In 2020, Google announced it would disable third-party cookies in the Chrome browser to improve user privacy. In order to continue to enable interest-based advertising while mitigating risks of individualized user tracking, Google proposed FLoC. The FLoC algorithm assigns users to "cohorts" that represent groups of users with similar browsing behaviors so that ads can be served to users based on their cohort. In 2022, after testing FLoC in a real world trial, Google canceled the proposal with little explanation. In this work, we provide a post-mortem analysis of two critical privacy risks for FloC by applying an implementation of FLoC to a browsing dataset collected from over 90,000 U.S. devices over a one year period. First, we show how, contrary to its privacy goals, FLoC would have enabled cross-site user tracking by providing a unique identifier for users available across sites, similar to the third-party cookies FLoC was meant to be an improvement over. We show how FLoC cohort ID sequences observed over time can provide this identifier to trackers, even with third-party cookies disabled. We estimate the number of users in our dataset that could be uniquely identified by FLoC IDs is more than 50% after 3 weeks and more than 95% after 4 weeks. We also show how these risks increase when cohort data are combined with browser fingerprinting, and how our results underestimate the true risks FLoC would have posed in a real-world deployment. Second, we examine the risk of FLoC leaking sensitive demographic information. Although we find statistically significant differences in browsing behaviors between demographic groups, we do not find that FLoC significantly risks exposing race or income information about users in our dataset. Our contributions provide insights and example analyses for future approaches that seek to protect user privacy while monetizing the web.
翻译:2020年, Google 宣布它将在 Chrome 浏览器中禁用第三方饼干, 以改善用户隐私。 为了在减少个人化用户跟踪风险的同时继续提供基于利息的广告, Google 提议FLOC 。 FLOC 算法将用户指派给代表具有类似浏览行为的用户群的“ chorts ” 。 在2022年, 在一次真正的世界性试验中测试FLOC 之后, Google 以很少解释的方式取消了该提案。 在这项工作中,我们通过应用 FLOC 执行 FLOC 来减少个人化用户跟踪风险,从而继续提供基于利息的广告。 谷歌提议在一年中, FLOC 算算法允许用户“corts coorts cool ” 。 首先,我们显示, 与它的隐私目标相反, FLOC 会为用户提供独特的信息, 类似第三方的FLOC 会发现, 我们如何在时间间观测到的两个关键隐私风险的序列序列可以提供这个识别器, 。