Publication

Privacy Limitations Of Interest-based Advertising On The Web: A Post-mortem Empirical Analysis Of Google’s FLoC

Creative Commons

Attribution 4.0 International

Alex Berke

Feb. 3, 2022

Topics
People
Groups

Alex Berke and Dan Calacci. 2022. Privacy Limitations of Interest-based Advertising on The Web: A Post-mortem Empirical Analysis of Google’s FLoC. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS ’22), November 7–11, 2022, Los Angeles, CA, USA. ACM, New York, NY, USA, 13 pages. https://doi.org/10.1145/3548606.3560626

Abstract

In 2020, Google announced it would disable third-party cookies in the Chrome browser to improve user privacy. In order to continue to enable interest-based advertising while mitigating risks of individualized user tracking, Google proposed FLoC. The FLoC algorithm assigns users to "cohorts" that represent groups of users with similar browsing behaviors so that ads can be served to users based on their cohort. In 2022, after testing FLoC in a real world trial, Google canceled the proposal with little explanation in favor of another way to enable interest-based advertising. This work provides a post-mortem analysis of two critical privacy risks for FloC by applying an implementation of FLoC to a real-world browsing history dataset collected from over 90,000 U.S. devices over a one year period.

First, we show how, contrary to its privacy goals, FLoC would have enabled individualized cross-site user tracking by providing a unique identifier for users available across sites, similar to the third-party cookies FLoC was meant to be an improvement over. We show how FLoC cohort ID sequences observed over time can provide this unique identifier to trackers, even with third-party cookies disabled. We estimate the number of users in our dataset that could be uniquely identified by FLoC IDs is more than 50% after 3 weeks and more than 95% after 4 weeks. We also show how these risks increase when cohort data are combined with browser fingerprinting, and how our results are conservative underestimates of the risks FLoC would have posed in a real-world deployment. Second, we examine the risk of FLoC leaking sensitive demographic information about users. Although we find statistically significant differences in browsing behaviors between demographic groups, we do not find that FLoC significantly risks exposing race or income information about users in our dataset.
Our contributions provide insights and example analyses for future novel approaches that seek to protect user privacy while monetizing the web.

FLoC_CCS_2022.pdf

Creative Commons

Attribution 4.0 International

Related Content
Event Events

Mathematical Coloring Workshop: Beautiful Symmetry (all ages)

Calm yourself with coloring and learn math in the meantime!
Event Events

Wallpaper: A mathematical coloring workshop

Using color to explore the intersection of art and mathematics.
Friday
February 1, 2019
5:00pm — 7:00pm ET
New Brunswick, NJ
Publication Research

The Tradeoff Between the Utility and Risk of Location Data and Implications for Public Good

Calacci, Dan, Alex Berke, Kent Larson, Sandy Pentland. "The tradeoff between the utility and risk of location data and implications for public good." Presented at the Oxford & London School of Economics Connected Life conference. (2019). https://arxiv.org/abs/1905.09350
Gallery Research

[bike] swarm: synchronization & network