Hey Google, let me do even more of YOUR work for free.

There are flocks, and there are FLoCs. What’s the difference, if any?

A flock is a “group of animals (such as birds or sheep) assembled or herded together”. A FLoC, as its spelling hints, is a vaguely similar concept, just applied to people. FLoC is the acronym of “Federated Learning of Cohorts”, that is Google’s recent proposal to get rid of one of the most important tools for whoever wants to spy everything people do on the Web: browser cookies.

A cookie is just a small text file with a unique identifier inside. When you first visit most websites (not this!) they give your browser one of these cookies. When you return to those websites, or visit any other website that’s associated with them, they ask you to show any cookie they had given before, so they can recognize you.

Sometimes this happens just to spare you from typing passwords at every visit. But eventually, by giving and sharing cookies websites create, and exploit, complete profiles of every individual web user. Political polarization, invisible discrimination and uninterrupted surveillance are just the main categories of abuses created by this way to do behavioral, completely personalized advertising.

FLoC has been announced by Google and others as the way to keep doing, without the risks of cookies, behavioral advertising based on someone’s general interests, that is all the cases like “show this ad to all the people somehow identified as Classical Music Lovers”. Another proposal, called TURTLEDOVE, deals with advertising personalized by recording and profiling specific previous actions of an individual, as in “hey, since YOU already bought two pairs of shoes this month, here’s a personal discount if you buy more pairs this week”.

Which FLoC are you?

A browser with FLoC enabled would collect information about its user’s browsing habits, then use that information to assign its user to a “cohort”, that is group with a unique identifier, of users with similar browsing habits, like the “Classical Music Lovers” above. Whenever a user visits a website, her browser would declare her cohort identifier to the website, thus allowing category-level, not individual personalization. Since each cohort should group at least a few thousand users, without individual details, it would be much, much less of a privacy issue than cookies.

In theory, that is. The proposal itself openly acknowledges that FLoC will never be able to prevent all possible abuses and discriminations. To begin with, FLoC doesn’t touch at all browser fingerprints, that have been used to spy on people for more than eleven years now. Above all, websites that collect cohort identifiers would still be the only who can guarantee (or not, of course) that all their users “are treated fairly, just as they must with algorithmic decisions made based on any other data today."

FLoC? A terrible idea!

The Electronic Frontier Foundation (EFF) considers FLoC a terrible idea, for these reasons (my sinthesis):

• FLoC just makes your browser do the same profiling that third-party trackers used to do themselves: create an identifier of your browsing history, then share it with online advertisers
• FLoC just means that instead of showing the fidelity card they got at their first visit (that is, the cookie), users ” begin every interaction with a confession: here’s what I’ve been up to this week, please treat me accordingly."
• FLoC is just more of that terribly dumb idea of context collapse, so dear to Mark Zuckerberg: FloC, that is, “presents the same behavioral summary to everyone you interact with”, e.g. online stores, insurance companies, and other services, none of which should demand to know how you use all the others.

So, FLoC is like self-checkout in grocery stores:

Once upon a time, many grocery chain stores where the only places in their whole neighborhood where, thanks to price dumping and a myriad other factors, people where “free” to find the only food they could afford. For some reason, most of that food was junk, but it was served by cashiers and baggers. Then, we became “free” to buy there the same food as before, at the same prices, but scanning and bagging it ourselves.

Now, I am not against self-checkouts in stores, which is another story for another day anyway. But FLoC really looks like that: Google saying hey, we want to track you just like before, but could you please do some of the processing and data storage work yourself, from now on?

The problem is not (self-) profiling. It is “SHARING” the results

If FLoC takes off, surely some ways to neuter it will appear. The easier to imagine, because it is mentioned on the FLoC home page, is some user-controllable way to send one’s real FLoC identifier or a random, bogus one to every website. But such solutions may not be accessible to everybody, and would do nothing to fight browser fingerprints and other invasive techniques.

The real solution to make “advertising” efficient and personal, but not invasive, is to make the profiling happen and stay only inside the user’s devices. This is a vision I first head from Aral Balkan a few years ago, that only needs public support. Here is how it works.

If your smartphone or computer did register and analyze everything you browse, but then never shared what it finds with others, very useful things would happen. For example, your device could use those findings to highlight the news you may find more interesting, among all those present in your RSS feeds.

Or, if you needed to buy anything online, it could download from Amazon, Booking.com etc… their current, complete offerings for that particular product, with the same prices for everybody, and then show you only the items that best fit your local, secret profile, that is your actual needs. It’s not complicated, and surely better than cookies and FLoC, isn’t it?