[HN Gopher] Privacy Analysis of FLoC
___________________________________________________________________
Privacy Analysis of FLoC
Author : jonchang
Score : 140 points
Date : 2021-06-10 18:25 UTC (4 hours ago)
(HTM) web link (blog.mozilla.org)
(TXT) w3m dump (blog.mozilla.org)
| jonchang wrote:
| This is a summary of the more detailed findings in their paper,
| which I found easy to read and has some intriguing suggestions
| for fixing privacy issues with the original proposal:
| https://mozilla.github.io/ppa-docs/floc_report.pdf
| olliej wrote:
| FLoC is inherently anti-user, it serves literally no purpose
| other than to support tracking, while breaking all current anti-
| tracking tech by mandating its user across domains (a nice solid
| break of Same Origin policy).
|
| That it came from google is hardly surprising, as they are hell
| bent on stealing every bit of information they can from everyone,
| whether or not that person has a relationship with them, let
| alone consented to the abuse.
|
| I would be stunned if FLoC lasted more than a few months in the
| real world before google just started using it as an additional
| source of entropy to spy on people across domains.
| google234123 wrote:
| Removing effective ads from the internet would be even more
| anti user. I dont think most people will be happy when
| everything is paywalled effectively.
| olliej wrote:
| The abusive tracking hasn't made ads more effective. I mean
| it means advertisers spend more paying for bigger and noisier
| ads sure, but that's also anti-user.
|
| There's also nothing stopping ads from being relevant, when
| google started AdWords (when "don't be evil" was still a
| thing) you got useful ads based on what you were actually
| looking at. Now you getting nothing but repeat ads for
| something you searched for last week.
|
| that relevant ads requires spying and abuse is nonsense, and
| google's original destruction of the ad tech industry
| demonstrated that non-spying ads that were based on page
| content were more than effective enough.
|
| Of course your uid implies that at best you're a pro-google
| fan, if not an actual employee, so I don't see me convincing
| you of anything.
| justinplouffe wrote:
| What bothers me the most about FLOC is that there is no reason or
| advantage for me as a user to run it unless I'm forced to.
| Cookies, even if they get hijacked for tracking, are genuinely
| useful to persist state and having them on results in a better
| experience. Even in the case of something more invasive like
| DRM/EME, I might want to turn it on in exchange to be able to
| watch some new show on a streaming service. Turning on FLOC
| brings nothing to the user in return and feels like charity
| towards advertisers.
| md_ wrote:
| Isn't the DRM comparison exactly right, though? Improving ad
| targeting enables an ad-supported online ecosystem.
|
| Admittedly, there's a tragedy of the commons issue: I have no
| individual incentive to enable FLOC. But, similarly to your DRM
| example, at some point publishers could require it, no?
| jedberg wrote:
| I like personalized ads. If I have to suffer with ads to
| support the websites I like, I'd rather have them personalized.
| Instagram is really good at this -- I probably click on at
| least 1/4 of the ads I get, and have definitely made purchases
| based on Instagram ads.
|
| So as a user, the benefit would be better ads. Honestly I'll
| probably leave FLOC on if given the option (although I use
| Firefox and Safari, and as far as I know neither will really
| support it).
| sixothree wrote:
| Better ads isn't a product I have much interest in. I have
| very much literally never seen a targeted ad I like or even
| found useful. This sounds like Google employee speak to me.
| saurik wrote:
| FWIW, I am "personally" sick of the Internet reminding me of
| the thing I already bought yesterday, along with doubling
| down on ads for things I only engage with because I want to
| show my friends how stupid the ad/product is, which seems to
| be the state of the art of "personalized" Internet ads. I
| would honestly get more value--if I am forced to see ads--out
| of less personalized ads.
|
| https://m.youtube.com/watch?v=KbKdKcGJ4tM <- best commentary
| on ads _ever_
| skinkestek wrote:
| that was in deed brilliant!
| Waterluvian wrote:
| I agree. I like personalized ads. Where I'm bothered is when
| they're "too" personalized.
|
| Like I buy an oven, why are you showing me ovens? Stop over
| fitting. Just know that I'm an active nerd and advertise me
| active nerd stuff.
| throwaway2048 wrote:
| HN is the only place on the internet I've seen people expound
| their love for personalized advertising.
| summerlight wrote:
| https://univ20.com/107631
|
| There's an interesting article regarding behavioral
| observations on personalized advertisements, though it's in
| Korean. Summary for those who doesn't want to use a
| translator (KR to EN performance is typically bad):
| * Generation Z's reaction to ads personalization category
| (from Google and FB) is somewhat positive in that they
| don't really care about its creepiness but think more
| accurate categorization on each personality as a better
| thing. The report thinks that they consider it as more of
| utility rather than just privacy invasion. * More
| interestingly, sometime they "guide" ad targeting systems
| to show information that matches to their interests to save
| their efforts on searching for perfect matches. Honestly, I
| was super surprised since I haven't thought about this kind
| of usage even though I'm working on ads. * Some of
| them (though the tone indicates that it's not majority?)
| does not skip video ads to "pay" a subscription fee for
| creators who they want to support. I saw some similar cases
| even in the US though. * Sometime they're actively
| looking for explicitly sponsored reviews, which is actually
| an ad. It's because they sometime decide to buy specific
| products before watching its ads. This inversion of
| causality seems very odd to me, but the rationale is that
| they just want to better understand the product and don't
| care whether it's an ad or not.
|
| It's written by a marketer who seems to be negative about
| personalized ads and genuinely surprised by these
| observations. Honestly... I still cannot get this but yeah,
| it seems there's some people who consider personalized ads
| as a tool.
| smoldesu wrote:
| It's more of a hierarchy, to me. I prefer no ads, but I'd
| rather have personalized ones than the raunchy shlock they
| serve you if you're a "nobody".
| alpaca128 wrote:
| Personalised ads imply data collection, privacy
| violations and tracking across websites. That doesn't
| sound like a good deal. Especially as personalised ads
| are just as annoying and unhelpful because the algorithms
| are simply useless. No, when I bought a game I don't want
| to buy the Collector's Edition one day later. And that
| won't change over the 3 months I'm getting the same
| stupid recommendation. Might as well show me literally a
| random product, I'd be more likely to buy it.
| giantrobot wrote:
| I don't mind the concept of ads. I didn't really mind early
| ads on the web. They were a lot like magazine ads, the
| website owners would run ads in the same broad interest
| category as their site. Then early AdTech happened and went
| fucking insane. Google's early text ads, before the
| DoubleCkick reverse takeover, were a sane reaction to
| insane web ads. Google's ads too went insane.
|
| Now ads aren't just ads but crazy tracking mechanisms.
| Because of the opaque system of ad brokers they're also a
| malware vector because no one vets anything because money.
| They also very helpfully push me towards monthly data caps
| by loading megabytes of extra scripts on every page load
| and things like auto-playing videos.
|
| So while I don't mind advertising conceptually, fuck ads
| and AdTech. I do everything possible to block ads just to
| make browsing _usable_ , to say nothing of privacy or
| malware. I just hit the good ol' Back button whenever I get
| a "disable your adblocker" message. Disabling ad blocking
| doesn't just mean I see ads, it means I can barely read a
| web page and have to run megabytes of scripts that do who
| knows what.
| wolverine876 wrote:
| Is there any research on people's preferences in this
| regard?
| ahelwer wrote:
| It helps that that's where the money comes from.
| jedberg wrote:
| I'm sure there are some forums where people who sell ads
| like them too. :)
|
| But what can I say, I'm a realist. I spent a lot of years
| working on a website supported by advertising. I understand
| not everyone will or can pay for the websites they enjoy,
| and advertising is a good second option.
|
| And if we're going to have to live in a world with ad
| supported websites, I'd rather those ads be good.
| ahelwer wrote:
| You're defining "good" here to mean "effective at
| manipulating me to spend money", which is strange! I'd
| rather not be manipulated into buying things I didn't
| realize would finally fill the gaping hole inside my soul
| until two seconds ago. Would be perfectly content seeing
| ads for, I don't know, farm equipment until I happily
| perish of old age never once experiencing the fomo of not
| possessing a theragun.
| j_wtf_all_taken wrote:
| But then it seems the problem is not ads, but the gaping
| holes in peoples souls?
| wizzwizz4 wrote:
| The ads are opening those holes. It doesn't take long for
| them to close again, but by that time you've decided to
| buy the thing.
| j_wtf_all_taken wrote:
| I strongly believe that gaping holes did exist in peoples
| souls waaaay before ads were invented.
|
| Don't know, though ... when I asked the all-knowing
| internet if "gaping holes did exist in people's souls
| before ads were invented", the first search result is a
| link to the Harry Potter Fandom-Wiki article about
| Dementors:
|
| _" Dementors are among the foulest creatures that walk
| this earth. They infest the darkest, filthiest places,
| they glory in decay and despair, they drain peace, hope,
| and happiness out of the air around them... Get too near
| a Dementor and every good feeling, every happy memory
| will be sucked out of you. If it can, the Dementor will
| feed on you long enough to reduce you to something like
| itself... soulless and evil. You will be left with
| nothing but the worst experiences of your life."_
| jedberg wrote:
| I'm defining good as "informing of things I didn't know
| existed". I consider advertising just another news
| channel.
|
| Copying from my comment above, here are some examples of
| things I've bought. I like trying out new things because
| I can afford it, but I don't always have time to go out
| and look for them.
|
| So examples of things that I've bought from Instagram
| ads:
|
| The comma2 (autopilot for my Honda van). I knew OpenPilot
| existed, but until I saw that ad, I didn't know there was
| a product I could buy with it already installed. I liked
| the idea but didn't have time to get it all set up on my
| own. The existence of a commercial product vastly
| improved my life. I've already used it for over 1000
| miles of self driving in just a couple weeks. It's a
| night and day difference when driving. I suppose I would
| have eventually heard about the product, but I'm glad I
| heard about it when I did.
|
| The most recent Pride lego set. I would have never known
| it existed, but I'm glad I know now, because I want to
| give my kids something fun to build that sparks a
| conversation about Pride and what it means and why it's
| important.
| p49k wrote:
| The end doesn't justify the means. Finding out about some
| cool stuff doesn't justify the insane amount of
| collection of ones personal data by hundreds of companies
| in a manner which is basically impossible for a person to
| reasonably prevent.
| google234123 wrote:
| An internet with no ads will have much less content.
| mavhc wrote:
| OK, so someone has "my data", ie a partial list of
| websites I may have visited. Now what? What harm has been
| caused to me?
| j_wtf_all_taken wrote:
| It'd just be nice to have a little more control, for
| starters. So advertisers try to figure out what we want
| by what websites we visit and are not too good at it.
| They could also just ... ask? I'd like to have an ad
| service that I can tell what I'm actually interested in
| these days, and that forces the companies to provide lots
| of information about the product they are advertising for
| (documentation and stuff). So if I see an interesting ad,
| I can easily find out if its actually something I want.
| And money only flows if I actually buy something,
| affiliate-link style.
| jedberg wrote:
| Unfortunately asking users doesn't usually work out well.
| My favorite example is from Netflix. They asked users,
| "What movie needs to be on the service for you to
| consider it a good service with good movies that you
| would want to see repeatedly". A lot of people answered
| "Schindler's list". But when you looked at those same
| user's actual viewing, they never once watched
| Schindler's list, but they watch Jackass multiple times.
| So what they really wanted was Jackass, but either were
| too ashamed to admit it, or didn't actually understand
| their own preferences.
| saurik wrote:
| FWIW, I feel like a good restaurant serves wine. I don't
| drink wine, but if your restaurant doesn't serve it, and
| I am tasked with choosing between two restaurants based
| on some quick glance at their menu sections and photos of
| their interior (as of course I am not informed about
| either: I am supposed to come up with some quick
| heuristic), it might not matter if you have the world's
| best hamburger (what I am actually going to order at your
| fancy restaurant, along with a glass of plain soda water,
| as I am a philistine). So I dunno: that could still be
| consistent, given the question phrased the way you did.
| j_wtf_all_taken wrote:
| Yeah the difference between the things we know we should
| want, and the things we actually want in the moment. Its
| incredible in how many ways the brain can be annoying ;-)
| codetrotter wrote:
| I hate ads. They hijack my attention and they promote
| things for the companies that have the most money to spend
| on screaming at me about their products. I wish the
| advertising industry simply disappeared.
|
| In fact if I had three wishes they would be 1. End poverty
| and allow everyone in the world to pursue their dreams
| while still being able to live acceptably well. 2. Make it
| impossible for anyone to amass more than some to-be-
| determined ceiling amount of times more money than everyone
| else. 3. Make advertising simply stop existing - everyone
| forgets what it is and it is never invented again.
| badsectoracula wrote:
| I used to like the idea many years ago (think 10-15 or so)
| since if i'm going to see ads might as well have them be
| about stuff that interest me - which can actually be useful
| now and then.
|
| But the thing is, what i wanted was for Google to let me
| actually _choose_ what sort of ads i see, not try to guess.
|
| Nowadays i just use an adblocker.
| leipert wrote:
| Interesting. I just dislike ads altogether. Especially
| Instagram feels very manipulative. So far nothing we have
| bought based on Instagram or Facebook ads has been useful in
| the long run.
|
| Personally I prefer to either have a need for something (I
| want to solve problem X) and do some research based off of
| that. Or I share an experience with a friend where they make
| a recommendation.
|
| Funniest Facebook ad by the way: I work for <employer> and my
| partner gets ads for <products of employer> on Facebook.
| jedberg wrote:
| I dislike ads too. I'd rather just pay to use the sites.
| But I also understand not everyone can afford that. The ads
| are there for them.
|
| So examples of things that I've bought from Instagram ads:
| The most recent Pride lego set. I would have never known it
| existed, but I'm glad I know now, because I want to give my
| kids something fun to build that sparks a conversation
| about Pride and what it means and why it's important.
|
| The comma2 (autopilot for my Honda van). I knew OpenPilot
| existed, but until I saw that ad, I didn't know there was a
| product I could buy with it already installed. I liked the
| idea but didn't have time to get it all set up on my own.
| The existence of a commercial product vastly improved my
| life. I've already used it for over 1000 miles of self
| driving in just a couple weeks. It's a night and day
| difference when driving. I suppose I would have eventually
| heard about the product, but I'm glad I heard about it when
| I did.
| neolog wrote:
| Are there many people who can't afford to pay for a
| pageview but can afford the product being advertised on
| that page?
| jedberg wrote:
| No, but that's the whole point of ads. They're like a
| progressive tax system. Also some ads are awareness
| campaigns. Like you see a bunch of ads for Coke and the
| subconsciously when you want a soda you grab a Coke.
| wearywanderer wrote:
| Advertising is linked to depression, body dysmorphic
| disorders like anorexia, and numerous other adverse mental
| conditions. The advertising industry has a whole lot of
| blood on their hands. This is an industry that doesn't
| think twice about exploiting people's feelings of
| vulnerability or isolation to help sell products. The more
| vulnerable the demographic, the more abusive the
| advertising industry gets. Just look at the shit they
| subject teenagers to; almost all the advertising to
| teenagers is focused on how buying [product] will make the
| teenager like the popular and attractive models being used
| to shill the product.
| mavhc wrote:
| On the plus side it gives free information to billions of
| people, now everyone can have free gps maps, email,
| websites
| CrazedGeek wrote:
| It's not free if you're paying with your health.
| driverdan wrote:
| > If I have to suffer with ads to support the websites I like
|
| You don't. Use an adblocker and be done with them.
| jefftk wrote:
| And then how is the website jedberg likes supported?
| bogwog wrote:
| Which means that the most likely outcome is that Google won't
| let Chrome users disable it, or they'll hide it behind some
| dark patterns, re-enable it after every update, etc.
| tyingq wrote:
| _" because FLoC IDs are the same across all sites, they become a
| shared key to which trackers can associate data from external
| sources"_
|
| _" FLoC leaks more information than you want"_
|
| _" The end result here is that any site will be able to learn a
| lot about you with far less effort than they would need to expend
| today."_
|
| Hmm. From someone (Firefox Team CTO) that probably knows this
| space well.
| SquareWheel wrote:
| The article itself mostly just retreads existing thoughts, but
| the linked PDF is actually quite good. That might be the better
| submission URL.
| rubyist5eva wrote:
| I'll continue to just block everything, thanks but no thanks. I
| don't need or want any of this tracking garbage. I _definitely_
| don 't want whatever Google is pushing.
| o8r3oFTZPE wrote:
| Is there anyone on HN who believes Mozilla will not implement
| FLoC in Firefox. Mozilla has stated over and over that it is a
| firm believer in advertising as "essential" for the internet to
| survive. In practice, they never phrase it as an opinion or even
| an underlying assumption (that can be questioned), they try to
| state this as a "fact".[1] This is called advocacy. Mozilla is an
| advocate for online advertising. They derive their salaries from
| payments from a deal with an online advertising company and in
| return they send search queries on Firefox to that company. (This
| argument that ads are critical is total BS, IMO. The internet
| worked great without ads. It would work even better now. Anyone
| who tests these things can see the web without ads works much
| better than it does with ads.) What Mozilla really needs to state
| is that Mozilla believes online ads are critical to Mozilla's
| survival as an employer. If web browser authors and their bosses
| want to be paid, then they _assume_ they must to sell out to
| advertisers. Why is there no privacy by default when using web
| browsers. This is why.
|
| 1. Note first sentence, underlying assumption, of Mozilla
| communications. This company is blinded by advertising payola and
| cannot see non-commercial use of the web as worth protecting.
|
| https://blog.mozilla.org/en/mozilla/the-future-of-ads-and-pr...
|
| https://blog.mozilla.org/en/mozilla/building-a-more-privacy-...
| dang wrote:
| Ongoing related thread: _Ad tech firms test ways to connect
| Google's FLoC to other data_ -
| https://news.ycombinator.com/item?id=27459247 - June 2021 (183
| comments)
| aboringusername wrote:
| It's really a genius level move by Google here. Get rid of the
| cookie, implement your _own_ solution, make it seem somewhat
| unique and rely on other data to identify users and claim
| impunity since it 's nothing to do with them.
|
| So how about this, Google must not, and cannot implement FLOC
| without it being a cross-browser standard; that is to say if
| _anyone_ of Microsoft, Apple or Mozilla veto FLOC, it 's dead.
|
| This is how standards are _supposed_ to work. Google should not
| be given the power to make a thing (like AMP) and just force it
| upon everyone.
|
| We MUST start regulating Google's every product development, I'd
| rather it get held up for a year in court before it sees the
| light of day.
| dmitriid wrote:
| > So how about this, Google must not, and cannot implement FLOC
| without it being a cross-browser standard; that is to say if
| anyone of Microsoft, Apple or Mozilla veto FLOC, it's dead.
|
| Google couldn't care less about "cross-browser standards".
| They've been ramming Google-designed and Google-authored
| "standards" through standards bodies for years now, and
| increasingly disregard any objections from other browser
| implementors. And, sadly, there are only two browser
| implementors left that have any relevance: Safari and Firefox.
| ______- wrote:
| > FLoC is premised on a compelling idea: enable ad targeting
| without exposing users to risk
|
| The second you open your browser you are exposed to risk. Many
| times I have had to tweak the default settings of my browser to
| comply with my (non paranoid) requirements. Basic things like
| putting DuckDuckGo as the default search engine, turning off
| various JS APIs like HTML5 Canvas, WebGL, using AD-blockers and
| other addons, tweaking about:config and hardening it, etc
|
| Call me a power user if you want, but all this hardening stuff
| should ship out-of-the-box.
| passivate wrote:
| Realistically, can you ship a website where everything happens
| client side? - reflow, adjusting layout, computing
| locations/sizes and whatnot. I am not a web person so my
| thinking may be outdated on this. I'm imagining something like
| a stand-alone self-contained "docker" type thing.
| freeone3000 wrote:
| That's how most websites work. The JavaScript code that runs
| on the browser then reports back to a server, because it
| makes money for the people who wrote the app.
| passivate wrote:
| Yeah, I meant without the 'reporting back to a server'.
| Like for e.g., the website sends a 'package' to the browser
| - The package is built on the fly and contains all the
| dependencies. The package is then unarchived and files are
| opened in the browser w/o the server being involved.
| yoz-y wrote:
| That is the standard static html + css + JavaScript
| without further requests. Aka Web 1.0. (Should you make
| all in one page with inline images that is)
| freeone3000 wrote:
| Then how are the people who wrote the app supposed to
| make money by selling your personal information to
| advertisers?
| vlovich123 wrote:
| The funny thing is that customizing your browser in this way
| can be its own kind of fingerprint.
| tylersmith wrote:
| That's the number 1 reason it should be the default.
| freebuju wrote:
| Not happening. All those anti-tracking measures break
| websites more often than not.
| wearywanderer wrote:
| That is flat wrong in my experience. I browse with
| javascript and CSS both disabled by default, using
| uMatrix. Only a minority of sites I browse require me to
| whitelist JS or CSS; maybe 1-in-10. _Most_ newspapers and
| blogs do not require JS or CSS.
| kevin_thibedeau wrote:
| They break sites that are broken by design. If a site
| isn't usable with html and css it's the devs fault. They
| don't get to dictate my browser's capability or assume I
| don't have special accessibility needs.
| throwaway2048 wrote:
| "more often than not" is a vast overstatement, it breaks
| a tiny handful of sites at best.
| ______- wrote:
| Yes but disabling JS as a default wipes out whole classes of
| attacks against your browser.
|
| On top of disabling JS, just a simple AD blocker like uBlock
| Origin greatly diminishes the amount of profiling. There is
| no silver bullet however. It depends on your threat model.
|
| If you really don't want to be tracked and profiled, using
| the Tor Browser Bundle is worthwhile, but even that is
| problematic since it's heavily surveilled (both at the entry
| node and exit nodes).
| SimeVidas wrote:
| > all this hardening stuff should ship out-of-the-box.
|
| I mean, Brave kinda does that. It's much more "hardened" by
| default.
| LeoPanthera wrote:
| "No, you shouldn't use Brave": https://web.archive.org/web/20
| 210531085250/https://aspenuwu....
| thanhhaimai wrote:
| Opinions are my own.
|
| I'm not sure if we're being led to focus on a wrong problem. I
| hate intrusive Ads as much as everyone else. However, it's not
| only that "when you open your browser, you are exposed to
| risk". It's also:
|
| - Every time you use Windows (without turning off all the bad
| settings)
|
| - Every time you connect to a Cell tower (telcos openly sell
| your location data)
|
| - Every time you use your credit cards
|
| Now, I'm not saying those are OK, or to justify intrusive Ads.
| However, I see a magnitude difference in the "violation of my
| privacy" for the above cases. The media and certain communities
| keep focusing on Ads tech because it drives clicks. But then we
| let the Telcos, Insurance, and Credit Card companies establish
| a creeping normality on our privacy violation.
|
| We don't spend as much effort to stop Telco from directly
| selling our location data [1], but we have daily threads about
| companies indirectly use our location data for targeting Ads.
| Are we having our priority wrong? I couldn't shake the feeling
| that we're being led by a different narrative. The best
| situation of course is when we have good privacy laws and
| practices. However, focusing on the wrong priority like this is
| how we let other (much more severe) violators (Insurance,
| Telcos) get away with their creeping normality.
|
| [1] https://www.marketplace.org/2020/02/28/fcc-set-to-fine-
| big-t...
| aboringusername wrote:
| It doesn't matter anymore. The world is literally covered in
| tracking technologies from satellites orbiting the earth to
| radiowaves that are invisible to us but are monitoring our
| interactions within the world.
|
| By existing in 2021 (whether you use computers/tech or not)
| you need to accept your data will be collected, analyzed and
| sold. It will be leaked, combined/processed and abused in
| many different ways. I would be surprised if there was a
| single human on earth Facebook did not have a profile on at
| this point. I'd suspect the NSA can bring up the profiles of
| all 7 billion humans and recollect their entire lives from
| the digital/physical breadcrumbs they leave every day.
|
| Now that we can collect so much data, so rapidly (at the
| speed of light) and can analyze it in real time and store it
| forever it seems every digital application is focused on
| obtaining that valuable information and storing it to use in
| some way (usually, for profit).
|
| Even electric cars require apps and digital connectivity
| before they can be used/charged.
|
| Data is the new gold.
| ocdtrekkie wrote:
| Telecoms are heavily regulated, and your link reinforces
| that: The FCC is able to directly fine telcos from selling
| our location data. Tech companies generally aren't subject to
| the same fines as telecoms are for doing... exactly the same
| things.
|
| And while Verizon, T-Mobile, etc. all have programs that opt-
| in to data collection and marketing practices, it's often
| impossible to opt out of tech companies' behaviors. Because
| telecoms are required to get your opt-in consent to use your
| data, generally they offer incentives to join rewards
| programs that have the additional marketing permissions as a
| requirement.
|
| For example, Verizon Up Rewards requires you enable Verizon
| Selects, where they can collect information about your web
| browsing activity and such:
| https://www.androidauthority.com/verizons-new-rewards-
| progra... Not something I'd want to participate in, but
| Verizon is paying it's users for that data in effect,
| something tech companies never do.
|
| > Opinions are my own.
|
| I find it impressive how well this line still singularly
| identifies the employer of anyone who uses it. :)
| slver wrote:
| Disabling canvas...
| tomrod wrote:
| FLoC: micro market segmentation. Profiles versus data.
|
| It requires on 33 bits to uniquely identify an individual. [0].
|
| I would be interested to learn whether FLoC employed k-anonymity
| measures, and their report on it.
|
| If I am retired, female, live in the 830* zip3, and own a sedan,
| it is probably hard to identify me. Add that I am Korean and am
| searching for thyroid cancer treatments on Tuesday at 8:43AM
| local, then I am way more identifiable. I don't understand how
| FLoC works, and how it gets around this type of intrusion.
|
| The only solution I am aware of is to dramatically limit the
| category depth. But that sort of defeats the purpose of micro
| market segmentation. And that's a good thing, IMO.
|
| [0] https://www.eff.org/deeplinks/2010/01/primer-information-
| the...
| smoldesu wrote:
| The article you linked relies on low-precision guessing that
| only reduces the entropy in the system, but doesn't eliminate
| it. No reasonable jury would consider their 33 bits to be
| "uniquely identifiable".
| olliej wrote:
| plenty of places don't have that requirement, and bias goes a
| long way beyond that. But more to the point, why should
| google, etc, get to know that about you?
| tomrod wrote:
| Remember that's 33 bits right now. You can be represented,
| uniquely, by 33 chained 0s and 1s as a GUID with no loss of
| fidelity. Add to that ongoing observation over time compared
| to a FLoC profile and the FLoC profile is a huge boon to the
| bit increase.
|
| Think OutBrain a few years ago, who were egregiously intent
| on serving certain clickbait to certain consumer sets. With
| FLoC, your winnowing and funnel becomes much easier (rather
| than serving rotten banana ads with just one trick, you KNOW
| your consumer has a propensity for Dunkin Donuts and you can
| increase your ad coverage). Everyone wins but the product --
| your eyeballs.
| ruuda wrote:
| Given that the cohort id is computed client-side, FLoC also
| sounds like a nice opportunity to fool trackers. Why not send a
| random cohort id with every request? In the worst case they'll
| fall back to conventional tracking techniques, in the best case
| it will add some noise to their data.
| djhworld wrote:
| Will there be a way to turn this off as a user so I'm never
| included in any cohort calculations?
| villasv wrote:
| Yes, at least for now. Websites can also opt out entirely using
| HTTP headers.
| eingaeKaiy8ujie wrote:
| Use Firefox.
___________________________________________________________________
(page generated 2021-06-10 23:00 UTC)