Google has decided to let the initial test of its FLoC ad technology conclude in a few days to work on improvements but isn’t inclined to share feedback from test participants.
Privacy advocates would prefer if the online ad giant provided more insight into the test results, since Google’s ongoing ad infrastructure rewrite affects every internet business and internet user, not to mention the digital ad industry generating $350bn annually.
FLoC stands for Federated Learning of Cohorts and promises a way to divide browser users into interest groups so they can be presented with interest-based ads without revealing personal information to advertisers. It’s one proposal among many, collectively referred to as the Privacy Sandbox, intended to repackage targeted advertising technology so it can continue amid tighter privacy laws and technical limitations like the eventual discontinuation of third-party cookies.
Google last month bought itself another year-and-a-half or so to develop and deploy its Privacy Sandbox systems by pushing back the date when it will drop support for third-party cookies – a current mechanism by which ads get targeted that has fallen out of favor. And it now appears the search ad giant intends to take advantage of the extra time to make its Privacy Sandbox less of a sieve.
Google’s FLoC “Origin Trial,” which began in March, is set to conclude on July 13. During that period, things have not gone well. Privacy advocates have spotted potential concerns and rival browser makers have declared their disinterest in the technology.
While those participating in the trial – web publishers, ad tech companies, and the like – have expressed interest in extending the test, Google opted to retreat and regroup.
“We’ve decided not to extend this initial Origin Trial,” said senior software engineer Josh Karlin in a forum post last week. “Instead, we’re hard at work on improving FLoC to incorporate the feedback we’ve heard from the community before advancing to further ecosystem testing.”
F-words all round
Then on Wednesday, in a Web Commerce Interest Group (WCIG) meeting on a related Privacy Sandbox proposal called First Locally-Executed Decision over Groups Experiment (FLEDGE), Google mathematician Michael Kleber said while comments about FLoC made through public channels exist, the company doesn’t intend to disclose private feedback from those testing the technology.
“The main summary of that feedback will be the next version, and you can surmise based on what features (and the reasoning for these changes) are available in the next version,” Kleber explained, according to the meeting transcript.
Via Twitter, Dr Lukasz Olejnik, independent privacy researcher and consultant, questioned that approach, asking whether the public is just supposed to guess what was said by interpreting technical changes.
Kleber responded, “We write extensively about all the design aspects of our proposals! And we get lots of feedback, which is often public. But when people give us private feedback, we don’t publish it.”
In an email to The Register, Olejnik said the frontal critique of FLoC has clearly made a strong impression and that he expects Google’s design and development teams will take advantage of the extra time to revise the technology.
“FloC greatly suffered due to an apparent lack of coherent PR/communications, or ideas for the privacy lines to adopt,” he said. “It may also seem as if some strategic mistakes happened here as well. [Whether that’s] because of the initial desire to move at an impressively rapid pace is anyone’s guess.”
Olejnik said he wondered whether it makes sense to not describe the nature of changes made to the Privacy Sandbox in response to feedback. “I would consider that such explanations would be helpful, and leaving analysts to decipher the rationale from the design decisions is pretty non-transparent,” he said.
‘Tone deaf and too clever by half’
In a phone interview with The Register, Ashkan Soltani, a privacy researcher and former Federal Trade Commission technologist, said Google’s approach to FLoC was typical for the company, “tone deaf and too clever by half in that it tries to engineer a solution to a human problem and misses the mark.”
The issue people have is not with cookies per se, he said, “the thing people take issue with is the passive collection and inference of their preferences. FLoC does that by default and broadcasts those to more sites because it’s based on a first-party context. It further perpetuates a business model that people have problems with.”
The challenge Google faces to have people accept its Privacy Sandbox vision is that the regulatory and competitive environment is a lot more complicated now than it was when the web was being invented and technical decisions could be made by fiat.
Soltani pointed to how the decision of a single Netscape engineer to allow third-party cookies to be set by default laid the groundwork for the ad industry.
“For better or worse, the negative externalities and problems the industry created with privacy and divisive content, all those things weren’t pondered at the time,” he explained. “Now those decisions need to be more careful. Where you draw that line and how you draw that line affects billions of dollars.”
Further complicating the situation is pushback from existing ad tech companies that profit from the status quo. Soltani pointed to the efforts of James Roswell, CEO of data service biz 51degrees, to shape web standards in a way that suits marketers.
“His group is responsible for the lawsuit [against Google] by the UK Competition and Markets Authority (CMA),” said Soltani. “He has been incredibly successful and problematic in the W3C process in terms of finding ways to disrupt and undermine the standards making process.”
Soltani also pointed out that the W3C leadership has been trying to expand its dues paying membership, which has brought more ad tech firms into the standards-making process.
That’s made the voices of the few organizations advocating for internet users harder to hear. And one of those organizations, Mozilla, has become less vigorous in its defense of privacy.
“You can’t be blind to the fact that who can participate [in the standards process] and how much time they have will dictate outcomes,” he said. “At the end of the day, I do think while standards are important, as they bleed into policy debates, there’s a question to the transparency and legitimacy of the standards making process if it’s skewed to [W3C] members.”
In other words, if there are concerns about FLoC, perhaps they should be disclosed to the public and addressed in the open. ®