Google FLoC, Federated Learning of Cohorts, is a technology tested by Google to track people online. The Electronic Frontier Foundation says that it is a terrible idea. People at Mozilla says that FLoC creates significant risks regarding privacy. It's not enabled by Google everywhere yet, but if you use Google Chrome or Chromium to browse the web, you can check whether FLoC is enabled for you or switch to another web browser without FLoC.
The FLoC specifications draft has a section about sensitive information. You are invited to read it but I will summarize it here: FLoC can and will reveal sensitive information, we cannot surely prevent that because it's difficult, fuck you.
I searched in the Chromium open-source FLoC implementation how sensitive information was managed. The draft says "As a first mitigation, the browser should remove sensitive categories from its data collection", but I have not found anything about removing obviously sensitive categories. Things like avoiding to track and share LGBT websites from the browser history of people coming from countries with capital punishement for homosexuality. I may have missed it though, it's a huge codebase, and I would gladly be proven wrong. But if it's there, it's not easy to spot.
From my understanding of the current implementation, any website with ads or using the FLoC API gets FLoC. It corresponds to what the FLoC draft says "at the adoption phase, the page can be eligible to be included in the interest cohort computation if there are ads resources in the page, OR if the API is used."
The list used in Chromium to identify ads is based on EasyList, a list created and maintained by people to block ads. It's a bit ironic that Google uses the work of people blocking ads to track people for advertising reasons.
The list blocks ads in porn websites, so if you visit porn websites with ads, FLoC will be enabled and track your porn preferences and share this potentially sensitive information to other ads networks. To be honest, the most popular porn website includes Google Analytics so it's not like your porn preferences were unknown to Google before. But I think it shows that FLoC is definitely not an improvement.
The list also has some generic filters that can generate false positive. So you can enable FLoC on many websites that have not explicitly disabled FLoC by having an image with common ads names, like 300x250.jpg. For example, a lot of wiki websites are vulnerable because they allow users to rename images.
Currently, FLoC is not enabled for everyone everywhere, but Google should consider stopping this project, set https://adservice.google.com/settings/do_ad_settings_allow_floc_poc to always return [false,false,false]
and eventually remove the FLoC implementation from Chromium and Chrome.
Antoine — 2021-06-17