Google is currently in the process of replacing the ability to profile users via 3rd party cookies with its own Privacy Sandbox, which would conveniently take control from websites and advertisers and move it into Google’s own browser.
Google of course promises that this solution would be privacy-preserving, but 15 attorneys general have already accused the company of trying to put its “Chrome browser at the center of tracking and targeting.”
I have not been too concerned about the issue, as I had assumed the Chrome browser would have a big button labelled Opt-Out (like the Windows 10 one below) which would increase my privacy even more.
Google’s early behaviour has however not been encouraging. The company has started its FLOC trial where it has begun tracking users and pigeon-holing them into cohorts of several thousand users based on their browsing history, with the final aim of offering these cohort IDs (e.g people who like manga and pillows) to advertisers to market towards. Cohorts will be relatively small, raising the spectre that advertisers will have an even easier time fingerprinting users using the cohort ID and tying it to the user’s real identity.
Google has opted in 0.5% of Chrome users in some regions, including the USA, into the trial. Users are chosen at random, regardless of most ad and privacy settings, and the only way to opt-out is to turn off third-party cookies in Chrome.
Google plans to increase this to 5% of Chrome users, which would likely be around 100 million Chrome users, before of course eventually rolling the feature out to everyone else.
The EFF has not been impressed, particularly because users opted in without their consent in the trial will be doubly spied on – first with Cookies and then with FLOC.
Furthermore, they do not think Google’s plans to exclude “sensitive cohorts” e.g. those who browse adult websites will actually prevent any other website from identifying those users from other clues related to their cohort ID.
To me, however, the most egregious issue is that Google has not given users the ability to opt-out to fingerprinting by Google itself. Hopefully, another company such as Microsoft, which does not make a living from advertising, will step up with a browser not designed as an ad delivery vehicle.
Read all the EFF’s objections here.