Privacy analysis of FLoC (Mozilla blog)
Privacy analysis of FLoC (Mozilla blog)
Over on the Mozilla blog, Eric Rescorla looks
into some of the privacy implications of the Federated Learning of Cohorts
(FLoC), which is a Google effort to replace
third-party cookies with a different type of identifier that is less
trackable. But less tracking does not equal no tracking. "People's
interests aren't constant and neither are their FLoC IDs. Currently, FLoC
IDs seem to be recomputed every week or so. This means that if a tracker is
able to use other information to link up user visits over time, they can
use the combination of FLoC IDs in week 1, week 2, etc. to distinguish
individual users. This is a particular concern because it works even with
modern anti-tracking mechanisms such as Firefox's Total
Cookie Protection
(TCP). TCP is intended to prevent trackers from correlating visits across
sites but not multiple visits to one site. FLoC restores cross-site
tracking even if users have TCP enabled.
"