FLoC Checker Tool
What is FLoC?
FLoC stands for “federated learning of cohorts”. It’s a new method for delivering targeted ads to users that’s supposed to prevent advertisers and websites from building up detailed user profiles. FLoC uses an algorithm to create a “cohort” — a cohort is a few thousand users with similar browsing activity, thereby allowing advertisers to tailor ads to a group of users rather than to specific users.
Google introduced FLoC as part of its “Privacy Sandbox” initiative in 2019. The initiative includes efforts to prevent Chrome from accepting 3rd-party cookies, block browser fingerprinting, and generally make Google Chrome less of a treasure trove of data for advertisers. All that said, FLoC still tracks user activity, and it still gives advertisers a lot of information.
How does FLoC work?
FLoC uses an algorithm called “SimHash” to assign you a cohort ID once per week based on your browsing activity. FLoC assigns your cohort ID locally (on your device), thus keeping Google from receiving all of your browsing data. That said, there needs to be oversight from Google to ensure that cohorts are the right size, but Google claims that their oversight algorithm will anonymize your data. Once your cohort ID is assigned, it’s displayed publicly using a Javascript API, allowing third-party marketers to serve you advertisements that match your interests.
By ensuring that these cohorts are diverse enough to “hide users in the crowd” but targeted enough for advertisers to deliver relevant ads, Google is hoping to satisfy both advertisers and privacy-minded users.
What information is FLoC tracking?
FLoC is designed to track all of your browsing activity — what websites you visit, how long you spend on those websites, and how you interact with those websites. It’s unclear exactly what information FLoC shares with Google in order to ensure that you’re in the proper cohort and that your cohort is the correct size. But what is clear is that your FLoC cohort will be visible to any website you visit. And since each cohort only contains a few thousand users, third parties can still identify you using various browser fingerprinting techniques.
How can I opt out of FLoC?
Currently, there is no way to specifically opt out of FLoC. But you can choose to disable third-party cookies in Chrome by clicking the three dots in the top right corner of the browser, then selecting “Settings” > “Privacy and security” > “Cookies and other site data” > “Block third-party cookies”. This will turn off FLoC, but it can also cause websites to malfunction and prevent helpful preferences from being remembered on the sites you frequently visit.
The quickest way to opt out of FLoC (and all of Google’s data collection tactics) is to move to a more secure browser and to start using a privacy-oriented search engine like DuckDuckGo. If you still want to use Chrome, using a VPN will help anonymize your IP address and some browsing-related activities.
Frequently Asked Questions
Why is Google implementing FLoC?
As the internet becomes a necessary part of our lives, advocates are putting pressure on big corporations like Google to protect users’ privacy. The most significant privacy-based movement was the European Union’s implementation of the GDPR (General Data Protection Regulation), a series of laws that made it illegal to install cookies on a user’s browser without consent. In April 2021, the EU also began formalizing its ePrivacy Regulation, which further expands privacy protections established by the GDPR.
All of this public and legislative pressure has forced Google to figure out a better way to help third-party advertisers deliver targeted ads. FLoC attempts to balance the need for user privacy with digital advertisers’ needs to know enough about you to deliver targeted ads.
What privacy threats does FLoC pose?
The idea behind Google FLoC is that advertisers will still be able to send you targeted ads even though your personal identity will be “lost in the crowd” of users with the same cohort ID. However, there are still many privacy issues with this approach.
- Browser fingerprinting. By narrowing down your cohort ID, it’s possible to personally identify you by gathering data about your Chrome plugins, extensions, preferences, and settings, along with your IP address.
- Discriminatory advertising. Google claims that FLoC will filter out websites and searches that pertain to things like race, sexuality, and religion so that advertisers aren’t able to discriminate when choosing which ads to display. But Google has repeatedly failed to prevent discriminatory advertising in the past, and there’s nothing in the FLoC whitepaper that suggests this will change.
- False sense of security. While FLoC makes it harder for third-party advertisers to personally identify you, this still doesn’t prevent Google from collecting personal data on Google Search, YouTube, or any other Google service. Furthermore, Google will be constantly monitoring data and sorting users into cohorts, allowing Google to continue having access to a lot of personal data.
How does the FLoC service enable the browser to sort out its cohorts?
FLoC consolidates the user’s browsing data every week and feeds that into an algorithm called “SimHash”. SimHash runs locally on your browser (preventing Google from directly analyzing all of your browser activity) and assigns a cohort ID based on a built-in set of criteria.
That said, Google currently uses a centralized data hub to analyze cohort sizes and populations, constantly intervening to ensure that cohorts are properly sized and contain a proper distribution of ages, genders, ethnicities, and other relevant traits. Supposedly, user data is anonymized before being analyzed by this centralized service, but there have been a lot of significant issues raised with the amount of personally identifying information that can be gathered from “anonymized” data sets.
Can websites opt out of the FLoC computation?
Yes. While all websites that serve third-party ads are automatically included in FLoC, opting out is pretty simple — webmasters can add the following HTTP response header to their pages:
- Permissions-Policy: interest-cohort=()