A Complete Guide To Google FLoC – What it Does and How it Works

Shanika W.

By Shanika W. . 24 June 2024

Cybersecurity Analyst

Miklos Zoltan

Fact-Checked this

2 Comments

This guide will discuss what Google FloC is and how it could potentially improve (or affect) your privacy.

What is Google FloC

FLoC is a new model from Google which gives interest-based advertising a more privacy-preserving experience for consumers. Currently, planning to roll out in 2024, it will deprecate the use of third-party cookies, which have become a privacy-invasive way of user tracking for many years.

Below you will learn about:

  • How did the Google FLoC model initiate?
  • What is FLoC?
  • How does FLoC work?
  • How to select interest-based ads using FLoC?
  • How does FLoC ensure privacy over third-party cookies?
  • When will Google plan to rollout FLoC?
  • How can businesses prepare for this change?
  • What are the current concerns and challenges of FLoC?

FloC is based on federated learning and has a distinct way of serving advertisements using information from both publishers and advertisers.

In contrast to third-party cookies, FloC preserves consumers’ privacy mainly by hiding individuals within a crowd. If you are a publisher or an advertiser, there are many ways you can better prepare for this change.

Despite the private space it promises to offer, there are severe backslashes against this technology which you should make aware of and take precautions where necessary.

Summary: This article explores Google’s Federated Learning of Cohorts (FLoC), an innovative approach to interest-based advertising designed to enhance user privacy.

As part of Google’s Privacy Sandbox initiative, FLoC aims to replace third-party cookies by 2024. The article details how FLoC works and its privacy advantages over third-party cookies.

It also addresses current issues and challenges associated with FLoC, such as concerns about potential exposure of personal data and the facilitation of fingerprinting.

In conclusion, the article offers advice for companies on how to adapt to the upcoming transition to FLoC.

Google FLoC Guide

Rising Concerns Over Third-Party Cookies

For long years, consumers have raised concerns about third-party cookies on websites as their data is overly exposed, leading to privacy violations.

Third-party cookies allow ad publishing and advertising companies to collect information about consumer browsing habits.

This information creates interest-based advertisements to attract consumers to their products and services.

However, the problem is that the cookies cannot only track the sites you visited but also expose sensitive data like personally identifiable information (PII) and credit card information.

Would third-party blocking cookies solve the problem? The technology giant Google has been trying to find answers to these nagging problems associated with third-party cookies.

As a result, in August 2019, Google announced its new initiative of building a more private web: The Privacy Sandbox, a set of open standards to enhance privacy.

Check out our guides on Google alternatives if you don’t like how Google handles privacy.

The Creation of FLoC: The Privacy Sandbox

Google has identified that merely blocking third-party cookies does not improve consumer privacy.

Instead, it encourages other privacy-invasive tracking techniques like fingerprinting over which users do not have control.

Not only that but blocking cookies will cut down publisher funding from advertising.

Thus, Google’s Privacy Sandbox initiative targeted creating a web ecosystem that respects users’ privacy in several aspects. To achieve this ultimate goal, they suggest a set of proposals around three significant tracks.

  • Replacing Functionality Served by Cross-site Tracking
  • Turning Down Third-Party Cookies
  • Mitigating workarounds

What is FloC?

FLoC is part of Google’s Privacy Sandbox initiative, which will make current third-party cookies obsolete.

In other words, it is a new way of tracking consumers with similar browsing habits for interest-based advertising. Through FloC, advertising will be more relevant to people, but at the same time, it will keep individual user information hidden from the advertisers.

Moreover, that information will be stored only on consumers’ devices to ensure privacy.

How does it work?

The FLoC or Federated Learning of Cohorts clusters individuals with similar browsing patterns into large groups or cohorts and assigns unique cohort IDs.

Unlike third-party cookies that reveal information about each individual, in the FLoC model, the only report revealed to third parties is this cohort ID.

Hence, FloC hides the individuals in the cluster, preserving their privacy. In addition to that, it only keeps users’ browsing history on their devices locally.

FLoC uses the machine learning approach of federated learning to develop the cohorts. This algorithm depends on the URLs of the navigated websites, those website content, and many more stored on the users’ web browsers.

A cohort contains thousands of users, and the algorithm updates the cohorts weekly. As you browse through the web, the browser updates your cohort. Then websites can retrieve the cohort ID using an API and decide what advertisements they should show to the cohort.

For example, let’s take five users A, B, C, D, and E. The following shows two different Cohort assignments of these users based on their interests and the pages they visited. For interest-based advertisements, the second cohort assignment (3 and 4) is the most likely to be produced.

Google FloC

Selecting Interest-based Ads Using FLoC

  1. Browsers use a FLoC service to get the mathematical model, consisting of many calculated “cohorts.” In this model, each cohort corresponds to many web browsers having similar recent browsing histories and contains a unique ID.
  2. Using that FLoC Model algorithm, your browser calculates your cohort.
  3. Let’s say you visited the site of an advertiser abc.com that sells kitchen appliances. Then that site requests the cohort ID from your browser.
  4. If you visited additional pages of the advertiser, like searching kitchen utensils, it would record those interests.
  5. Advertisers record these cohort activities periodically and share that information with the ad tech company that helps to deliver advertisements.
  6. In the same manner, let’s say you visited a publisher site that sells ad space; it will also request your cohort ID.
  7. Then, the publisher site requests advertisements relevant to that cohort from the ad tech company.
  8. The ad tech company combines the data received from the advertiser company about the cohort’s interests and data from the publishing company.
  9. Next, the ad tech company chooses suitable ads according to the cohort’s interests.
  10. The publisher site then displays the selected advertisement relevant to the interests of the cohort.

How FLoC Improves Consumer Privacy over Third-Party Cookies?

So, how exactly does FLoC ensure your privacy?

  1. FloC considers you part of a larger group rather than an individual. – When browsing through the web, FloC automatically calculates which cohort you belong to, and it keeps changing based on your browsing habits. Publishers and advertisers can only identify this cohort, meaning that they cannot individually identify anyone in the cohort. So the advertising is targeted to the entire cohort, not specifically to you as an individual.
  2. FloC keeps your browsing history private – Your web browser determines the cohort based on your browsing history, making you part of thousands of people with similar browsing habits. In contrast to third-party cookies, FLoC only shares the cohort IDs with third-party companies when requested. Furthermore, it works on your device and never shares your browsing history.
  3. FLoC does not generate cohorts with sensitive information – A cohort can consist of a set of users that continuously visit sensitive pages like medical, religious, and political websites. To mitigate revealing such sensitive information about users, Google Chrome measures the sensitivity of cohorts and creates a block list of sensitive cohorts.
  4. Websites can be eliminated from inclusion in cohort calculation – If any website does not want to track users’ visits to their sites, they can opt-out from using FLoC. They can accomplish this by the interest-cohort permissions policy, which comes as ‘allow’ by default.

When Will FLoC Replace Third-Party Cookies?

As this is ultimately a new technology from Google, it is still in its development phase and has not fully come into effect at the time of this writing.

In March 2021, Google announced that they have started to roll out this new technology as a trial in Google Chrome to improve their model by incorporating feedback from the web community.

Recently, Google announced that they are delaying the rollout of FLoC until 2023 because of the criticism and the feedback they received from their tech partners.

Therefore, everyone, from consumers to marketers to publishers, keeps an eye on this new technology and has started to assess its direct impact.

How to Prepare for FLoC?

According to Google’s initial trials, they have identified that FLoC performs nearly as well as third-party cookies. Any company using third-party cookies should be well-prepared before fully embracing this change.

Stay up-to-date with the progress of FloC

Google continuously updates its progress in its Chromium and Chrome blogs, especially its rollout plan and testing strategy.

The results of those trials give you a clear picture of where the model currently stands and how much time you have before it gets fully implemented.

While Google is preparing for this change, other browsers will take a different user privacy approach. Therefore, keeping up-to-date as it moves and educating your clients about its potential impacts can help better prepare for this change.

Avoid third parties to maintain customer relationships

Do not rely on external parties to build relationships with your customers. Instead, maintain relationships directly with the customers with a first-party data strategy.

This direct relationship essentially helps you protect the trust between you and consumers. In addition, with the help of tactics like loyalty programs and offers, you can get closer and understand your consumers better.

Maintain clean first-party data

First-party data or the data you directly get from customers are valuable information as you prepare for third-party data changes. When moving away with third-party data, you must ensure they are well-cleaned and connected.

Using Googles’ global site tags

Conversion measurements measure whether the user clicks on an ad that leads to purchasing that particular product or not.

Adding Google global site tags to pages of your website can provide better results for conversion measurements. It will help you manage future changes and easily integrate new functionality when they become available.

Current Criticisms and Challenges to FLoC

Publishers and advertisers heavily rely on third-party cookies for interest-based advertising. There are many criticisms and doubts about whether this initiative can achieve its goal without impacting their businesses.

FLoC can still reveal individual information

In its recent article, Verge pinpoints that Google FLoC is not as private as Google claims it to be. Instead, it will likely provide fingerprint data, which Google needs to fight.

They also highlight that FLoC is a straightforward method that the sites can get to know enough information about individuals, and it is no worse than third-party cookies.

The Electronic Frontier Foundation (EFF) has launched Am I FLoced, which will let you find out if you have become a test of this latest tracking model or not.

Also, in its article in March, they criticize FLoC saying it is a terrible idea. They highlight that the number of cohorts can be very high, and a more significant number of cohorts can reveal more about users’ interests, making fingerprinting significantly easier.

Cohorts contain a certain amount of entropy which is enough to deduce a unique fingerprint from them.

Fingerprinting is possible

The second concern the EFF highlights are that there can still be ways to identify individual users in a cohort.

For example, providing a ‘log in with Google’ facility can combine with the information they get from the cohorts. Because of this ability, trackers may reverse engineer the FLoC algorithm and deduce the sites they visited.

Furthermore, the cohort you are in periodically updates, making sites easily track your browsing changes.

Blocking Google FLoC

The cloud giant Amazon is blocking Google FLoC because of two reasons.

The first is to protect their intellectual property, which consists of people’s buying habits that they do not want to reveal to other parties.

Secondly, Amazon aims to use its unique ID for tracking and measuring product advertising through its services.

In addition, DuckDuckGo and GitHub have already blocked Google FloC.

DuckDuckGO has developed a chrome extensionthat blocks Google FloC.

Moreover, WordPress also has expressed its concerns over the security of this model.

Summary

FLoC is the newest user tracking and advertising model introduced as part of Google’s Privacy Sandbox initiative.

Its central feature is its – claimed – ability to ensure user privacy, continuing to provide interest-based advertising. This guide explained in detail what FLoC is, including how it works and claims to improve consumers’ privacy.

In addition, as FLoCs’ ultimate goal is replacing third-party cookies, this article discussed current concerns and criticisms around this model, which has further delayed its full implementation.

Frequently Asked Questions

Some people found answers to these questions helpful

How do I enable FLoC?

FLoC trails are now available as a third-party origin trial in Chrome 89 and 91 versions. FloC has not yet developed entirely and is still in the trial state. You need to register it for a trail token which you can obtain from the registration website.


Can I opt out of FLoC?

Before opting out, check whether you are a test subject of Google’s FLoC trial using the EFF’s website Am I FLoCed. It indicates to Chrome users whether or not the FLoC algorithm is running in their browser. If you are part of this trial, you can go to the browser’s settings, select and select ‘privacy and security, and choose to disable privacy sandbox trials.


When will FLoC fully replace third-party cookies?

Google initially intended to release FloC in 2022. But based on trials, feedback, and criticisms from the web community, they planned to roll out the change in 2023.


Do other browsers use FLoC?

Other browsers like Microsoft Edge, Safari, and Mozilla Firefox have informed me they still don’t have immediate plans to use FLoC. Mozilla Firefox, in a statement, has expressed concerns over its severe privacy loopholes.


2 Comments

  • JohnIL

    July 20, 2022 8:12 pm

    So, you have Google trying to implement FLoC but many browsers soundly rejecting this. Then you have a browser like Brave trying to do their own sort of exclusive ad system. Of course, then you have a lot of users who just don’t want any ads or be tracked by anyone. Clearly for the web to be free sites must obtain a revenue stream from somewhere. I don’t mind ads but being tracked all through my web use is obviously intrusive. So far, I have yet to see any sort of good solutions coming from anyone.

    • Jake

      September 24, 2022 6:25 pm

      There’s already a solution – use Firefox.

Leave a Comment