A blog post by EFF staff technologist Bennett Cyphers said the only way people could opt out at the moment was by disabling third-party cookies.
"We’ve been told that the trial is currently deployed to 0.5% of Chrome users in some regions – for now, that means Australia, Brazil, Canada, India, Indonesia, Japan, Mexico, New Zealand, the Philippines, and the US," he wrote.
"Users in eligible regions will be chosen completely at random, regardless of most ad and privacy settings. Only users who have turned off third-party cookies in Chrome will be opted out by default."
|
|
"That means all the trackers who currently monitor your behaviour across a fraction of the web using cookies will now receive your FLoC cohort ID as well," he said.
"The cohort ID is a direct reflection of your behaviour across the Web. This could supplement the behavioural profiles that many trackers already maintain."
Future versions of Chrome are expected to add dedicated controls for Google’s "privacy sandbox", including FLoC, Cyphers said, but it was not clear when these settings would go live.
He said for the trial, Google would default to all sites that served ads. "Sites could opt out of FLoC calculations by sending an HTTP header, but some hosting providers don’t give their customers direct control of headers. Many site owners may not be aware of the trial at all," he added.
While the FLoC did not mention how many cohorts there would be, Cyphers said, "an examination of the latest version of Chrome reveals that the live version of FLoC uses 50-bit cohort identifiers. The cohorts are then batched together into 33,872 total cohorts, over 100 times more than in Google’s first experiment.
"Google has said that it will ensure 'thousands' of people are grouped into each cohort, so nobody can be identified using their cohort alone. But cohort IDs will still expose lots of new information — around 15 bits — and will give fingerprinters a massive leg up."
The trial is set to go on till 13 July. Google has said it would not make the cohorts correlate too closely with categories like race, sexuality or medical conditions.
Cyphers said Google planned to collect data about which sites were visited by users in each cohort and had released a whitepaper about its approach.
"We’re glad to see a specific proposal, but the whitepaper sidesteps the most pressing issues," he said. "The question Google should address is 'can you target people in vulnerable groups'; the whitepaper reduces this to 'can you target people who visited a specific site'.
"This is a dangerous oversimplification. Rather than working on the hard problem, Google has chosen to focus on an easier version that it believes it can solve. Meanwhile, it’s failed to address FLoC’s worst potential harms.
"During the trial, any user who has turned on 'Chrome Sync' (letting Google collect their browsing history), and who has not disabled any of several default sharing settings, will now share their cohort ID attached to their browsing history with Google.
"Google will then check to see if each user visited any sites that it considers part of a 'sensitive category'. For example, WebMD might be labelled in the 'medical' category, or PornHub in the 'adult' category. If too many users in one cohort have visited a particular kind of 'sensitive' site, Google will block that cohort.
"Any users that are part of 'sensitive' cohorts will be placed into an 'empty' cohort instead. Of course, trackers will still be able to see that said users are part of the 'empty' cohort, revealing that they were originally classified as some kind of 'sensitive'.”
