Ad profiling and cookies are a business that is worth 150 billion a year for Google alone. A disturbing invasion of privacy. Online advertising that feeds on users by registering and following them everywhere on the internet through threatening cookies. In January, Google announced its intention to replace cookies . The goal is to address user concerns regarding online tracking, but at the same time raise new ones.
Google and ad profiling cookies: re-discuss a surveillance-based business
Users are classified into groups based on their online behaviors. The classification takes place by means of Machine Learning. The system creates an "ID" for each group. The ID will be shared by the browser to the sites visited and to advertising companies. To be shared is not the history of the web pages but a unique number generated by its processing. The code represents a group of people whose identity is the sum of all recently visited sites .
The criticisms of the web
Many doubts have been raised through the public platform GitHub for months. For example, one wonders how to tackle the problem of discriminatory biases of artificial intelligence . Exposing users' preferences makes them easy prey for attacks : if a criminal wants to lure specific categories of users he can do it in a cheaper and unfortunately also scalable way.
This technology does not provide the ability to decide "which" site has access to "which" information. If the user has a disease and inquires online, his / her ID may include information about his / her condition. The information would be available to all sites visited. And as Steven Englehardt, Privacy Engineer at Mozilla points out, the user may not want every site to know about their health and sexual preferences .
EFF: “We don't want to choose between 2 different types of surveillance. Privacy must be an option "
From the analyzes carried out by the experts of the Electronic Frontier Foundation, serious doubts arise about the FloC system. Each user would still be tracked by Google. To verify that the system does not automatically generate small, restricted groups of easily identifiable users. Or groups based on too sensitive characteristics such as mental health. This criticality would be addressed by a centralized service which then processes all personal information of users such as race, income, gender, religion and health.
Two main problems, according to EFF:
- The unique fingerprint : each browser is uniquely identifiable because it spontaneously sends some data relating to the device used. This has been a known problem for a long time and this data can be combined together with FLoC's unique ID would allow advertisers to have considerable accuracy in identifying the user.
- Reverse Engineering . The ID created is determined (also) by the sites visited. According to EFF, it would be possible for an algorithm to be created to create all the possible codes and therefore to hypothesize the sites consulted more accurately .
If the user logs in to a site and the advertising ID is linked. It is therefore possible to understand what kind of person the user is . For example, a group may represent political opinions, race, gender and other sensitive data.
FLoC is based on artificial intelligence, hash, statistics and K-anonymity. Talking about this issue is extremely complex and it is natural to ask how users will give their consent not knowing in depth the criticalities of the system. There are flaws in all technologies . Finding them is complex and difficult to solve all of them. Remedying design errors that impact user privacy after its adoption may not be Google's priority. FLoC will begin to be used in April of this year. At the moment there is no news, but there would really be a need for a way to oppose the profiling that is through FLoC or cookies.
Article by Dario Puligheddu