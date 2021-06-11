



According to Firefox maker Mozilla, Google’s new proposal for targeted ad tracking includes a number of properties that can pose a “significant” privacy risk to users.

On Thursday, Firefox released an analysis of Google’s Federated Learning of Cohorts (FLoC) proposal. Google believes that a new “privacy protection” system can be used to replace third-party cookies for ad tracking purposes. However, Rescorla states that the system has serious privacy issues.

FLoC works with the new “cohort” identifier. Compared to cookies, a “cohort” identifies a group of users with similar interests rather than a single user. Advertisers can use these cohorts for ad tracking purposes without requiring the browsing history of a particular user.

However, the cohort probably consists of thousands of users. This allows the tracker to narrow down specific users very quickly, wrote Firefox CTO Eric Rescorla.

For example, tracking companies can use browser fingerprints to narrow the list of potential users in a cohort to a small number. According to Firefox, trackers require “a relatively small amount of information” when combined with the FLoC cohort.

In addition, trackers can use FLoC ID combinations in specific time frames to distinguish between individual users. This is because neither the FLoC identifier nor the user’s interest is constant.

FLoC identifiers leak more information than cookies. Unlike site-specific cookies, FLoC IDs are the same across websites. So, “they are shared keys that the tracker can associate with data from external sources.”

For example, a tracker with a large amount of first-party interest data may operate a service that answers questions about interest for a particular FLoC ID. Example: “Does anyone with this cohort ID like a car?” All the site needs to do is call the FLoC API to get the cohort ID and use it to look up information in the service. Just do it. In addition, you can combine your ID with your fingerprint data and ask, “Do you live in France, have a Mac, use Firefox, and like this ID for your car?” The end result here is that any site can learn a lot about you with far less effort than is needed today.

Google has suggested several steps to mitigate these privacy issues, including opting in to FLoC on websites and curbing cohorts that appear to be too relevant to “sensitive” topics. I am. But Firefox thinks they aren’t enough.

“While these mitigations seem useful, most seem to be marginal improvements and do not seem to address the basic issues above. This requires further research by the community. I think there is, “Rescorla wrote.

He added that the problem only matters if FLoC is extruded in its current form. It may still be possible to fix it. Mozilla publishes more information with more detailed analysis and offers some potential solutions.

Since the announcement of the FLoC proposal, many browser companies such as Brave, Vivaldi, and Opera have opposed the idea.

