up and accept the change unless | it's obviously low cost or in an area they've already forked. | miedpo wrote: | From what I'm remembering, Eich said that once they got big | enough, they'd be willing to fork a browser if necessary. I | wouldn't put that past Brave considering how many changes it's | had (used to be on a different browser engine, also used to use | Electron). They'll probably have to grow a bit before this | happens though. | mikl wrote: | Good to see Brave sticking to their privacy guns. FLoC is a | brazen attempt for Big Ad (aka. Google and its ilk) to keep their | spying-on-users gravy train going, now that GDPR and similar laws | are making their old methods illegal (without consent). | | No one wants to consent to being spied on, so FLoC is | circumnavigating the GDPR consent requirements, letting them spy | on all Chrome-users without consent. | Daho0n wrote: | Only in a world of Google dominance could Brave be seen as the | good guy. | judge2020 wrote: | Except with FLOC you can watch your network connection in/out | and see that, instead of a persistent identifier being used to | track you, you only send your interest categories. FLOC's | intent is to keep their money making operation afloat, but this | time without direct web browsing activity tracking of users. | xvector wrote: | > but this time without direct web browsing activity tracking | of users. | | Your FLOC cohort is a summary of your web browsing activity. | FLOC doesn't solve the privacy problems that trackers create | - it just hands them your browsing history on a silver | platter. | yunohn wrote: | It's literally a cohort ID? Where did you get "hands them | your browsing history on a silver platter" from? | matkoniecz wrote: | > you only send your interest categories | | Not sure why it is supposed to be significant improvement. | | "FLoC cohorts will comprise thousands of users each, so a | cohort ID alone shouldn't distinguish you from a few thousand | other people like you. However [a tracker now] only has to | distinguish your browser from a few thousand others (rather | than a few hundred million). In information theoretic terms, | FLoC cohorts will contain several bits of entropy--up to 8 | bits, in Google's proof of concept trial. This information is | even more potent given that it is unlikely to be correlated | with other information that the browser exposes. This will | make it much easier for trackers to put together a unique | fingerprint for FLoC users." | | "as your FLoC cohort will update over time, sites that can | identify you in other ways will also be able to track how | your browsing changes [...] a FLoC cohort is nothing more, | and nothing less, than a summary of your recent browsing | activity." | | https://www.eff.org/deeplinks/2021/03/googles-floc- | terrible-... | mikl wrote: | Yeah, and every time you log in somewhere, they can link your | FLoC cohort to your real identity and use the information to | build a profile on you. | morelisp wrote: | > Big Ad (aka. Google and its ilk) | | So to be clear, "Big Ad" is like, dentsu, Publicis, Omnicom, | etc. Companies that don't show up on HN much (but do ultimately | buy the services which pay a ton of HNer's salaries). | | They don't like Google very much, but Google owns a ton of | space to put ads on, lots of first-party traffic with | interesting properties, and more accurate targeting models than | most other companies combined. So they have to work together. | Real Big Ad would all rather keep the third-party cookie and | not have to deal with FLoC, because they know they're already | trapped in dealing with Google based on market demands, and | FLoC will give Google even more forceful technical leverage. | mikl wrote: | Google is an integrated part of "Big Ad", they're the largest | advertising company in the world. And now they're using their | ownership of the most popular browser to sneakily install | FLoC on their unwitting user's machines. | phnofive wrote: | The recursive irony here is that Alphabet implemented FLoC to put | a moat around tracking adtech, and Brave consumes Chromium for | its own means of generating revenue from vending a browser (BAT), | so of course there's no reason to propagate FLoC. | varispeed wrote: | I don't understand why tracking is not being considered as | mechanism helping companies to manipulate consumers into buying | their stuff, essentially amounting to fraud? If you were going | to track someone in real life and manipulating them into buying | something, you would certainly end up in jail, so why is this | allowed over the internet? Because consumers don't see | companies who stalk them? In my opinion the whole tracking | business should be illegal. | kamaitachi wrote: | Bad Voltage did a good show recently dedicated to FLoC. | | https://www.badvoltage.org/2021/04/01/3x26/ | Ygg2 wrote: | I wonder how long, before Google sabotages Chromium to hurt Brave | and other downwards forks? | Daho0n wrote: | >Brave ..... downwards forks | | Very fitting. | Ygg2 wrote: | Would downstream forks work better as a word there? | lucasyvas wrote: | Seeing: document.interestCohort | | is pretty abhorrent looking. First-class advertising support in a | browser is a major turn-off. Google is probably only a few steps | away from losing controlling stake in Chromium, and stuff like | this certainly will lead others to flock away. | sergiotapia wrote: | I will never feel bad about using adblock. The sites can die for | all I care, I'll just use something else. Will never tolerate | ads, ever. | heavyset_go wrote: | What's really telling is how many people and companies think | they're entitled to running ads on my computers and phones, as | if I'm the one who is doing something wrong by choosing what I | see or don't see. | yunohn wrote: | So the content creators have no right to demand compensation | for creating "what you see"? | fsflover wrote: | Check whether your Chrome is FLoCed: | https://news.ycombinator.com/item?id=26755313. | riq_ wrote: | care to explain what is Brave and what is FLoC? | geofft wrote: | Quoting https://en.wikipedia.org/wiki/Brave_(web_browser) : | | > _Brave is a free and open-source web browser developed by | Brave Software, Inc. based on the Chromium web browser. It | blocks ads and website trackers, and provides a way for users | to send cryptocurrency contributions in the form of Basic | Attention Tokens to websites and content creators along with | the ability to keep the cryptocurrency they earned._ | | Quoting https://amifloced.org/ : | | > _Third-party cookies are the technology that powers much of | the surveillance-advertising business today. But cookies are on | their way out, and Google is trying to design a way for | advertisers to keep targeting users based on their web browsing | once cookies are gone. It 's come up with FLoC._ | | > _FLoC runs in your browser. It uses your browsing history | from the past week to assign you to a group with other | "similar" people around the world. Each group receives a label, | called a FLoC ID, which is supposed to capture meaningful | information about your habits and interests. FLoC then displays | this label to everyone you interact with on the web._ | mcrittenden wrote: | Brave [0] is a web browser, built from Chromium, but with built | in ad and tracker blocking. | | FLoC stands for Federated Learning of Cohorts. The third party | cookie is dying, and FLoC is a way for companies to group | people together and track them, rather than tracking | individuals. Here's more info about that [1] and here's an EFF | article about why it's dangerous [2]. | | [0] https://brave.com/ [1] https://github.com/WICG/floc [2] | https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-... | [deleted] | morelisp wrote: | FLoC is a way to make Google's ad network's targeting worth | comparatively more than other ad networks'. | | Brave is an other ad network. | einpoklum wrote: | Can you expand on how Brave is an ad network? | morelisp wrote: | https://brave.com/brave-ads/ | | _Company Overview & Core Offering_ | | _Brave is the first global digital ad platform built for | privacy, offering advertisers the opportunity to | participate in a premium, brand safe, and opt-in ad | ecosystem, designed for a future without 3rd party | cookies._ | _eLRIC wrote: | Brave claims to be a privacy oriented web browser. It is | apparently based on Chromium and someone identified a Chromium | feature that was phoning home (I.e. Google servers) with some | informations reducing user anonimity (At least that's what I | understood from a quick look) | rq1 wrote: | For those who like me wonder what is FLoC : | https://github.com/WICG/floc | mcint wrote: | FLoC stands for Federated Learning of Cohorts which aims to | target advertising better without it directly relying on | singularly personal information. | | https://web.dev/floc/ FLoC enables ad selection | without sharing the browsing behaviour of individual users. | FLoC provides a privacy-preserving mechanism for interest-based | ad selection. As a user moves around the web, their | browser uses the FLoC algorithm to work out its "interest | cohort", which will be the same for thousands of browsers with a | similar recent browsing history. The browser recalculates its | cohort periodically, on the user's device, without sharing | individual browsing data with the browser vendor or anyone else. | | https://www.chromium.org/Home/chromium-privacy/privacy-sandb... | qwerty456127 wrote: | > FLoC enables ad selection without sharing the browsing | behaviour of individual users. | | Nevertheless it seems a formidable addition to a browser user | fingerprint. | cblconfederate wrote: | aka lipstick on a pig. Google could easily kill brave by | adopting its ads model. | lumost wrote: | I would expect that it's practical to reverse engineer the | cohorts into a browsing history. This means that an interested | party could derive browsing information from a page visit | rather than needing to instrument thousands of websites with | cookies. | | There isn't really any hard bound on how much information could | be leaked via these algorithms. | morelisp wrote: | Cohorts could be reverse-engineered to give you a probability | space of browsing history, which would be identical for any | user in the cohort given a single sample. | | > There isn't really any hard bound on how much information | could be leaked via these algorithms. | | With ~33k cohorts, there is literally a hard bound of just | above 15 bits per visit. That's still _theoretically_ a lot | _if_ you have some other stable identifier, but practically | speaking most users on most sites will have an identical | cohort and it will drop off rapidly as cohorts stabilize into | groups appropriate for ad targeting. | | Barring the other considerations I've mentioned in the | comments here, that's still immeasurably better for | individual privacy than ~infinite bits per visit from stable | third-party cookies. | benatkin wrote: | Except the privacy conscious just won, so there is no need | to compare it to the former status quo. Why squander our | victory? | mavhc wrote: | If you want to pay to visit every site you go to, or see | 10x as many ads because you'll be 10x less likely to find | them useful, then you've won | londons_explore wrote: | If I must have ads, I'd prefer not be tracked by hundreds of | untrustworthy companies, and I'd also prefer not see irrelevant | ads... This therefore seems like the best bad option... | JoshTriplett wrote: | You don't have to have ads at all. The best option is an | adblocker, and a non-Chrome-based browser. | judge2020 wrote: | I'd also like to support websites I visit, though, if I | don't have the money to directly donate to them and if I am | going to purchase a product anyways (think visiting an | amazon product page, leaving it for a day, then clicking an | ad for it to give x% to the website). Many websites today | wouldn't exist without ads since a lot of their traffic is | people who don't go out of their way to donate to websites | they find useful. If I can do this without giving up | privacy I'll turn off my ad blocker (and I already do for | websites I find useful). | jeffgreco wrote: | Why are you spending time on websites you don't find | useful? | ChefboyOG wrote: | Because when you visit a new site, you don't know ahead | of time if it is useful or not. | | That's just how "new" works. | londons_explore wrote: | Using an adblocker is like stealing candy from the store... | | They can handle _some_ theft, but if literally everyone | stole their candy, the store would close down and nobody | can have candy. | sennight wrote: | Look up the legal definition of "theft". In your analogy | the candy would be the user's privacy and attention, | which the adblocker denies the store use of. It is only | theft if the store owns the user's privacy and attention. | Are you so owned? | 13415 wrote: | On the contrary, the websites who display ads steal | screen space on my machine without paying me for it, some | of them even steal computing time by running unauthorized | scripts. | lxgr wrote: | By the same argument you are stealing the website's | bandwidth by visiting it without clicking on the ads. | | These reductionist approaches don't really help with | understanding ads (and communication in general). | argvargc wrote: | No. If advertising became impossible, vendors seeking to | compete would be forced to make products good enough to | be enthusiastically-shared, word-of-mouth, and everything | in the world would be significantly better than it is. | goalieca wrote: | It's been said many times, but if the business model is | advertising then you're the product.. not the quality | journalism or content. They'll focus on generating | content to increase engagement instead of perfecting what | you think it is they are supposed to deliver. | | Perhaps it is time for an advertising model to die out as | the default. | cortesoft wrote: | Ok, then don't patronize sites supported by ads. | Nursie wrote: | This is why I'm more than happy when sites say "adblocker | detected, please disable or leave". | | I will not render your ads. I'd be happy to put that in | the first http request to your site. If that means no | site for me, then quite honestly 90% of my browsing is a | waste of time anyway. | simias wrote: | Or they'll move on to a more sustainable business model | that doesn't involve selling their user's privacy? | jshen wrote: | A business model that will exclude the poor. | jay_kyburz wrote: | Lets not pretend that ads help people with less money. | Ads are designed to manipulate people into buying things | they don't need. | | They encourage people to believe their self worth is | linked to the things they own. That a persons status in | society is somehow associated with how much money they | have to spend. | rewq4321 wrote: | > Lets not pretend that ads help people with less money. | | Who's pretending? Ads naturally and quite effectively | price-discriminate, and so they do make internet content | cheaper for people with less money. | | You may have problems with excessive consumption, but | many people in developing countries do not. They | desperately need the free content (educational, | informative, and otherwise) that the current internet | model provides them. | rapnie wrote: | I still watch traditional TV. Whenever commercials start | I zap to another channel immediately. Would I mind if | these commercial channels disappeared? Probably not. | HeckFeck wrote: | I'm not stealing anything by instructing my computer not | to run code against my consent. No one is entitled to my | CPU time. Least of all are advertisers. | | Also, the store isn't freakishly stalking me and noting | down all my habits whilst sharing what it has collected | with its friends, or indeed anyone who will buy the data. | | Besides, candy is impossible to replicate in the same way | that data is. Theft of physical objects is a materially | different act from advert blocking and avoidance. I'm not | obligated to view adverts in every public space because | they fund the local government. I'm not denied access to | the cinema because I arrive 10 minutes after the start | time to avoid the adverts. Or back in the day when I | taped TV shows and fast-forwarded the adverts, had I a | responsibility to view them? | | They're useless noise that contribute no value to anyone | beyond whoever pays for them, and therefore I find it a | moral responsibility to limit my exposure to them and | restrain the harm they do to others. And curiously, I am | much more content and much less impulsive in my spending | habits since I installed uBlock. | karaterobot wrote: | The person you're replying to is not accusing you of | stealing, they are using stealing from a candy store as a | metaphor for how a certain amount of behavior that a | company doesn't like is tolerated because it is not worth | the effort to stop. The point is that Google could | prevent most people from using ad blockers any time they | wanted, but don't view it as worth the bad PR (or choose | not to for other reasons). | lxgr wrote: | > I'm not stealing anything by instructing my computer | not to run code against my consent. No one is entitled to | my CPU time. Least of all are advertisers. | | One might argue that you are then not entitled to view | the content on ad-supported pages as well. | | I use an ad blocker too because many ads are just | horribly intrusive, but I honestly can't blame any page | circumventing ad blockers, nor do I believe that I am | somehow morally entitled to an ad-free, compensation-free | browsing experience. | | Narrowing all of this down to CPU time misses the point | entirely in my opinion. | | > They're useless noise that contribute no value to | anyone beyond whoever pays for them, and therefore I find | it a moral responsibility to limit my exposure to them | and restrain the harm they do to others. | | They're literally paying for the content you get to view | for free. | nitrogen wrote: | _Also, the store isn 't freakishly stalking me and noting | down all my habits whilst sharing what it has collected | with its friends, or indeed anyone who will buy the | data._ | | Many retail stores do, actually, through wireless | tracking, cameras, and/or purchase history. They will buy | and sell consumer data through the likes of Acxiom. | | It would be great to have a ublock equivalent for the | physical world. | jeffgreco wrote: | I would respect the Adblock crowd more if they didn't run | around describing their actions as brave or "morally | responsible." It's ok to admit that you're taking | something without return! | kmbfjr wrote: | As if you have never run to the bathroom during a | commercial break. | | No one is under any obligation to accept advertising. | Only since the modern web have advertisers and content | providers made this an argument on ethics. | [deleted] | [deleted] | colonwqbang wrote: | Using an ablocker is more like going to church wearing | earplugs. | hhvn wrote: | Using an adblocker is more like walking down the street | with earplugs that block out a preacher you didn't want | to listen to. | dathinab wrote: | Honestly I have no problems with ad's as long as it doesn't | involve any tracking (or lets call it what it is spying). | | If blog or similar can finance part of their cost with | Ad's, why not. | | Sure on slow internet it's a somewhat different matter. | | Anyway Ad's okay, but tracking for me is spying and should | be treated like that, i.e. it should be illegal. | | There are ways to have personalized ads without it, like | local learning which then selects to get an add for a | specific topic, with that a side could still track which | ads you got, but it would be much less useful as FLoC, and | then you add additional steps to even further decrees any | chance of tracking. | | Companies still get implicit feedback by what adds get | selected more then others. | | People can explicitly blacklist annoying (or offensive) | adds making sure they don't see them ever again and if | enough do so in turn making that app not seen much more at | all etc. etc. | | But the FLoC cohorts are _WAY_ to small /identifiying to | not allow you to be tracked fairly easy with it. Just | combine it with other identifying aspects of browsers | (there are a lot) and I wouldn't be surprised if it's often | allows a 100% unique identification. | | And given that you likely wont be able to "ad-block" FLoC | this makes it way worse then the status quo. | Ntrails wrote: | If you could give me a world in which ads were always | static images with a link behind them and nothing more. | Where they never move, never pop, never animate, never | play sounds or video, never run scripts etc etc... | | Yeah, in that world, ads would be ok with me. Sure | they're pointless because I won't click on them - but not | really worse than having a blank spot in the page because | of an ad blocker. | HeckFeck wrote: | Preach. I don't consent to tracking. I don't want my | browser helping anyone track me in any way. I don't want to | be pressured and manipulated into buying things I don't | need. Advertising is not moral and I owe nothing to anyone | who tries to manipulate me. | | Websites can move to more efficient and lighter methods of | delivery to cover the absence of advertising revenue. | Anyone skilled who works in the advertising industry is | freed to offer his skills to better human endeavours. | Everyone wins. | somethingAlex wrote: | What do you mean by "more efficient and lighter methods | of delivery?" | HeckFeck wrote: | Plainer HTML and very little Javascript which will reduce | development and running costs. As witness, this very | website. It supplies all that is necessary and no more. | It is very successful. | | With harmful incentives removed, this would encourage | websites to focus on good writing and less on being | 'content farms' to drive up engagement for the | advertisers. | | All I want from most sites is the text. Not adverts, | trackers and those damnable autoplaying videos that jump | out and follow me down the page. I use the reader mode in | most cases. Why is it necessary to use reader mode if not | to cut the useless cruft? Why can't the web just be like | that? | calvinmorrison wrote: | Most cost is producing content, not hosting. | throwaway3699 wrote: | > Anyone skilled who works in the advertising industry is | freed to offer his skills to better human endeavours. | | I don't want to be rude, but won't they just end up | losing their livelihoods? If the advertising industry | goes, most programmers will see their salaries drop | hugely. Even those not working in advertising will see a | drop due to the flood of supply. | dathinab wrote: | It's not because the way it's made it _makes it easier for | hundreds of untrustworthy companies_ to track you... | | It says it's about respecting the privacy of users better but | in practice it fails very bad at doing so the only thing it | archives is allowing Google to disable cookie based tracking | and with that makes it harder for 3rd party trackers to be | google independent (it not harder for 3rd party trackers if | they use/abuse the FLoC Id and generay there are many ways to | track users which are not cookie based so especially when it | comes to the very bad offender of invasive tracking it | doesn't make a difference or becomes even easier, but some of | the smaller google ad (and analytic) alternatives will have | it harder). | Vinnl wrote: | > I'd also prefer not see irrelevant ads. | | This sounded good when I first heard it, but by now I | understand 'relevant' to mean 'tailored to optimally | influence my behaviour', eg showing me articles about the | futility of voting if my political preferences are likely to | lean a particular way. | matkoniecz wrote: | I strictly prefer irrelevant ads less likely to influence me. | | I really have enough projects, TODO lists, interesting things | to buy to last for lifetime of 250 years. | | Why I would want ads likely to influence me? There is | basically no chance that ad will show me useful, worth using | object or service to buy that I would not discover anyway. | | It would be just another scam more effectively targeting me. | throwawayboise wrote: | If ads are relevant to the content of the current page, no | user profiling (even pseudo-anonymously) is necessary. To me | that would be the best option. | prepend wrote: | I see irrelevant ads anyway. I'd rather block all this and | use Brave and/or an ad blocker. | | A choice of least worst is not necessary. | tssva wrote: | Brave is a protection racket, crypto scam, privacy | violating always with an excuse after company. Why the hell | would I trust them? | chrisco255 wrote: | Brave is a free open source product that you don't have | to pay for or use. It's a browser with an integrated ad | blocker. I opted into Brave, no one forced me to. I | asserted my right as a user to run software on my machine | how I see fit when I browse the web. The ad model of the | web is exploitative, monopolistic, privacy invasive, | abusive to everyone, and makes the whole open web | ecosystem bow down to the whims of Facebook and Google. | tssva wrote: | I have opted into using Chrome, no one forced me to. I | have asserted my right as a user to run software on my | machine how I see fit when I browse the web. The ad model | of the web allows me to freely browse the web while | providing a source of income to those who work hard to | provide the services and information I seek on the web. | foobiter wrote: | the option to be tracked by one untrustworthy company? oh and | they're also in charge of the "anonymization" algorithm, oh | and they also decide who is exempt due to protected status | (race, income, etc), did I also mention they make the browser | most people use and are one of the world's largest | advertising providers? | | where is the better part? is it the fact that this makes | fingerprinting easier? or that floc makes more data available | to advertisers than cookies? | dialtone wrote: | It is a very similar feature to Apple Segments[1] already | implemented in iOS on which sadly not a lot of documentation is | available. | | [1]: https://support.apple.com/en-us/HT205223 | 2OEH8eoCRo0 wrote: | I'm fed up with all the ads and tracking and it saddens me | that even Apple does this shit. I want none of it. | | This shouldn't exist in your operating system at all. | comex wrote: | Except that those aren't offered up to every website you | visit. | dialtone wrote: | Very thin distinction here given that they can still be | purchased by advertisers and Apple has every interest in | being the only company monetizing on their platform so the | number of parties seeing this is irrelevant if the point | was the surveillance problem. | einpoklum wrote: | So, FLoC is a mechanism for facilitating your being targeted by | commercial propaganda, but not as accurate/personalized as | other mechanisms by Google, Amazon and others. Am I getting it | right? | | But - if the regular, more accurate/personalized, mechanisms | work in Chromium - why use the less-accurate ones? | notriddle wrote: | 1. The more accurate ones require a cookie banner. | | 2. The more accurate ones are going away. | kmundnic wrote: | This post might give some answers [1]. FL is a machine- | learning framework where models can be trained while keeping | users' data on their device rather than sending it to a | server. | | [1] https://ai.googleblog.com/2017/04/federated-learning- | collabo... | jcampbell1 wrote: | Because Chrome's competitors have all gotten rid of 3rd party | cookies for privacy reasons, and Chrome wants to launch and | claim the same feature but not damage the ad business. | amboo7 wrote: | Brave is a web browser, and I found this in the code: | federated_learning::kFederatedLearningOfCohorts, I suppose that's | what FLoC stands for. | 1f60c wrote: | If you want to temporarily _enable_ FLoC for some reason, start | Chrome with the following flags (from [0]): | --enable-blink-features=InterestCohortAPI --enable-features="Fede | ratedLearningOfCohorts:update_interval/10s/minimum_history_domain | _size_required/1,FlocIdSortingLshBasedComputation,InterestCohortF | eaturePolicy" | | [0]: https://developer.chrome.com/blog/floc/#try-out-floc-as-a- | we... | dataflow wrote: | Is there any evidence behind the idea that FLoC is more privacy- | preserving than third-party cookies? Intuitively that is not | obvious to me at all, especially given there are so many other | fingerprinting techniques it could be combined with. | heavyset_go wrote: | FLoC is essentially something Google can point at and say "Shut | up about privacy, at least we aren't tracking you the same way | as before!" | | It's only being introduced because they're afraid of | regulation. | dialtone wrote: | You can't use FLoC ID for fingerprinting, it changes | continuously. | dataflow wrote: | Interesting, didn't know that. In that case then how does it | identify a cohort in a useful manner? Surely websites will | need to temporally tie together the values to be able to | target ads? | dialtone wrote: | The cohort semantic meaning is stable, although not | disclosed an ML system would learn its correlation to a | given goal. | | Cohort membership changes pretty frequently instead. So the | system may put all people that browse mostly golf sites | together in cohort 12345 that only the algorithm knows it's | about golf sites, people enter and leave that cohort on a | daily basis and you can only be a member of a single cohort | at a time. | dataflow wrote: | Why would the cohort membership change frequently? Isn't | it based on your browsing habits? I don't think my habits | change frequently--do most people's? | | Also, even if I take for granted that everyone's cohort | changes daily, how does that imply anonymity? Like say my | habit is that I check emails a ton on Monday, go on | YouTube on Saturday, read the news on Sunday, etc... so | my habits are changing daily, okay, but not weekly, | right? Or maybe I do them in a different order on another | week, but I'm not going to develop 1000 different habits | across 1000 days, right? Shouldn't some kind of frequency | analysis provide fairly consistent results? | draz wrote: | Cohorts cannot be too small (or they are not published), | nor too big (or they are not particularly useful for | capturing a particular set of behaviors/interests). The | algorithm will balance these two constraints which will | lead to any individuals coming in and out of particular | cohorts. The semantic meaning of a cohort will likely | change over time as well. For that, FLoC is proposing | adding version IDs | foobiter wrote: | as long as cohorts are smaller than all traffic received | it makes fingerprinting easier | dataflow wrote: | This is useful to know, but I'm confused how this | addresses what I wrote in the above comment? It wasn't | relying on cohort size being small or large. | xvector wrote: | "FLoC cohorts will comprise thousands of users each, so a | cohort ID alone shouldn't distinguish you from a few thousand | other people like you. However [a tracker now] only has to | distinguish your browser from a few thousand others (rather | than a few hundred million). In information theoretic terms, | FLoC cohorts will contain several bits of entropy--up to 8 | bits, in Google's proof of concept trial. This information is | even more potent given that it is unlikely to be correlated | with other information that the browser exposes. This will | make it much easier for trackers to put together a unique | fingerprint for FLoC users." | | "as your FLoC cohort will update over time, sites that can | identify you in other ways will also be able to track how | your browsing changes [...] a FLoC cohort is nothing more, | and nothing less, than a summary of your recent browsing | activity." | | https://www.eff.org/deeplinks/2021/03/googles-floc- | terrible-... | [deleted] | bobbylarrybobby wrote: | I don't think that's the real goal. The real goal is to remove | cookies so that compares other than google cannot use them for | tracking. Then google uses FLOC as a substitute; they're the | only ones who can use FLOC so it works out great for them. | dataflow wrote: | I suspect as much, but I'm trying to see if that's just | speculation or if it's a conclusion I can reach given other | factors. | morelisp wrote: | Google (and a small number of other companies, notably | Facebook and Amazon) are also able to continue "traditional" | profiling due to their extensive first-party traffic / | backend integrations. | | If FLoC goes as they plan, there will be less tracking | overall, but the tracking there is will be considerably more | centralized, less technically transparent, and cement | incumbent market advantages. (All totally coincidental | unfortunate side-effects of Google's concern for your | privacy.) | mistrial9 wrote: | FLoC is new to me .. a quick check Chrome Browser on a chrome- | book shows Federated Learning of Cohorts - | Version: 1.0.6 Chrome : 89.0.4389.116 (Official | Build) (64-bit) ___________________________________________________________________ (page generated 2021-04-10 23:00 UTC)