DuckDuckGo has launched a new browser extension for Chrome that will prevent FLoC, a new tracking technique used by Google to support web advertising without user tracking.
Privacy browser DuckDuckGo has launched a new extension for Chrome that’s designed to block Google’s new algorithm for tracking users’ browsing activity for ad selection.
DuckDuckGo’s new browser extension blocks FLoC (Federated Learning of Cohorts), which Google introduced to users in March as a replacement for third-party cookies that track individuals across the web.
FLoC is proposed as a method for offering greater anonymity for users by concealing their browsing activity within a group (or ‘cohort’) of other anonymized users with similar browsing habits. In doing so, advertisers can offer up relevant ads to cohorts of several thousands of users with similar interests, while the identity of individual users remains hidden.
But some see problems with this proposal. While the idea of ‘hiding’ individuals within a group sounds like better news for user privacy, websites can still target users with ads based on their assigned ‘FloC ID’, which essentially offers up a summary of interests and demographic information based on a user’s browsing habits. What’s more, websites can theoretically still track individuals, owing to the fact that every time you visit a website, it records your IP address.
This is where DuckDuckGo’s new tool comes in. Currently, FLoC is only being used within Google Chrome, and while it has not yet been rolled out en masse, Google has announced plans to begin trialing FLoC-based cohorts with advertisers starting in Q2.
The FLoC-blocking feature is included in version 2021.4.8 and newer of the DuckDuckGo extension. DuckDuckGo Search is now also configured to opt-out of FLoC.
“We’re disappointed that, despite the many publicly voiced concerns with FLoC that have not yet been addressed, Google is already forcing FLoC upon users without explicitly asking them to opt-in,” DuckDuckGo said in a blog post.
“We’re nevertheless committed and will continue to do our part to deliver on our vision of raising the standard of trust online.”
Google’s Privacy Sandbox
Google has been working on a replacement for third-party cookies for some time. As detailed in a post on its Chromium Blog in January this year, FLoCs are one of a handful of methods the search giant is looking at as part of its ‘Privacy Sandbox’ for the web.
The company has claimed that FLoC algorithms are at least 95% as effective as cookie-based advertising when it comes to helping advertisers target users, which it says is “great news for users, publishers, and advertisers”.
Chetna Bindra, Google’s Group Product Manager for User Trust and Privacy, suggested in a blog post in January that tools like FLoC and other privacy-preserving methods proposed as part of Google’s Privacy Sandbox would enhance fraud protection and prevent ‘fingerprinting’, whereby data from a user’s browser is gathered to create a profile.
Bindra labeled FLoC a “privacy-first alternative to third-party cookies” that “effectively hides individuals ‘in the crowd’ and uses on-device processing to keep a person’s web history private on the browser.”
Yet others have pointed out that FLoC doesn’t eliminate the threat of fingerprinting entirely. As well as the possibility of websites identifying users through a combination of their cohort ID and IP address, cohort IDs will also be accessible by any third-party trackers within the websites that users visit.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
Google’s has said that it will work to ensure that “sensitive interest categories” like religion, identity, sexual interests, race and medical or personal issues can’t be used to target ads to users or to promote advertisers’ products or services.
The Electronic Frontier Foundation (EFF), a digital rights group, argues that these precautions don’t go far enough. “The proposal rests on the assumption that people in ‘sensitive categories’ will visit specific ‘sensitive’ websites, and that people who aren’t in those groups will not visit said sites,” it said in a blog post.
“But behavior correlates with demographics in unintuitive ways. It’s highly likely that certain demographics are going to visit a different subset of the web than other demographics are, and that such behavior will not be captured by Google’s ‘sensitive sites’ framing,” the EFF added.
There are other methods for blocking FLoC, as laid out by DuckDuckGo. Unsurprisingly, the main one involves bypassing Google Chrome entirely — bear in mind, of course, that DuckDuckGo has its own competing browser in the game.
Users can also remain logged out of their Google account; switch off ad personalization within the Google Ad Settings; avoid syncing their search history data with Chrome; and disable Web & App Activity within Google’s Activity Controls.
Google plans to roll out updated activity controls with the incoming Chrome 90 release.