Just over a year ago, Google announced its replacement for third-party cookies, which it called Federated Learning of Cohorts (FLoC), to overwhelmingly negative reviews.
Last week it announced a proposed replacement called Topics, to mixed reviews.
“While Topics improves in some areas over FloC, it has some of the same fundamental problems as FloC,” Bennett Cyphers, a staff technologist at the Electronic Frontier Foundation, said in an email to ITWorldCanada. “First and foremost, it’s a new way for browsers to expose information about your browsing history to websites, advertisers, and anyone else you interact with on the web. The only way to spin this as anything other than bad for privacy is if you’re comparing it to something else that is even worse for privacy.”
Helen Huang, director of product management at Securiti, said the new solution is “a shift that provides a simpler approach with increased transparency for consumers. Rather than inferring interests about a consumer and keeping that information opaque to the end-user, the new approach uses a human-readable format that allows users to identify which topics are being sent about them. Users can review and remove these topics or turn off the API altogether. This gives users more visibility and control over what is being shared. The overall approach also reduces the amount of cross-site identification information, reducing the amount of fingerprinting data – which helps improve privacy.”
While this simpler approach should be more appealing to consumers, “we will have to see if advertisers and other browser makers embrace the API.”
The BBC quoted an unnamed marketing executive saying: “This constant indecision does not inspire confidence.”
Third-party cookies are loved by advertisers, marketers and content publishers. According to Cookie-script.com, they are stored under a different domain than one a user is currently visiting. They are mostly used to track users between websites and display more relevant ads between websites. Or they can support chat functionality provided by a third-party service.
But under pressure from privacy advocates and laws like the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act, browser makers have promised to drop third-party cookies. Not wanting to miss out on a technology advertisers and others can use, Google wants there to be a replacement.
According to the EFF, FLoC was meant to be a new way to make your browser do the profiling that third-party trackers used to do themselves. A browser with FLoC enabled would collect information about its user’s browsing habits, then use that information to assign its user to a “cohort” or group. Users with similar browsing habits—for some definition of “similar”—would be grouped into the same cohort. Each user’s browser will share a cohort ID, indicating which group they belong to, with websites and advertisers.
The EFF and others complained that the more ways your browser looks or acts different from others, the easier it is to fingerprint, and therefore is a privacy risk.
Google hopes Topics is an improvement. The intent of the Topics API is to provide third-party ad-tech or advertising providers with coarse-grained advertising topics that the page visitor might currently be interested in, the company says. “These topics will supplement the contextual signals from the current page and can be combined to help find an appropriate advertisement for the visitor.”
For each week, the user’s top five topics are calculated using browsing information local to the browser. One additional topic, chosen uniformly at random, is appended for a total of six topics associated with the user for that week.
At the end of three weeks the Topics will be deleted and a new list starts.
However, a lot of work still has to be done. “The API is not finalized,” says Google. “The parameters below (e.g., taxonomy size, number of topics calculated per week, the number of topics returned per call, etc.) are subject to change as we incorporate ecosystem feedback and iterate on the API.”
The initial taxonomy (proposed for experimentation) will include somewhere between a few hundred and a few thousand topics and will attempt to exclude “sensitive topics.” (Google plans to work with external partners to help define sensitive topics). “The eventual goal is for the taxonomy to be sourced from an external party that incorporates feedback and ideas from across the industry,” says Google.
Google’s privacy goals for its solution are
- It must be difficult to re-identify significant numbers of users across sites using just the API;
- The API should provide a subset of the capabilities of third-party cookies;
- The topics revealed by the API should be less personally sensitive about a user than what could be derived using today’s tracking methods;
- Users should be able to understand the API, recognize what is being communicated about them, and have clear controls. This is largely a UX responsibility but it does require that the API be designed in a way such that the UX is feasible;
However, even Google admits the suggested Topics framework isn’t perfect. Enough information about a browser’s collection of Topics might allow information about the user to be deduced. For example, if several sites co-operate they could collect and share more than the five topics a browser collects in a week.
Until final details are worked out, it remains to be seen if advertisers and marketers will cheer or shrug at Google Topics.
Meanwhile Google says third-party cookies will remain in Chrome until 2023.