Two weeks after Google launched a trial to replace run-of-the-mill online user tracking with new-fangled online user tracking, several companies and organizations have pushed back, criticizing the new technology—called FLoC—which is designed to respect people's privacy more, as a detriment to user privacy.
The good news is that, if you want to escape Google’s silent experiment into how it thinks you should be tracked across websites, you now have several options. You can test whether you are included in Google’s new trial, download a browser plug-in to stop Google’s new tracking, or choose to install another web browser that is committed to preserving user privacy.
Because Google’s experiment into user tracking is primarily happening on its own browser Google Chrome (we’ll talk about Chromium-based browsers further down), our advice is split between two categories of users:
- Google Chrome users who do not want to give up Google Chrome
- Google Chrome users who are open to using a new browser
Some of the steps we offer are as simple as downloading a new browser, while others require users to go into their Google Chrome settings and make some changes. That latter option may sound easy, but for such a seismic shift in how users are being tracked online, it’s unfortunate that users have to, yet again, take even more proactive steps to simply enjoy a private experience online.
As we wrote last time, if Google believes its new technology is a step towards respecting user privacy, it should at least respect the user, too.
Before we get to our advice, let’s briefly explain some background.
What’s going on?
At the heart of the issue is Google’s Federated Learning of Cohorts—or FLoC—technology, which is now being tested on at least 0.5 percent of Google Chrome users across the world.
FLoC is Google’s planned replacement for third-party cookie tracking which, after years of enormous influence in digital advertising, is losing its relevance. Simply put, more users are beginning to push back against the types of online user tracking enabled by third-party cookies, and several companies are making it easier for those users to do it. Browser plug-ins abound to stop third-party tracking, and year ago, both Mozilla’s Firebox browser and Apple’s Safari browser disabled third-party tracking by default.
But this could spell trouble for Google, as much of its advertising revenue depends on the third-party cookies that its ad networks use to track users across countless websites.
Thus, enter the third-party cookie’s replacement: FLoC.
According to Google, FLoC is supposed to serve as an improvement on the third-party cookie because it will create advertising profiles on user groups, or cohorts, and not on users as individuals. Cohort membership is calculated by the browser and the data that drives the calculation doesn't leave users' machines. The company said that FLoC technology will prevent the creation of cohorts based on “sensitive topics,” with no cohorts based on medical diagnoses or online searches for help with suicide prevention.
According to Google, then, FLoC will give users the best of both worlds, preserving their online privacy while still providing revenue to online publishers who have relied on third-party cookies for years.
According to several outside organizations and companies, though, FLoC is just the latest attempt to box users into an unfair compromise, trading their own privacy for someone else’s gain.
“FLoC, along with many other elements of Google’s ‘Privacy Sandbox’ proposal, are a step backward from more fundamental, privacy-and-user focused changes the Web needs,” wrote Peter Snyder and Brendan Eich, senior privacy researcher and CEO of the privacy-forward web browser Brave. “Instead of deep change to enforce real privacy and to eliminate conflicts of interest, Google is proposing Titanic-level deckchair-shuffling that largely maintains the current, harmful, inefficient system the Web has evolved into, a system that has been disastrous for the Web, users and publishers.”
Importantly, users caught in the FLoC trial will not be subject to solely FLoC-enabled tracking. Instead, the FLoC trial is additive, meaning that Chrome users in the trial will be tracked both through FLoC and through traditional third-party tracking.
Here's what you can do to push back against FLoC.
How can you opt out of FLoC?
As we wrote above, Google’s FLoC trial is primarily affecting users of its Google Chrome browser. If you are currently using Google Chrome, read on to understand how to find out if you’re included in the FLoC trial, how to opt out, and how to block the FLoC technology through outside means.
For the Google Chrome user who does not want to give up Google Chrome
First, Chrome users should check to see whether they’re included in Google’s FLoC trial. Google itself made this impossible when it launched its trial, as it did not provide any individualized notifications to the affected users.
Flatly, this is bad practice. An experiment that allegedly aims to respect user privacy should also respect the user, and that includes whether that user even wants to be included in the trial.
Alas, technologists at Electronic Frontier Foundation have developed a Google FLoC scanner for Google Chrome users. Simply follow the link to amifloced.org and run the test to see if you’re included in the Google FLoC trial.
If you are included in the trial, don’t panic! There are two methods you can take to remove yourself from the FLoC trial, one method provided by Google, and another provided by the search giant’s privacy-preserving competitor, DuckDuckGo.
If you want to just stick to Google Chrome’s settings and opt out of the FLoC trial, you can disable third-party cookies in Google Chrome. You can navigate to your Google Chrome preferences from the dropdown menu from “Chrome,” or, you can enter
chrome://settings into your URL bar and press enter.
In your preferences, you next need to click on the “Privacy and security” option in the left-hand menu. Once there, click on the “Cookies and other site data” option, which should be below “Clear browsing data.”
Finally, once you’re in this menu, you need to click on the option to “Block third-party cookies.”
If you don’t want to fuss about with your settings, you can also choose to download the DuckDuckGo browser extension for Google Chrome. According to DuckDuckGo, the company has “enhanced the tracker blocking in [its] Chrome extension to also block FLoC interactions on websites.”
For users who don’t want to change settings or download extensions, there’s also another path: Download and use a different browser.
For the Google Chrome user who is open to using a new browser
It may sound simple to just download and start using a new browser, but we understand how difficult it can be to leave a platform for another that you may not know about or trust. For that reason, you should look at the actions of other web browsers and how they line up with their promise for a more private web experience for you, the user.
Last week, the Chromium-based web browsers Brave and Vivaldi both pledged to disable FLoC technology on their browsers. As the two browsers are built on Chromium's code, it is important that both of the browsers came forward to clear any confusion about whether Google's FLoC technology had wormed its way into their own browsers.
“The privacy-affecting aspects of FLoC have never been enabled in Brave releases; the additional implementation details of FLoC will be removed from all Brave releases with this week’s stable release,” the company wrote, adding that it also removed FLoC in its “Nightly” version of the browser, the testing and development version of Brave that receives nightly updates.
Vivaldi co-founder and CEO Jon von Tetzchner also chimed in on FLoC, writing that "the FLoC experiment does not work in Vivaldi. It relies on some hidden settings that are not enabled in Vivaldi.”
As another comparison point, the web browsers Firefox and Safari disabled third-party tracking years ago by default. So, while FLoC obviously will not apply to those browsers, because they aren't based on Chromium, it’s also important that users understand that those browsers made privacy-protective moves long before Google’s FLoC experiment.
What this all means is that users actually have several options if they want to avoid FLoC and are open to using a new browser. They can try Vivaldi, Brave, Safari, or Firefox.
We wish users did not have to keep taking new steps to enjoy a private web experience, but until we've recreated the entire infrastructure of the Internet, Malwarebytes Labs will keep telling users how to stay private and safe online.
Update May 5th
DuckDuckGo Privacy Essentials and Malwarebytes Browser Guard both offer users the option to use their browser extension to block FLoC.
Websites that have FLoC enabled can access your FLoC ID, for example:
At the moment only a “small percentage” of Chrome users have been added to Google’s FLoC pilot in a quiet trial. Meaning that the users have not been informed about this. DuckDuckGo Privacy Essentials and Malwarebytes Browser Guard have both adapted their extension to assist users in dealing with this.
The extensions add a piece of opt-out code to the websites that have FLoC enabled, causing the FLoC code to throw an error.
The user will experience no ill effects and be shielded from being used in an experiment.