DuckDuckGo's Chrome extension blocks Google's controversial new FLoC tracking technique
That Google tracks internet usage is hardly news -- it how the company has operated for years, and it is central to its business model. But the search giant recently started testing a new technique for delivering targeted ads to people called Federated Learning of Cohorts (FLoC), and it's now enabled for millions of users by default.
While Google is insistent that FLoC is "privacy-preserving mechanism" and one that " enables ad selection without sharing the browsing behavior of individual users", the algorithm remains controversial for many. The cookie-free technique uses fingerprinting which the likes of the Electronic Frontier Foundation and other privacy groups have expressed great concern about. For anyone who would like to block Google's new tracking method, DuckDuckGo's Chrome extension is here to help.
What is particularly concerning about FLoC is the opacity of what it does, how it works, and the difficulty of opting out of it. Google has already enabled the new technique for millions of people without either informing them or giving them a choice in the matter. DuckDuckGo points out that FLoC is bad for privacy because "it puts you in a group based on your browsing history, and any website can get that group FLoC ID to target and fingerprint you".
But with the privacy-focused search engine's DuckDuckGo Privacy Essentials extension for Chrome, it is possible to block FLoC. The company explains some of the concerns about the new method:
With FLoC, by simply browsing the web, you are automatically placed into a group based on your browsing history ("cohort"). Websites you visit will immediately be able to access this group FLoC ID and use it to target ads or content at you. It's like walking into a store where they already know all about you! In addition, while FLoC is purported to be more private because it is a group, combined with your IP address (which also gets automatically sent to websites) you can continue to be tracked easily as an individual.
Google itself maintains detailed profiles of users, built up over time from what they've learned about users (including through passive trackers lurking on most websites), but with FLoC they're now exposing your derived interests and demographics from this profile to the websites you visit via FLoC IDs. Although the cohorts you belong to over time are non-descriptive and represented by an anonymous-looking number, it won't be long before people or organizations work out what FLoC IDs really mean, e.g. what interests and demographic information they are likely correlated with.
Version 2021.4.8 of DuckDuckGo's extension is the first to include FLoC blocking, and you can download this from the Chrome Web Store, or update if you already have it installed. This is the solution for anyone using Chrome, but this is something that DuckDuckGo (and others) recommend against anyway. The company offers up the following extra tips to help avoid FLoC:
- Stay logged out of your Google account;
- Don't sync your history data with Chrome, or create a sync passphrase;
- In Google Activity Controls, disable “Web & App Activity” or “Include Chrome history and activity from sites, apps, and devices that use Google services;”
- In Google Ad Settings disable “Ad Personalization” or “Also use your activity & information from Google services to personalize ads on websites and apps that partner with Google to show ads.”
In a blog post, DuckDuckGo also has some advice for website owners who are keen to protect the privacy of their visitors:
Websites can take steps to protect the privacy of their users by opting out of FLoC, which would be applicable to all their visitors. It's done by simply sending the following Permissions-Policy HTTP response header:
Permissions-Policy: interest-cohort=()
Some publishers like The Markup and The Guardian have already done so, as have we at DuckDuckGo Search, and we encourage others to follow.
Image credit: kruche_Gucci / Shutterstock