Most browsers are already blocking third-party cookies and Chrome is planning to ditch support for them by 2022. So the race is on to find viable alternatives to cookies without compromising end-user privacy.
Most are named after birds, such as TurtleDove, Sparrow, Parrot and Tern. No idea why, but it probably sounded cool to the creators. Google seems to be leading the pack with a suite of proposed technologies. One of these is named FLoC (Federated Learning of Cohorts). But a more appropriate name for it would be Dead Duck.
What is FLoC and how does it work?
FLoC is a potential new standard for browsers that will satisfy third-party advertising requirements without needing cookies or other tracking mechanisms.
According to Google: ‘FLoC will enable interest-based advertising on the web without letting advertisers know your identity. Instead, you’ll be associated with a cohort — a group of users large enough to make you at least semi-anonymous to the companies targeting you.’
For example, suppose I am a fan of motorcycle racing. Instead of being identified individually, FLoC will group me with other motorcycle racing fans. If I start browsing other areas of interest, such as Formula One, the technology could add me to that cohort too.
Websites would be able to query this data from my browser and use it to target me based on my cohort data instead of personally identifiable information.
This sounds good — why is it a dead duck?
It turns out the only people who like Google’s FLoC are Google. Other major browsers such as Safari, Edge, Firefox and Brave have all raised alarm over privacy concerns in FLoC and will be blocking it.
You could easily dismiss this as just browser wars. But other sections of the web are also brandishing their privacy pitchforks. The Electronic Frontier Foundation, a non-profit organization that aims to defend civil liberties on the web, even wrote an article titled Google’s FLoC is a terrible idea.
Because Chrome has 62% of the browser market, nothing can stop them pushing FLoC through despite industry concerns. But when a platform vendor like WordPress, which hosts over 40% of all websites, considers it a security concern we need to sit up and listen.
In April, WordPress published a request for comments (RFC) proposing to treat FLoC like a security concern. It cited the EFF’s concern that placing people in groups based on their browsing habits is likely to facilitate employment, housing and other types of discrimination; and predatory targeting of unsophisticated consumers.
This is in addition to making it more difficult for regulators to protect people; and shortcomings in preventing fingerprinting (when sites force you to hand over information); cross-content exposure (sharing personal information with trackers, seemingly without consent); and — the biggest issue — requiring users to explicitly opt out through browser preferences.
If the RFC is accepted, WordPress will block FLoC by default. Furthermore, because they will be treating it as a security concern, they will likely roll it out as part of a minor, security-related release instead of waiting for the next major WordPress release.
According to the RFC, website administrators would be allowed to opt in to FLoC eventually, but it will be disabled by default. The comments on the RFC seem to overwhelmingly support that approach, so I expect it to eventually be in the WordPress core.
62% market domination will mean nothing if FLoC is blocked on 40% of all websites.
How does this impact you as a Kurtosys client?
DXM, one of our core products, is powered by WordPress. If the RFC is accepted, it will be included as part of a security update. We do not block security updates and tend to push them out as priority.
So all DXM sites may eventually block FLoC by default until WordPress provides a mechanism for site administrators to opt in.
Although it is possible to override this filter through the WordPress core, it is highly unlikely we would do this as it goes against our security and development practices to alter the core. We will monitor the RFC and update our strategy accordingly.
If FLoC is dead, what is the future?
In its current iteration, FLoC will not get any backing from other browsers and platform vendors. Without mass adoption, it will be relegated and lumped into the same group as third-party cookies.
Although it is a far better alternative to cookies, I don’t believe FLoC has a bright future until its privacy concerns are resolved.
There are alternatives, like Trade Desk’s UID2. But this also favors advertiser data, not consumer privacy and will likely suffer the same fate as FLoC.
With stories like the US charging Facebook with racial discrimination, it is no surprise governments and vendors are now riling against ad tracking in all forms.
Key points
- Google’s cookie alternative FLoC will be a dead duck unless it addresses concerns around privacy, security and discrimination.
- The alternatives are not clear, but Kurtosys DXM will probably need to disable FLoC as a default.
Further reading
- Amazon is blocking Google’s FLoC
- The Competition and Markets Authority (CMA) in the UK has also launched an investigation into FLoC
Smart solutions
We are proud of our fast, secure, scalable and easy-to-use technology. We love solving our clients’ problems with smart applications of technology and creativity.
Are you struggling to keep up with changing trends? Do you need to automate difficult and costly processes, deliver critical data at pace or enhance your customers’ digital and web experience? If so, get in touch today. Talk to our team and arrange a demonstration of how our tools and services can add value to your digital transformation.