From FLoC to Google Topics? No thanks

Here is why, in plain language.

From FLoC to Google Topics? No thanks /img/floced.jpg

FLoC is a standard that Google launched in 2021 to make targeted online advertising alive, but less harmful. It was soon clear that the basic proposition of FLoC was to tell users “please do the profiling YOURSELF”, without even really getting rid of invasive cookies.

For those and other reasons, Google has recently announced a successor of FloC called “Topics API”. The developers of the Brave browser promptly replied that Topics does not addresses FLoC’s serious privacy issues at all. Here is a much shorter, plain English version of that critique, for general consumption.

Same old, same old

The Topics API only touches the smallest, most minor privacy issues in FLoC.

The sharing of information about people’s interests and behaviors with advertisers, trackers, and others on the Web that are hostile to privacy remains.

In both Topics API and FLoC the browser watches the sites you visit, uses that information to categorize your browsing interests, and then shared that info back with advertisers, trackers, and the sites you visit.

Monopolies, all the way down

In FLoC, the browser would broadcast all of your data to any site that asked. The Topics API does that only between sites served by the same advertisers. Big deal, considering how concentrated the online advertising market is! Indeed, the Topics API will put small advertisers, who by definition appear on far fewer sites, at a significant disadvantage, that is strengthen by design Google’s advertising monopoly.

Who decides what is “sensitive”?

Another flaw of FLoC that remains in the Topics API is that it is that the “arbiter of what users consider sensitive data” remains Google. But there is just NO data that is surely, always safe or respectful to share, in the same way, for every individual, all over the whole web. Some people may have no problem to let the whole web know they are looking for sex, wine, a new job or a new apartment, and so on. Others may be harmed by the uncontrolled circulation of the same data.

But there is surely no way or reason for any single company to figure out stuff like this automatically. Not without explicit, properly informed contribution and final decision left to each individual, at least. Which is not going to happen, on a web where 99% of users always, blindly click to “Accept All” the cookies they get.

Just like before, but now it’s YOUR fault

In short, say the Brave developers, “rather than see the Topics API as a solution to privacy harms, it’s more accurate to think of such controls as a way for Google to blame its victim for the harm Google does”. Which is almost the same thing that I and others said of FLoC right away.

The solution? Ask browsers (and lawmakers!) not Google:

“The plain truth is that privacy-respecting browsers like Brave (among others) have been protecting users against third-party tracking (via cookies or otherwise) for years now."

Image source: Am I FLoCed?