Federated Learning of Cohorts (FLoC), is Google’s solution for targeted advertising in a world without browser cookies. When FLoC was first announced, it was panned by privacy and security advocates for not doing enough to protect consumer privacy. Based on industry feedback, Google announced they are replacing FLoC with Topics.
Unlike FLoC, Topics uses recent browsing history to determine interests.
When you visit a participating site, Topics picks just three topics, one topic from each of the past three weeks, to share with the site and its advertising partners.
Josh Karlin, a software engineer at Google, published a detailed Topics explainer on GitHub. In the document, he outlined the shortcomings of FLoC.
- FLoC didn’t actually use Federated learning
- FLoC added too much fingerprinting data to the ecosystem
- Stakeholders wanted the API to provide more user transparency
- Stakeholders wanted the API to provide more user controls
- FLoC cohorts might be sensitive (they could expose sensitive topics)
- FLoC shouldn’t automatically include browsing activity from sites with ads on them (as FLoC did in its initial experiment)
The Topics API is designed to overcome the problems created by FLoC by making it more challenging to reidentify users, keep personally sensitive data private, and provide transparent details and controls to users. And unlike FLoC, Topics is powered by the browser. Google plans to integrate the Topics API into Chrome, display associated topics to users, and give them controls to completely disable the feature.
The biggest hurdle for Topics will likely be browser adoption. Topics requires browsers to add support for the API, and it’s unlikely Apple will comply. Unlike macOS, Apple requires all browsers on iOS and iPadOS to use its version of WebKit. If Apple refuses to add Topics to Safari, Google’s solution will have limited reach.
It’s also unclear how much websites will learn from a user’s browsing history. Google claims that
by providing websites with your topics of interest, online businesses have an option that doesn’t involve covert tracking techniques, like browser fingerprinting, in order to continue serving relevant ads. However, they also reveal that it’s still not foolproof.
It is theoretically possible to have a number of different callers that call the API on different sets of sites collude to determine more detail about the sites a user visited, or to accumulate a user identifier over time. This is something that the browser could potentially observe and may intervene on if necessary.Josh Karlin, The Topics API, GitHub
Google also stated that sites could still collect interests on users over time.
As a site calls the API for the same user on the same site over time, they will develop a list of topics that are relevant to that user. That list of topics may have unintended correlations to sensitive topics.Josh Karlin, The Topics API, GitHub
Google faces the virtually impossible task of protecting user privacy while also profiling them for targeted advertising in a world without browser cookies. Expect to see the Topics API evolve and significant pressure to be put on Apple and Mozilla to support it.