blog: Don Marti


An advertising awards show in the browser?

23 November 2020

When adtech people, privacy developers, and the EFF can all agree that something is bad, it must be bad, right?

The proposed Federated Learning of Cohorts (FLoC) would replace the old-fashioned third-party cookie with a shorter identifier, calculated by a complex algorithm from your browsing activity. The cohort ID doesn't correspond to you individually but identifies you as part of a "cohort". Any site can call the JavaScript function document.interestCohort(); to find out which cohort you're in.

Cohort-based ads sound great, if you're in the cohort that gets ads featuring attractive Europeans driving new European cars on winding roads through the European woods. Or the cohort that gets ships cruising to scenic vacation destinations. But not all cohorts are going to get the good ads.

It's even worse when a cohort ID might leak a sensitive piece of information about you. There is no way to test FLoC with all the legacy sites on the web that might leak some kind of sensitive info. What if a user's pattern of play in a casual web game can leak something about their disability to the FLoC algorithm, and they stop getting certain job ads? Proving that FLoC protects user privacy is an unsolved problem, and might be mathematically impossible. So we have to assume that the a cohort ID leaks bits of sensitive personal info until it can be shown that it doesn't. And, of course, from the web publisher point of view, FLoC leakage is a business issue. The FLoC algorithm could "learn" the subscriber lists of niche publications that depend on ad revenue. Since any site can call interestCohort, a site like cheapAssCatGifs.com might be able to sell the audience of a site like expensiveCarTeardownReviews.com, just based on cohort ID.

The FLoC-powered awards show

So far, not so good. But offline, people actually buy posters and books of award-winning ads, so there must be some demand for the good ads. If only there were some way to get more of the good ads right in the browser.

That's where FLoC can really help.

Step one: Identify the good FLoC-based ads that appear on a set of sites, along with the cohort ID of the cohort that got them. For a first pass, pick out the ads that carry the most revenue for their weight. In general, the ad campaigns that are willing to pay more per impression are also the ones that have a budget for good creative work. At this point we have a first pass at a set of possibly good ads and can pick some good ones manually.

Step two: Keep track of which cohorts got the best ads, and share the highest ranking cohort with browsers that want to give their users the best experience.

Step three: the browser always responds to document.interestCohort(); with the winning cohort ID, for all users. No leakage of possibly sensitive info, the browser developers don't have to code and test a bunch of hard cohort math, and everybody gets the good ads. It's like an ad awards show in the browser. Could be updated every browser release.

What do you think?

Watch out, Facebook—Apple’s ad-tracking user protections are still on track

Once Again, Facebook Is Using Privacy As A Sword To Kill Independent Innovation

Introducing Cover Your Tracks!

YouTube will run ads on some creator videos, but it won’t give them any of the revenue

ID5 Is Building a Community to Bolster Its Universal ID

“Schrems III”? First Thoughts on the EDPB post-Schrems II Recommendations on International Data Transfers (Part 2)

What is header bidding?

Apple’s IDFA gets targeted in strategic EU privacy complaints

How the U.S. Military Buys Location Data From Ordinary Apps

CNAME Cloaking and Bounce Tracking Defense

The future of identity and addressability is people-based IDs