Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Google Privacy

Google Kills Off FLoC, Replaces it With Topics (techcrunch.com) 93

FLoC (Federated Learning of Cohorts), Google's controversial project for replacing cookies for interest-based advertising by instead grouping users into groups of users with comparable interests, is dead. In its place, Google today announced a new proposal: Topics. From a report: The idea here is that your browser will learn about your interests as you move around the web. It'll keep data for the last three weeks of your browsing history and as of now, Google is restricting the number of topics to 300, with plans to extend this over time. Google notes that these topics will not include any sensitive categories like gender or race. To figure out your interests, Google categorizes the sites you visit based on one of these 300 topics. For sites that it hasn't categorized before, a lightweight machine learning algorithm in the browser will take over and provide an estimated topic based on the name of the domain.

When you hit upon a site that supports the Topics API for ad purposes, the browser will share three topics you are interested in -- one for each of the three last weeks -- selected randomly from your top five topics of each week. The site can then share this with its advertising partners to decide which ads to show you. Ideally, this would make for a more private method of deciding which ad to show you -- and Google notes that it also provides users with far greater control and transparency than what's currently the standard. Users will be able to review and remove topics from their lists -- and turn off the entire Topics API, too.

This discussion has been archived. No new comments can be posted.

Google Kills Off FLoC, Replaces it With Topics

Comments Filter:
  • by nitehawk214 ( 222219 ) on Tuesday January 25, 2022 @10:26AM (#62205821)

    Laws are in place to control how cookies are used.

    But with new Google Topics(amptrade;), none of the laws will be applicable to Google!

    • Sounds browser based...so, this is for Chrome users only?

      Sounds like another good reason to avoid Chrome.

      • by NFN_NLN ( 633283 )

        Is this part of the Chrome browser OR the chrome engine? It is getting hard to avoid the chrome engine today.

    • It seems like they've moved from grouping people from "They visited this site and that site," to "We have 300 types of people, which are you trying to reach?"

      This means they don't have to track every click so much, and it becomes much less processor intensive to compute which ad to show.

    • You are in far more control of your browser rather then having to rely on a law being enforced.

    • Cookie laws?
      Great now I'm going to be getting only nazi lesbian lingerie model ads.

    • by LucasBC ( 1138637 ) on Tuesday January 25, 2022 @11:55AM (#62206081)

      Laws are in place to control how cookies are used.

      But with new Google Topics(amptrade;), none of the laws will be applicable to Google!

      If you're referring to the GDPR, then they could still apply depending on what Google stores. People keep mistaking the GDPR as a "cookie law" -- it's not. It's indifferent to the technology. It's about storing and using personally identifiable information. As long as Google does not track individuals by these Topics (e.g. "person X did this"), they won't run afoul of the GDPR. If they do, the GDPR will still apply.

      • by knaapie ( 214889 )

        I think you are partly correct. The GDPR is about personal data, which can be aggregated to personally identifiable information (PII).
        'Topics' are shared with Google and/or the website a user visits, together with stuff like IP address, etc. so it is very likely that in that case the data is still PII.

        The GDPR says you have to clarify the purpose for which you collect personal data, and you cannot change the purpose later on without consent from the user.

        My interpretation is that the 'topics' cannot be anon

  • Not that users care about which ads get shown to them, mind. But any proposal where transparency and user control is a feature is better than what we have now.

    • by AmiMoJo ( 196126 ) on Tuesday January 25, 2022 @10:52AM (#62205901) Homepage Journal

      I was part of the effort that brought down FLoC. This proposal does address some of the issues, but I think we need to spend more time looking at it to see if it is really acceptable.

      The most likely issue, based on what I have read, is that it will simply give advertisers more information to identify users with. For a large ad network operating over many sites, it's going to be fairly easy to correlate a set of interests with a particular IP address or login.

      Advertisers combine many data points to create a browser fingerprint. We need to be taking that capability away from them, not adding more opportunities.

      • by Dracos ( 107777 )

        I think we need to spend more time looking at it to see if it is really acceptable.

        Narrator: It wasn't.

        Google wants to replace cookies because they can be disabled by the end user. Google is terrified that a large portion of rubes will discover the "Disable third-party cookies" browser option. If that happens, their precious stream of user data dries up and the ad market collapses.

    • Uhm, this isn't "user control"... it's a change in the ad buyer's interface, they're the customer.

    • I do not get ads shown to me, nor do I permit arbitrary code execution.

  • This seems like a significant improvement from FLoC; better privacy and control for the user as well as improved clarity about how it functions. I hope it succeeds; anything is better than our current tracking situation.

    • by pavon ( 30274 )

      Yeah, I'm not opposed to advertising, or even targeted advertising, just all the invasive surveillance that surrounds it. I might be persuaded to use something like this, on a few conditions:
      1) It should be opt-in not opt-out.
      2) I must be able to trust that any advertising domains that participate in this program don't do any other sort of tracking. I shouldn't have to exempt Google's top-level domains in order to participate in this program, like I currently have to do to allow captcha's to work. Otherwise

      • by pavon ( 30274 )

        More thoughts. On (3) I'd be okay with a compromise approach where the browser *suggests* categories based on my browsing habits, and I can approve or disapprove.

        5) I must be allowed to use plugins to selectively choose whether to expose this API to websites on a case-by-case basis. Even if Google and other legitimate site were to refrain from tracking in lieu of using this API, there will be other malicious sites that just use it to add more bits to the fingerprinting they are already doing.

      • by knaapie ( 214889 )

        That means it is a big No from you.
        They will never be able to adhere to condition 2. The information about your interests is linked to IP address and all sort of other data that is used for fingerprinting, so it will be used to track you.

    • This seems like a significant improvement from FLoC; better privacy and control for the user as well as improved clarity about how it functions.

      Better privacy is just saying no to ALL of the above.

      I hope it succeeds; anything is better than our current tracking situation.

      This is in addition to not instead of anything.

  • by srslif16 ( 588208 ) on Tuesday January 25, 2022 @10:37AM (#62205853)
    It is good that Google states that it can be turned off, but how can we trust that promise? After all, Google claims that you can turn off location tracking, a claim which turns out to be untrue.
    • What's to stop a site that sees you have turned it off from blocking you? If enough sites block you out unless you allow tracking then being able to turn it off is useless.
    • Unfortunately, Google is relying on making it difficult not to turn it off. This is the problem with having a browser monopoly, and why Microsoft wants so much to take that monopoly back as they want to exploit it the same way as Google. Only Microsoft is doing exactly the same with Windows by throwing Edge at you, so they can throw ads afterwards. And so is Mozilla unfortunately (and Ubuntu in partnership with Mozilla).

      These companies, no matter how much they say they want to be your good friends, they jus

    • Use a different browser. Any chromium-based one should be trust-worthy as long as the browser built on top of it remains fully open-source.

      I'm glad FLoC is being ditched, but as an end-user I'm still not asking for this Topics nonsense. It doesn't solve any problem that I have. It solves problems that the advertising industry has, which I couldn't care less about. I'll choose to use browsers that don't support this and treat websites that want to track me in any capacity as un-trust-worthy.

      • by brunes69 ( 86786 )

        It actually solves for the cookie dialog problem, although that was a self-created problem due to stupid legislation.

        A lot of people DO WANT TO BE TRACKED TO A LIMITED DEGREE.

        As long as the web is ad supported, I do not want to see garbage ads. I want to see relevant ads. As do most people.

      • by hawk ( 1151 ) <hawk@eyry.org> on Tuesday January 25, 2022 @02:08PM (#62206453) Journal

        >Any chromium-based one should be trust-worthy as
        >long as the browser built on top of it remains fully open-source.

        I had assumed that until I installed LittleSnitch.

        The alleged privacy browser, Brave, with no windows open, sends out to both naked IP4 and IP6 dresses multiple times an hour--addresses which littlesnitch more often than not resolves to google.

        For that matter, Firefox, which *isn't* chromium, sends requests to google servers at least a couple of times a day (again, with nothing open).

    • by Sloppy ( 14984 )

      If Google's high-level description of how it works is accurate, then you won't need to trust them, because you the user will be 100% in control at the time you select which browser to run. By default, unmolested, a user simply won't be able to see these ads. Google's promises almost appear to be completely irrelevant (and isn't that really what we all want from everyone, where how-it-works trumps promises?).

      What I think is really fascinating about Google's recent approaches (FloC seemed to have this too),

      • Chrome is the default browser for most people, and likely to stay that way (for some time at least).

        I imagine that if Chrome supports targeted advertising and (say) Firefox does not, websites will be built not to work in Firefox, forcing users to use Chrome instead. Already users are sometimes forced to use Chrome for a site, just because developers are too lazy to use web standards and test in multiple browsers. But if there is a financial incentive to force people to use Chrome instead, the problem will g

        • by Sloppy ( 14984 )

          Chrome is the default browser for most people, and likely to stay that way (for some time at least).

          Is this just a reference to Android phones (which do come with Chrome preloaded in many cases, I think) or do you mean desktops too? (If so, what kind of desktops? I haven't seen Chrome preloaded on any, but I'm not quite arrogant enough to say it doesn't happen. ;-)

    • It is good that Google states that it can be turned off, but how can we trust that promise? After all, Google claims that you can turn off location tracking, a claim which turns out to be untrue.

      The allegation isn't that Google's claim is false, it's that the UI is confusing and so users may think they turned off location tracking when they actually didn't. Separately, the suit alleges that Google still guesses your location by your IP address, and users have no control over that. But that's just how IP addresses work, and anyone who understands the technology understands the limitations of IP address location.

      Many headlines and summaries get this wrong, but if you read the actual filing this is

      • The allegation isn't that Google's claim is false, it's that the UI is confusing and so users may think they turned off location tracking when they actually didn't.

        The words used in the complaint about location tracking were "deceptive" and "misrepresentation" which to everyone with a pulse is a distinction without a difference.

        Separately, the suit alleges that Google still guesses your location by your IP address, and users have no control over that. But that's just how IP addresses work, and anyone who understands the technology understands the limitations of IP address location.

        More than just IP it seems.

        "That representation was deceptive. Even when Location History was off, Google continued to collect and store users locations. Depending on a user's other settings, Google collected and stored location data through Web & App Activity, Google apps on the userâ(TM)s device, Wi-Fi and Bluetoo

        • "That representation was deceptive. Even when Location History was off, Google continued to collect and store users locations. Depending on a user's other settings, Google collected and stored location data through Web & App Activity, Google apps on the userâ(TM)s device, Wi-Fi and Bluetooth scans from the userâ(TM)s device, Googleâ(TM)s Location Services feature, the user's IP address."

          The part you're pointing at is just another allusion to the UI confusion. Turning off location history doesn't turn off all location data. Turning off location services (device-wide or per-app) actually does disable all location tracking from GPS, WiFi and Bluetooth... but obviously not IP-based location estimation, since there's no expectation of privacy on IP unless you use some sort of VPN or other masking tool.

          You can see exactly how this works in AOSP. Google apps don't have any additional mechanis

        • by cj* ( 149112 )

          Key concept there is "the words used in the complaint".

          So not necessarily facts, but opinions of the people who filed the lawsuit.

          These people might be right, and/or they might be aiming at news coverage for a variety of political reasons.

          I have sympathy for people in the modern world who can't distinguish among applications, operating systems, and web based services. It will be interesting to see how the legal system sorts this out.

  • by Glasswire ( 302197 ) on Tuesday January 25, 2022 @10:47AM (#62205881) Homepage

    At Killed By Google [killedbygoogle.com]

  • by dark.nebulae ( 3950923 ) on Tuesday January 25, 2022 @10:54AM (#62205909)

    Bring on the extension that shares with these sites that my topic list is completely empty...

    • Then you'll get extra annoying ads.

      • If you are smart enough to run an extension that foils Topics, then you are smart enough to run ad blockers, script blockers, flash blockers and other crapware blockers, so you won't see the extra annoying ads in the first place.

  • Just turn it off (Score:5, Insightful)

    by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Tuesday January 25, 2022 @10:57AM (#62205919) Homepage

    I do not want google to learn anything about me.

    This seems that it will be a violation of the GDPR if any information is shared without my explicit agreement; which must be freely given and informed [ico.org.uk].

    • by pjt33 ( 739471 )

      Google's lawyers will argue that it's not personal data because it's not tied to an identity, and they're counting that even if a court eventually rules them wrong that they can tie it up in appeals for about 10 years, by which point they'll have some new system in place.

    • by brunes69 ( 86786 )

      In the EU they will just ask you what you want to do at install, then not have to ask again.

      Which IMO would be a FAR superior user experience to what exists today where every single website on the planet has to ask the same thing.

      People like me, who prefer to see ads relevant to my actual life, can leave it on. People like who who prefer to see completely irrelevant ads that you will never be interested in, can leave it off.

  • by Anonymous Coward

    Yester-web was actually much better. It would load the page, show you the text, allow you to start reading. Pictures would load as needed, and things would shift around -- you could change this behavior by specifying the picture size, so when the image loaded it didn't shift the page. But, I could load a page and start using it.

    Now.... I have to wait for every single round-trip, every single javascript, every single back-end to back-end script and question and connection, and every picture to fully download

    • I'm happy you feel this way. I've been building corporate web-sites for thirty years, and my rule remains that a single round-trip must be enough for the user to use the page. And you're absolutely right -- it's way way faster without external scripts, lazy loading, and long-distance advertising.

      I'm still waiting for a way to include the images within the page source. Ever since the days of transmission compression, making the page source larger takes advantage of the full connection/burst speed, whereas

      • by pz ( 113803 )

        God, yes. I am required to use Outlook web access for email at work. There are times when I can start typing an email reply and there is a *seconds* long delay before my text starts showing up. Something is very, very wrong with that design.

        I was (at a previous job) part of a development team for a now defunct social networking site. This was maybe 10 years ago, and our goal was sub 1 second page load, including everything, and we regularly hit it on ordinary user hardware. If it was over 2 seconds, som

        • Ah, 2 seconds. A luxurious life indeed.

          I recently launched a web-site that is appropriately full of high-resolution photography. That's their actual product, so that's the given.

          In early development, the home page was 6MB (that's huge). With some manual compression efforts, it later came down to 3MB (that's fine in 2022, but it's still excessive). In the old days, I would have chosen progressive-compression, but these days, on small-screens that ruins the initial experience, and on large-screens that of

      • IIRC, one can do inline image data in an IMG tag.
        • nvm. Just noticed your last line about base64 growth.
          • Yeah, when I first saw it, I was instantly excited and then immediately saddened. It's just not worth that offset -- especially when I added in the conversion effort/storage/annoyance.

            Thing recently got worse. Now that we're all forced to use https (a good thing in general), adding that kind of handshaking to publicly accessible images/etc is just such a waste of performance.

  • by Rosco P. Coltrane ( 209368 ) on Tuesday January 25, 2022 @11:46AM (#62206063)

    No idea what it is, but I know this: it's 100% certain to be worse than FLoC, in complete opposition to the user's best interest, it will be flogged hard by Google, and it too will require a lot of pushback from privacy advocates to finally be abandoned.

    How do I know that? 6 letters: Google. If it didn't serve their interest, they wouldn't do it, and Google's interests always run contrary to their users, and to plain decency.

    • How do I know that? 6 letters: Google. If it didn't serve their interest, they wouldn't do it, and Google's interests always run contrary to their users, and to plain decency.

      So, I actually know -- personally -- a number of the engineers behind FLoC and Topics, and what you say here is completely false. The people in question are deep nerds and strongly in favor of anything that improves privacy, including their own. You have to remember that all Google engineers are also users of all of this same stuff, and have the same concerns that you do. Of course, Google also wants to continue making money, and Google engineers agree because we want to continue receiving paychecks.

      The c

      • Intelligent people have committed the worst atrocities while trying to improve the world. That's why this saying exists: The road to hell is paved with good intentions. If you know these people, you have to show them the errors of their ways. I do not want to be advertised to based on a profile of my interests, ever. TV ads don't know me. Newspaper ads don't know me. It is not necessary to know me in order to advertise to me. If that is something that Google can't accept, then Google will forever be my enem

        • I do not want to be advertised to based on a profile of my interests, ever

          Why not? Serious question. What's bad about it? (Assuming it can be done without invading your privacy.)

          Those are really your alternatives: Targeted ads that aren't too obtrusive; really loud, obnoxious ads; or paywalls everywhere. Or no content, but you can get that now; just don't use the web.

          If tracking were essential to ad targeting, I'd agree that ad targeting is not acceptable. But if targeting can be done in a privacy-preserving way, and it appears that it can, I think it's the best of the real

          • "I don't mind if you cut off my toes as long as you sterilize the knife."

            ADS. ARE. BAD.

            You won't change my mind.

          • Knowing your mark gives you an advantage. If I want something, I go looking for it. You can advertise to me based on the site I am visiting or the search terms I am entering, but not based on the sites I have visited or the search terms I have entered before. The second you start profiling me, server- or client-side, I consider you a stalker, someone who I need to get rid of or defend myself against.

      • I read all of the privacy advocates' reactions to FLoC, and they boiled down to "This tells Google what you're interested in, even if it doesn't allow them to uniquely identify you, and because it gives them something rather than nothing, we hate it.

        Google gets everyone's browsing history thru Google analytics, everyone's search history, accurate physical location history of most Android users at all times. Seems rather obvious why people would think any new expansion of online data collection from Google would be unacceptable. There are already a bazillion different avenues available for tracking, fingerprinting and re-identification. I can't imagine any fair meaning of the word "nothing" that is at all applicable to the present situation.

        In addi

        • Google gets everyone's browsing history thru Google analytics, everyone's search history, accurate physical location history of most Android users at all times. Seems rather obvious why people would think any new expansion of online data collection from Google would be unacceptable.

          But the whole point of Topics and FLoC is to reduce the online data collection by Google.

          In addition to NOYB the "Topics" scheme gives whomever owns the classifiers ability to selectively benefit from cross site data in ways competing ad networks won't have available to them.

          Perhaps, but that's an argument for putting control in the hands of an industry body that operates in public, not an argument for rejecting it and sticking with massive data collection.

          Are FLoC and Topics only available to Google?

          Look at the specs. They're available to any web site that asks, subject to user approval/control.

          A stupid little prompt asking the user what type of ads they want to see is an impossible technical feat.

          Obviously not. Making it not annoy and/or get ignored by users is an impossible feat, though.

      • > What's good for Google is to be able to accurately target ads.

        That may be the case. But they will never convince me that it's good for me.

        To the fullest extent possible I do not interact with ads. I don't click obvious banner ads or interstitials or video prerolls. When reading search results, anything near the top has to be really, really relevant for me to not skip it as a probable ad. When watching broadcast TV or streaming I have a very heavy finger on the mute button and something else to read in

  • by devslash0 ( 4203435 ) on Tuesday January 25, 2022 @12:07PM (#62206107)

    No, you won't be using my browser to learn about the websites I visit. If you move forward with this, I will find a way to disable or cripple this API so that it doesn't work anymore.

    • This was my reaction as well. From the article: "“The design of topics was informed by our learnings from the earlier FLoC trials...And this resulted in a bunch of great feedback from the community, as I’m sure you know."

      If the feedback didn't include an overwhelming percentage of "f*** you"s, then the audience was corporate entities with an Orwellian interest in your private data. No thank you.

      Firefox is looking better all the time.

  • by mattr ( 78516 ) <mattr @ t e l e b o d y . com> on Tuesday January 25, 2022 @12:25PM (#62206167) Homepage Journal

    Call me old-fashioned. I don't want my browser to spy on me. It would feel creepy and insecure. I don't want any information of what topics I am researching to leave my computer and I do not trust Google that it will stop spying if I ask politely.

    Even now I find it extremely creepy that Slashdot is showing me ads for similar products that I purchased for my family for Christmas.

    Also, I have a feeling that even if the browser stops spying, Google will try to apply the algorithm server-side albeit at reduced efficiency to build a profile out of all of their tracking cookies that are already seeded on a large fraction of websites. And if or when the identity of an influential person (perhaps a government official or investment banker's?) becomes linked to a profile, the potential for untraceable crime may even arise. Just, no. It nauseates me. I am worried that younger generations will have already become used to it.

    • by xwin ( 848234 )
      I don't really understand why people feel that way. Install two browser plugins, uBlock Origin and Cookie AutoDelete, and you don't have to feel this way. There is a minor inconvenience of having to login into websites, but if you are worried about tracking, that is a small price to pay. While websites can still do browser finger-printing, very few do and most of them are using google tools. uBlock Origin blocks most if not all of the tracking sites and mostly protects your privacy.
      The advertisers lost my
  • "It's a trap!" I honestly don't know why anyone would work for Alphabet or its subsidiaries.
  • It might be less opaque than FLoC but it's still leaking information. I could visit a site and suddenly my colander for a browser is giving up info about me that I never wanted the site to know. Hey I just went to a news site to read an article, not to fucking tell it I like gardening, travel. But now the site knows and it will tell all its 3rd party friends. If I visit frequently enough and know it has a profile of me that increases with exactness with every data point.

    Fuck that. I'd rather use another b

  • How about no!

  • And mesothelioma. I hope my browser will show lots of those ads.

  • The idea here is that your browser will learn about your interests as you move around the web. It'll keep data for the last three weeks of your browsing history

    The absolute last thing I want is for some strung out programmer thinking it can design software to "learn" about my interests. And especially if it's keeping data on me.

    There's enough harassment on the web (and elsewhere). We don't need to add to it. There's enough data siphoning going on as it is.
  • The idea here is that your browser will learn about your interests as you move around the web.

    My browser? I seriously doubt that. Theirs, maybe.

We all agree on the necessity of compromise. We just can't agree on when it's necessary to compromise. -- Larry Wall

Working...