Google’s new proposal for targeted ad tracking has several properties that could pose “significant” privacy risks to users, according to Firefox maker Mozilla.
On Thursday, Firefox published the results of an analysis of Google’s Federated Learning of Cohorts, or FLoC, proposal.
Google believes the new “privacy-preserving” system could be used to replace third-party cookies for ad tracking purposes.
Firefox CTO Eric Rescorla said there are major privacy problems with the system, GSMArena reported on Friday.
FLoC works by using a new “cohort” identifier. Compared to cookies, “cohorts” identify a group of users with similar interests instead of a single person.
Advertisers can then use these cohorts for ad tracking purposes without needing the browsing history of a specific user.
However, cohorts will likely only consist of thousands of users. That could allow trackers to narrow down specific users very quickly, Rescorla wrote.
For example, tracking companies could use browser fingerprinting to narrow down the list of potential users in a cohort to just a few. Firefox says trackers would only need “a relatively small amount of information” when combined with a FLoC cohort.
Additionally, trackers could use combinations of FLoC IDs in a given timeframe to distinguish individual users. That’s because neither FLoC identifiers nor user interests are constant.
FLoC identifiers also leak more information than cookies. Unlike site-specific cookies, FLoC IDs are the same across websites. Because of that, “they become a shared key to which trackers can associate data from external sources”.
Google has proposed several countermeasures to mitigate these privacy problems, including making FLoC opt-in for websites and suppressing cohorts that it believes are too connected to “sensitive” topics.
However, Firefox believes they’re not enough.