Google herds FLoC back to the lab for undisclosed post-third-party-cookie ad tech modifications

Privacy advocates say surgery on bird-themed system must happen in public


Google has decided to let the initial test of its FLoC ad technology conclude in a few days to work on improvements – though it isn't inclined to share feedback from test participants.

Privacy advocates would prefer if the online ad giant provided more insight into the test results, since Google's ongoing ad infrastructure rewrite affects every internet business and internet user, not to mention the digital ad industry generating $350bn annually.

FLoC stands for Federated Learning of Cohorts and promises a way to divide browser users into interest groups so they can be presented with interest-based ads without revealing personal information to advertisers. It's one proposal among many, collectively referred to as the Privacy Sandbox, intended to repackage targeted advertising technology so it can continue amid tighter privacy laws and technical limitations like the eventual discontinuation of third-party cookies.

Google last month bought itself another year-and-a-half or so to develop and deploy its Privacy Sandbox systems by pushing back the date when it will drop support for third-party cookies – a current mechanism by which ads get targeted that has fallen out of favor. And it now appears the search ad giant intends to take advantage of the extra time to make its Privacy Sandbox less of a sieve.

Google's FLoC "Origin Trial," which began in March, is set to conclude on July 13. During that period, things have not gone well. Privacy advocates have spotted potential concerns and rival browser makers have declared their disinterest in the technology.

While those participating in the trial – web publishers, ad tech companies, and the like – have expressed interest in extending the test, Google opted to retreat and regroup.

"We’ve decided not to extend this initial Origin Trial," said senior software engineer Josh Karlin in a forum post last week. "Instead, we’re hard at work on improving FLoC to incorporate the feedback we’ve heard from the community before advancing to further ecosystem testing."

F-words all round

Then on Wednesday, in a Web Commerce Interest Group (WCIG) meeting on a related Privacy Sandbox proposal called First Locally-Executed Decision over Groups Experiment (FLEDGE), Google mathematician Michael Kleber said while comments about FLoC made through public channels exist, the company doesn't intend to disclose private feedback from those testing the technology.

"The main summary of that feedback will be the next version, and you can surmise based on what features (and the reasoning for these changes) are available in the next version," Kleber explained, according to the meeting transcript.

Via Twitter, Dr Lukasz Olejnik, independent privacy researcher and consultant, questioned that approach, asking whether the public is just supposed to guess what was said by interpreting technical changes.

Kleber responded, "We write extensively about all the design aspects of our proposals! And we get lots of feedback, which is often public. But when people give us private feedback, we don't publish it."

In an email to The Register, Olejnik said the frontal critique of FLoC has clearly made a strong impression and that he expects Google's design and development teams will take advantage of the extra time to revise the technology.

"FloC greatly suffered due to an apparent lack of coherent PR/communications, or ideas for the privacy lines to adopt," he said. "It may also seem as if some strategic mistakes happened here as well. [Whether that's] because of the initial desire to move at an impressively rapid pace is anyone's guess."

Olejnik said he wondered whether it makes sense to not describe the nature of changes made to the Privacy Sandbox in response to feedback. "I would consider that such explanations would be helpful, and leaving analysts to decipher the rationale from the design decisions is pretty non-transparent," he said.

'Tone deaf and too clever by half'

In a phone interview with The Register, Ashkan Soltani, a privacy researcher and former Federal Trade Commission technologist, said Google's approach to FLoC was typical for the company, "tone deaf and too clever by half in that it tries to engineer a solution to a human problem and misses the mark."

The issue people have is not with cookies per se, he said, "the thing people take issue with is the passive collection and inference of their preferences. FLoC does that by default and broadcasts those to more sites because it's based on a first-party context. It further perpetuates a business model that people have problems with."

The challenge Google faces to have people accept its Privacy Sandbox vision is that the regulatory and competitive environment is a lot more complicated now than it was when the web was being invented and technical decisions could be made by fiat.

Soltani pointed to how the decision of a single Netscape engineer to allow third-party cookies to be set by default laid the groundwork for the ad industry.

"For better or worse, the negative externalities and problems the industry created with privacy and divisive content, all those things weren't pondered at the time," he explained. "Now those decisions need to be more careful. Where you draw that line and how you draw that line affects billions of dollars."

Further complicating the situation is pushback from existing ad tech companies that profit from the status quo. Soltani pointed to the efforts of James Roswell, CEO of data service biz 51degrees, to shape web standards in a way that suits marketers.

"His group is responsible for the lawsuit [against Google] by the UK Competition and Markets Authority (CMA)," said Soltani. "He has been incredibly successful and problematic in the W3C process in terms of finding ways to disrupt and undermine the standards making process."

Soltani also pointed out that the W3C leadership has been trying to expand its dues paying membership, which has brought more ad tech firms into the standards-making process.

That's made the voices of the few organizations advocating for internet users harder to hear. And one of those organizations, Mozilla, has become less vigorous in its defense of privacy.

"Mozilla has been slow to adapt and has not engaged," Soltani said, attributing the shift in part to layoffs that affected its policy team. "It's been playing a wait-and-see strategy. The one saving grace [in terms of user-focused advocacy in the standards process] has been Apple and folks like [WebKit engineer] John Wilander."

"You can't be blind to the fact that who can participate [in the standards process] and how much time they have will dictate outcomes," he said. "At the end of the day, I do think while standards are important, as they bleed into policy debates, there's a question to the transparency and legitimacy of the standards making process if it's skewed to [W3C] members."

In other words, if there are concerns about FLoC, perhaps they should be disclosed to the public and addressed in the open. ®

Broader topics


Other stories you might like

  • VMware claims 'bare-metal' performance from virtualized Nvidia GPUs
    Is... is that why Broadcom wants to buy it?

    The future of high-performance computing will be virtualized, VMware's Uday Kurkure has told The Register.

    Kurkure, the lead engineer for VMware's performance engineering team, has spent the past five years working on ways to virtualize machine-learning workloads running on accelerators. Earlier this month his team reported "near or better than bare-metal performance" for Bidirectional Encoder Representations from Transformers (BERT) and Mask R-CNN — two popular machine-learning workloads — running on virtualized GPUs (vGPU) connected using Nvidia's NVLink interconnect.

    NVLink enables compute and memory resources to be shared across up to four GPUs over a high-bandwidth mesh fabric operating at 6.25GB/s per lane compared to PCIe 4.0's 2.5GB/s. The interconnect enabled Kurkure's team to pool 160GB of GPU memory from the Dell PowerEdge system's four 40GB Nvidia A100 SXM GPUs.

    Continue reading
  • Nvidia promises annual datacenter product updates across CPU, GPU, and DPU
    Arm one year, x86 the next, and always faster than a certain chip shop that still can't ship even one standalone GPU

    Computex Nvidia's push deeper into enterprise computing will see its practice of introducing a new GPU architecture every two years brought to its CPUs and data processing units (DPUs, aka SmartNICs).

    Speaking on the company's pre-recorded keynote released to coincide with the Computex exhibition in Taiwan this week, senior vice president for hardware engineering Brian Kelleher spoke of the company's "reputation for unmatched execution on silicon." That's language that needs to be considered in the context of Intel, an Nvidia rival, again delaying a planned entry to the discrete GPU market.

    "We will extend our execution excellence and give each of our chip architectures a two-year rhythm," Kelleher added.

    Continue reading
  • Now Amazon puts 'creepy' AI cameras in UK delivery vans
    Big Bezos is watching you

    Amazon is reportedly installing AI-powered cameras in delivery vans to keep tabs on its drivers in the UK.

    The technology was first deployed, with numerous errors that reportedly denied drivers' bonuses after malfunctions, in the US. Last year, the internet giant produced a corporate video detailing how the cameras monitor drivers' driving behavior for safety reasons. The same system is now apparently being rolled out to vehicles in the UK. 

    Multiple camera lenses are placed under the front mirror. One is directed at the person behind the wheel, one is facing the road, and two are located on either side to provide a wider view. The cameras are monitored by software built by Netradyne, a computer-vision startup focused on driver safety. This code uses machine-learning algorithms to figure out what's going on in and around the vehicle.

    Continue reading

Biting the hand that feeds IT © 1998–2022