There’s more to Google's FLoC than meets the eye

(Image credit: Electronic Frontier Foundation)

The Federated Learning of Cohorts (FLoC) is Google’s proposed mechanism to protect individuals from being identified by unscrupulous internet marketers, without taking away all the advantages of targeted advertising.

However, the idea of lumping users into a cohort hasn’t gone down well with privacy advocates. In fact, the Electronic Frontier Foundation (EFF) believes that FLoC is Google’s attempt to create a replacement for the third-party cookie.

As Google begins to roll out and test FLoC in limited markets around the world, TechRadar Pro spoke to with Gowthaman “G’man” Ragothaman, CEO of Aqilliz, to understand if FLoC really is as bad as it is made out to be. 

Singapore-based Aqilliz uses a blockchain-based solution to address some of the same issues as Google FLoC without running afoul of privacy laws such as Europe’s General Data Protection Regulation (GDPR).

Could you help cut through Google’s marketing hyperbole and summarize what exactly FLoC is and why was it conceived?

To understand Google’s Federated Learning of Cohorts (FLoC), we need to rewind a little bit. In early 2020, Google announced that it would be phasing out support for third-party cookies on its Chrome browser by 2022, effectively following in the footsteps of Apple’s Safari and Mozilla’s Firefox browsers. The impact of this, of course, is significant as it marks dwindling support for one of the internet’s most ubiquitous user tracking techniques. Without third-party cookies on these three browsers, approximately 87 percent of users online can no longer be tracked with his method.

Arguably, Google’s strategy can’t be faulted on the face of it. The move is a step in the right direction in the eyes of privacy advocates (for the most part) and sets a new precedent for what the future of user identifiers is set to look like. To ensure that advertisers aren’t left without any tools at their disposal, Google has been working on its Privacy Sandbox since 2019 in order to power a more privacy-oriented internet. This sandbox aims to establish open standards for tracking users while protecting their right to privacy and FLoC is part of one of the initiatives in the Sandbox.

FLoC allows for targeted advertising and audience profile creation to take place without collecting an individual’s browsing history. Instead, FLoC enables advertisers and AdTech firms to target a “cohort” (or a “flock”) of similar users. These cohorts are developed, updated, and refined by browsers based on user browsing behavior — those with similar browsing habits are grouped together and these cohorts are updated over time as users navigate the web. By leveraging machine learning algorithms, the browser can develop a flock based on specific input features (e.g. the URL of the visited sites or the content on the page). FLoC is unique as it ensures that all browser history remains in local storage — the browser only ever “reveals” the generated flock that the user is part of. However, the success of FLoC depends on the quality of these clusters. Labels need to be suitable for machine learning and clusters need to be significantly distributed and sizable so that they accurately represent the interests of the group as a whole, rather than a person.

While real-world testing of FLoC has already begun, Google recently announced that it could not run in countries where the GDPR and the ePrivacy Directive are in effect due to privacy concerns. Despite this being an alternative that supposedly offers greater privacy for users, some regulators are arguing that it still isn’t enough.

Even as Google begins testing FLoC, it’s facing opposition from various quarters. There are antitrust lawsuits and privacy advocates think it’s just a sugar-coated replacement for third-party cookies. Is FLoC really as terrible as it’s made out to be?

We shouldn’t forget that FLoC is only one of many solutions being proposed in today’s advertising ecosystem to address the end of third-party cookies. From The Trade Desk’s Unified ID 2.0 to even our own solution at Aqilliz, the industry is mitigating the current existential threat that it must now confront as it looks to a future without third-party identifiers. I wouldn’t completely decry FLoC just yet — with the current rounds of testing taking place, I’m sure that we’re bound to see further improvements on Google’s algorithm. This year — as well as beyond — is set to be a time of trial and error as much as experimentation.

Does the backlash against FLoC mean we are destined to be tracked by third-party cookies? Do you think cohort-based targeting is a viable solution, if tackled in a different way compared to Google’s approach?

The world has changed a great deal since third-party cookies emerged on the web. Cookies were free, open-source, and didn’t carry any liability on behalf of participants across the digital supply chain when it came to consumer preferences or consent. With consumer consent now at the top of the privacy agenda, expectations have changed. Whether prompted by large-scale data breaches or uncannily accurate ads, what consumers and regulators alike expect to see is a universal ID which can capture and carry consumer consent across the digital supply chain.

In light of that, I believe that Google’s decision to transition to aggregated insights via cohorts rather than user-level identifiers are a step in the right direction. The reality is, independent user-level identification will need to give way to cohort-level communication for a large part of advertising unless and until explicit consent from an individual is given to receive promotional communications and to allow for tracking online.

How do you use blockchains for online advertisement? Based on your experience with using the tech at Aqilliz, what are the advantages of using the kind of blockchain that you do, both from a user’s perspective, and from that of an online advertiser?

At Aqilliz, blockchain is used to ensure three core features across all of our solutions: transparency, traceability, and immutability. These all correspond to existing pain points in the AdTech and MarTech ecosystems.

From a user perspective, we’re able to ensure that all data is appropriately treated — anonymized, hashed, and aggregated — to ensure that it cannot be reverse-engineered to reveal individual data points. We are able to preserve and protect privacy in accordance with local data protection laws where our clients are based. This means that users can still benefit from adequately personalized marketing messages and brands can still maximize their spend to ensure that they’re reaching out to the right audiences at the right time.

Alongside data privacy compliance, one other area that we’re looking at is real-time campaign optimization. With the number of middlemen involved in today’s opaque digital campaign supply chain, it’s difficult to optimize campaign metrics in real-time. Both time- and cost-efficiencies are lost due to the amount of data that needs to be ingested and later reconciled. Our blockchain-powered in-flight campaign optimization solution was designed to add transparency and accountability to the programmatic supply chain while providing real-time visibility. Smart contracts allow for in-built content authentication through pre-encoded requirements such as viewability thresholds and automate settlements to ensure that only verifiably fraud-free and brand-safe ads are paid for, making the potential savings in advertising dollars a huge benefit when budgets are tight.

What about the stringent data compliance laws such as the GDPR? FLoC doesn’t seem to pass muster. Why do you think a distributed ledger-based solution will?

Distributed ledger technology can manifest in different forms and at Aqilliz, we’ve identified that a hybrid solution that combines the best of what both public and private blockchains have to offer, works best. Our underlying technological infrastructure, Atom, implements the best of privacy rendering techniques such as cryptography and differential privacy to allow brands to discover new audiences in the open web in a federated manner. Meanwhile, we’ve combined the security and scalability of a private blockchain with the accountability and decentralization of a public blockchain.

In accordance with data compliance laws such as GDPR, our solutions do not reveal raw individual data — instead, this remains in local storage (be it on user devices or servers owned by brands) before being anonymized and later being treated with differential privacy. Differential privacy masks individual data points with statistical noise in such a way that only aggregated insights can be revealed without any possibility of reverse-engineering the data set. Meanwhile, we’re also able to provide an independent and immutable record of processing any and every activity between enterprises, fulfilling the GDPR’s clause for a Record of Processing Activities.

As you can say, distributed ledger technology is not a one-size-fits-all solution that can be used out of the box. If we use our work at Aqilliz as an example, distributed ledger technology needs to be supplemented with other enhancements to provide a holistic, privacy-compliant infrastructure.

You’ve spoken about the inefficiencies in the marketing technology ecosystem as things stand currently. Could you share some of these concerns and how you think they can be overcome without compromising the privacy of the users?

The inefficiencies taking place across the MarTech ecosystem more so come at the detriment of brands and advertisers rather than users. Whether that’s a lack of transparency, a lack of standardization across measurement standards, or the presence of fraud, these pain points more so have knock-on effects on users as it severely impacts the extent to which brands can successfully tailor their marketing messages in real time. Naturally, this can have an immediate, lasting impact on brand perception as well as brand loyalty. However, this has less to do with privacy and more so about cost-efficiency in the space.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.