Connect with us


Google’s FLoC flies into headwinds as internet ad industry braces for instability • The Register



Analysis With Google testing its FLoC ad technology in preparation for the planned elimination of third-party cookies next year, uncertainty about potential problems and growing legal support for privacy is shaking up the digital ad industry.

The move away from third-party cookies will have significant financial impact on the ad industry, and the internet ecosystem that depends on advertising – assuming you accept studies that credit third-party cookies with meaningful [PDF] rather than minimal [PDF] revenue.

“Our analysis suggests that the publishing industry will have to replace up to $10 billion in ad revenue with a combination of first-party data gathered through a combination of paywalls and required registrations, and updated contextual targeting and probabilistic audience modeling (analytics that incorporate an array of unknown elements),” said consultancy McKinsey in a recent report.

disgusted man wincing

What the FLoC? Browser makers queue up to decry Google’s latest ad-targeting initiative as invasive tracking


In place of third-party data, a number of ad industry firms expect first-party platforms – e.g. Amazon selling ads on its own website to marketers using the customer data it has collected – will prosper and perhaps challenge the Google/Facebook duopoly.

“In contrast to third-party data, which is built from third-party cookies, first-party data is gathered by businesses which have interacted directly with consumers,” said Gowthaman Ragothaman, CEO of Aqilliz, a blockchain marketing analytics firm, in an email to The Register.

“Of course, digital marketers understand that it is the most powerful source of information for targeting and personalization purposes, as it provides more accurate and valuable insights into consumers’ behavior and buying patterns.”

Ragothaman believes there will be more focus on first-party data, though he expects a difficult transition. “Every publisher whether in emerging markets or developed markets understands the need to build its own first-party data platform,” he said. “But it is not easy. It cannot be done overnight either.”

Chocolate Factory plans

Google hopes FLoC and related web plumbing proposals, referred to collectively as Google’s Privacy Sandbox, will serve as substitutes for the sort of interest-based advertising and remarketing made possible by third-party cookies.

FLoC stands for Federated Learning of Cohorts. It’s being built into Google Chrome browser to replace the interest-based targeting made possible by third-party cookies, which other browser makers now mostly block by default for privacy reasons and Google has agreed to drop in Chrome next year.

FLoC is a browser API that groups people into cohorts or flocks of people with similar interests, based on the web domains they visit. It makes its calculations locally, in the browser, thereby preventing people’s web histories from being shared with third parties, in theory. It’s supposed to provide more privacy than third-party cookies though recent repudiations by other browser makers and privacy groups show that issue hasn’t been settled.


Google’s ‘privacy-first’ ad tech FLoC squawks when Chrome goes Incognito, says expert. Web giant disagrees


Google has a number of ad tech allies that have already expressed support for FLoc, like Criteo, NextRoll, Magnite, and RTB House. But other ad tech firms like LiveRamp, Mediamath, Pacvue, and The Trade Desk are working on alternative ad targeting schemes, in part because there’s an opportunity to innovate and in part because FLoC may fail.

FLoC’s requirement that Chrome users be signed-in to their Google Accounts, Ragothaman observes, presents problems under Europe’s GDPR data privacy rules where explicit user consent is required.

“At the moment, selected Google Chrome users are automatically added to the cohorts, without the option to opt out for their trials, which has not gone down well in the industry,” he said. “If Google fails to implement measures that sufficiently address lawmakers’ privacy concerns, there’s a possibility that FLoC will not become a reality in the EU.”

“This would certainly have a significant impact on the advertising supply chain in the bloc once third-party cookies are phased out, given that Google commands as much as 90 per cent of the search engine market share in Europe. As such, Google has delayed their next solution, FLEDGE, by almost a year.”

Zach Edwards, co-founder of web analytics biz Victory Medium, told The Register that he expects FLoC will be deployed but hopes it will be abandoned for more promising Privacy Sandbox proposals like FLEDGE.

“FloC is an automated audience creation process that is obviously not compliant with GDPR due to FLoC’s opt-out framework, and FloC is brushing right up against non-compliance with value transfer user data restrictions in CCPA and other frameworks restricting automated profiling,” he said. “FLoC was dreamed up by math bros at Google who wanted to try and break consent on the internet just one more time.”

That sentiment has been expressed by organizations like The Electronic Frontier Foundation, which recently called FLoC “a terrible idea.” But more damning is the disinterest coming from other browser makers.

Browser makers not keen

Earlier this week, Apple WebKit security and privacy engineer John Wilander expressed concern that Google’s FLoC algorithm, being tested in Google’s Chrome browser, can be used to construct identifiers for tracking people as they visit different websites.

Doubts about FLoC have become more evident in the past few days. Rival browser makers Brave and Vivaldi have indicated they believe FLoC poses a privacy threat and say they won’t support it. Mozilla has been more cautious, merely signaling current indifference. And Wilander’s worries suggest Apple isn’t likely to adopt the technology in Safari, which is hardly surprising given Apple’s public stance on privacy. (Apple didn’t respond to a request for comment.)

That leaves Microsoft Edge as the only plausible ally among the major browser makers. Edge users have recently asked for clarification about FLoC but Microsoft has not made any formal commitment. The Register understands that’s because FLoC isn’t currently a web standard. If Google manages to finesse FLoC to an acceptable state then support could be forthcoming.

What concerns Wilander is that over time, Cohort IDs, the numbers assigned to the multiple interest groups that become associated with a web user, may prove useful to create a unique identifier for that individual, perhaps in combination with other device-derived data points used for browser fingerprinting.

“Before the pandemic and some time back, I attended a Mew concert, a Ghost concert, Disney on Ice, and a Def Leppard concert,” he said, to illustrate his concern about the potential misuse of interest group identifiers. “At each of those events I was part of a large crowd. But I bet you I was the only one to attend all four.”

The Register asked Google whether it cared to address Wilander’s observations. A company spokesperson declined to comment directly but noted that FLoC is a collaborative project that is still underway and pointed out that Google mathematician Michael Kleber on Thursday posted a response to Wilander.

“This is indeed the “Longitudinal privacy” question,” Kleber said. “We’ve been considering a few different mitigations. As you know, this is an iterative and open process, and we expect to implement one or more of these solutions in future versions of FLoC.”

Work to be done

Aside from concerns about its technical soundness, the unfinished nature of FLoC makes it difficult to be certain how it will really function. It’s essentially a placeholder for an improved version of itself.

Clearly, a lot of work still needs to be done. Take for example the recent W3C Privacy Interest Group (PING)’s assessment of FLoC, which argues the technology’s use case is “a privacy harm in itself.” Or the issue raised by Steven Englehardt, privacy engineer at Mozilla, that Google’s FLoC proposal “makes false claims about the privacy properties provided by the anonymization techniques.” Or Terrence Eden’s question about why users would want FLoC. Or EFF technologist Bennett Cypher’s observation that FLoC’s SimHash algorithm may leak data.

FLoC’s state of flux is compounded by Google’s handling of the FLoC rollout. Edwards observes that Google’s decision to opt every website into the FLoC has put visitors to government websites at risk of deanonymization by linking them to cohort groups derived from their site visits.

The way to opt-out requires setting the Permissions-Policy header interest-cohort=(), which isn’t feasible for people with websites on some hosting platforms and, Edwards worries, may not have been clearly communicated to government IT admins.

Adalytics, an ad tech firm, confirmed as much when it found that websites for the European Data Protection Supervisor, the Irish Data Protection Authority, and the US National Security Agency, among others, all triggered updates for Chrome users’ FLoC IDs. So in theory, an adversary operating a website could read this ID and perhaps draw conclusions about whether a visitor had previously visited specific government websites.


EFF urges Google to ground its FLoC: ‘Pro-privacy’ third-party cookie replacement not actually great for privacy


Edwards said he’d be happy if FLoC flops but said he expects it will be deployed despite its rocky start. “For Google, FloC is ‘just the right amount of privacy, with a ton of revenue benefits’ – but for end users, this automated audience creation process baked into the browser has been a cluster-FLoC since day one,” he said.

Edwards expressed more enthusiasm for FLEDGE, another Privacy Sandbox proposal due for future testing that better aligns with privacy laws.

Even so, change isn’t easy. Witness the W3C Technical Architecture Group’s panning of First-Party Sets, another Privacy Sandbox proposal.

Gowthaman said there’s still a long way to go before the industry can make a transition from third-party data to first-party.

“It requires a complete overhaul to the existing technological infrastructures that are at play,” he said. “We need to capture the consent and convey the same across the digital supply chain, which requires large scale re-architecture. The industry understands the jobs to be done and the time is running out.”

In the meantime, he expects cohort-based targeting is inevitable, at least until the ad tech industry settles on a solution that scales. “There are quite a few players in the ad tech ecosystem experimenting with the cookie replacement solution,” he said. “Today there are as many as 80 Identity solutions in the marketplace, all trying to offer an alternative to cookies.”

Whatever happens, he argues, it’s imperative that the new technology infrastructure allows for legally compliant data-sharing across the digital supply chain.

Likewise, Marc Goldberg, chief revenue officer of Method Media Intelligence, a marketing analytics business, says that whatever technologies rise to replace third-party cookies, they must avoid repeating past mistakes.

“It is important that all of these options don’t resurface the problem of privacy in another form,” he said. “While the rates might go down (read premium for advanced targeting) and some things will break (or not work as well) in the end, the shift of spend to other mediums won’t happen. Eyeballs are still online and buyers will find them. The tactics and strategies will change, which is not a bad thing.” ®

Source link


Google becomes latest tech firm to delay reopening as Delta variant spreads | Google



Google has backtracked on plans to welcome most workers back to its sprawling campus in September, becoming the latest Silicon Valley company to delay reopening amid a surge in Covid cases.

The company announced Wednesday it is postponing a return to the office until mid-October and rolling out a policy that will eventually require everyone who returns in person to be vaccinated.

The decision sees Google join Apple and Netflix in postponing calling employees back to the office due to concerns about the highly transmissible Delta variant, which now accounts for more than 80% of new cases in the US. Twitter also halted reopening plans and closed offices last week due to the Delta variant.

In an email to Google’s more than 130,000 employees worldwide, chief executive officer Sundar Pichai said the company is now aiming to have most of its workforce back to its offices beginning 18 October instead of its previous target date of 1 September.

Google’s delay also affects tens of thousands of contractors who Google intends to continue to pay while access to its campuses remains limited.

“This extension will allow us time to ramp back into work while providing flexibility for those who need it,” Pichai wrote. This marks the third time Google has pushed back the date for fully reopening its offices.

Pichai said that once offices are fully reopened, everyone working there will have to be vaccinated. The requirement will be first imposed at Google’s headquarters in Mountain View, California, and other US offices, before being extended to the more than 40 other countries where Google operates.

Facebook announced a similar policy on Wednesday, saying it will make vaccines mandatory for US employees who work in offices. Apple is reportedly also considering requiring vaccines.

“This is the stuff that needs to be done, because otherwise we are endangering workers and their families,” said Dr Leana Wen, a public health professor at George Washington University and a former health commissioner for the city of Baltimore. “It is not fair to parents to be expected to come back to work and sit shoulder-to-shoulder with unvaccinated people who could be carrying a potentially deadly virus.”

Because children under the age of 12 aren’t currently eligible to be vaccinated, parents can bring the virus home to them from the office if they are around unvaccinated colleagues, Wen said.

The delays from these companies could influence other major employers to take similar precautions, given that the technology industry has been at the forefront of the shift to remote work triggered by the spread of Covid-19.

Even before the World Health Organization declared a pandemic in March 2020, Google, Apple and many other prominent tech firms had been telling their employees to work from home. Many others in the tech industry have decided to let employees do their jobs from remote locations permanently.

Google’s decision to require employees working in the office to be vaccinated comes on the heels of similar moves affecting hundreds of thousands government workers in California and New York as part of stepped-up measures to fight the delta variant. Joe Biden is expected to announce a mandate that all federal government workers be vaccinated.

The rapid rise in cases during the past month has prompted more public health officials to urge stricter measures to help overcome vaccine skepticism and misinformation.

While other major technology companies may follow suit now that Google and Facebook have taken stands on vaccines, employers in other industries still may be reluctant, predicted Brian Kropp, chief of research for the research firm Gartner. Less than 10% of employers have said they intend to require all employees to be vaccinated, based on periodic surveys by Gartner.

“Google is seen as being such a different kind of company that I think it’s going to take one or two more big employers to do something similar in terms of becoming a game changer,” Kropp said.

The Associated Press contributed to this report

Source link

Continue Reading


Privacy proves elusive in Google’s Privacy Sandbox • The Register



Google’s effort to build a “Privacy Sandbox” – a set of technologies for delivering personalized ads online without the tracking problems presented by cookie-based advertising – continues to struggle with its promise of privacy.

The Privacy Sandbox consists of a set of web technology proposals with bird-themed names intended to aim interest-based ads at groups rather than individuals.

Much of this ad-related data processing is intended to occur within the browsers of internet users, to keep personal information from being spirited away to remote servers where it might be misused.

So, simply put, the aim is to ensure decisions made on which ads you’ll see, based on your interests, take place in your browser rather than in some backend systems processing your data.

Google launched the initiative in 2019 after competing browser makers began blocking third-party cookies – the traditional way to deliver targeted ads and track internet users – and government regulators around the globe began tightening privacy rules.

The ad biz initially hoped that it would be able to develop a replacement for cookie-based ad targeting by the end of 2021.

But after last month concluding the trial of its flawed FLoC – Federated Learning of Cohorts – to send the spec back for further refinement and pushing back its timeline for replacing third-party cookies with Privacy Sandbox specs, Google now acknowledges that its purportedly privacy-protective remarketing proposal FLEDGE – First Locally-Executed Decision over Groups Experiment – also needs a tweak to prevent the technology from being used to track people online.

On Wednesday, John Mooring, senior software engineer at Microsoft, opened an issue in the GitHub repository for Turtledove (now known as FLEDGE) to describe a conceptual attack that would allow someone to craft code on webpages to use FLEDGE to track people across different websites.

That runs contrary to its very purpose. FLEDGE is supposed to enable remarketing – for example, a web store using a visitor’s interest in a book to present an ad for that book on a third-party website – without tracking the visitor through a personal identifier.

Michael Kleber, the Google mathematician overseeing the construction of Privacy Sandbox specs, acknowledged that the sample code could be abused to create an identifier in situations where there’s no ad competition.

“This is indeed the natural fingerprinting concern associated with the one-bit leak, which FLEDGE will need to protect against in some way,” he said, suggesting technical interventions and abuse detection as possible paths to resolve the privacy leak. “We certainly need some approach to this problem before the removal of third-party cookies in Chrome.”

In an email to The Register, Dr Lukasz Olejnik, independent privacy researcher and consultant, emphasized the need to ensure that the Privacy Sandbox does not leak from the outset.

It will all be futile if the candidates for replacements are not having an adequate privacy level on their own

“Among the goals of Privacy Sandbox is to make advertising more civilized, specifically privacy-proofed,” said Olejnik. “To achieve this overarching goal, plenty of changes must be introduced. But it will all be futile if the candidates for replacements are not having an adequate privacy level on their own. This is why the APIs would need to be really well designed, and specifications crystal-clear, considering broad privacy threat models.”

The problem as Olejnik sees it is that the privacy characteristics of the technology being proposed are not yet well understood. And given the timeline for this technology and revenue that depends on it – the global digital ad spend this year is expected to reach $455bn – he argues data privacy leaks need to be identified in advance so they can be adequately dealt with.

“This particular risk – the so-called one-bit leak issue – has been known since 2020,” Olejnik said. “I expect that a solution to this problem will be found in the fusion of API design (i.e. Turtledove and Fenced Frames), implementation level, and the auditing manner – active search for potential misuses.

“But this particular issue indeed looks serious – a new and claimed privacy-friendly solution should not be introduced while being aware of such a design issue. In this sense, it’s a show-stopper, but one that is hopefully possible to duly address in time.” ®

Source link

Continue Reading


Government plans €10m in funding for green and digital business projects



The Government and Enterprise Ireland are providing two funds to regional Irish businesses in a bid to help them transition to a greener, digital economy.

The Government has today (29 July ) announced it will provide €10m in funding through Enterprise Ireland to projects supporting digitalisation and the transition to a green economy.

The Regional Enterprise Transition Scheme, worth €9.5m, will provide grant funding to regional and community-based projects focused on helping enterprises to adapt to the changing economic landscape due to Covid-19 and Brexit.

Leo Clancy, CEO, Enterprise Ireland said: “The Regional Enterprise Transition Scheme is aimed at supporting regional development and the regional business eco-system, helping to create and sustain jobs in the regions impacted by Covid-19.”

Grants of up to €1.8m or 80pc of project cost are available to businesses. The projects should aim to address the impact of Covid-19 and improve the capability and competitiveness of regional enterprises.

The call for the Regional Enterprise Transition Scheme will close on 8 September 2021. The successful projects will be announced in October and all funding will be provided to the successful applicants before the end of the year.

Support Silicon Republic

A separate funding scheme, the €500,000 Feasibility Study fund, will provide financial support to early-stage regional enterprise development projects.

Launching the funding schemes, Minister of State for Trade Promotion, Digital and Company Regulation, Robert Troy TD said the funds would “help stimulate transformational regional projects to support enterprises embrace the opportunities of digitalisation, the green economy as well as navigate the changed landscape arising from Covid-19.”

Minister of State for Business, Employment and Retail, Damien English TD commented at the launch that the funds would help “build Covid-19 and Brexit resilience and enable applicants to support enterprises and SMEs to respond to recent economic and market challenges which also includes the transition to a low carbon economy, digital transformation and smart specialisation.”

The Feasibility Fund is open to new projects, with grants available of up to €50,000 or 50pc of project cost and will allow promoters to test their project concept and deliver virtual or site-based solutions to their target audience.

Applications for the Feasibility Fund close on 1st October 2021.

For more information and details on how to apply for the funds, see here and here.

Source link

Continue Reading


Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!