Old habits die hard.
Google’s new data harvesting venture is nasty. Called FLoC, this new advertising technology intends to replace third-party cookies and related technologies like third-party localStorage.This clearly is a dangerous step that harms user privacy.
Currently, it is being trialled in Google Chrome and is a part of the Chromium browser engine.
Now the real question; What is Vivaldi’s position on this new technology by Google?
This is a pretty valid question as we are based on Chromium. But the truth is that while we rely on the Chromium engine to render pages correctly, this is where Vivaldi’s similarities with Chrome (and other Chromium-based browsers) end.
At Vivaldi, we stand up for the privacy rights of our users. We do not approve tracking and profiling, in any disguise. We certainly would not allow our products to build up local tracking profiles.
Google will continue to build profiles, and track users, in the absence of third-party cookies and localStorage.
It presents FLoC as part of a set of so-called “privacy” technologies, but let’s remove the pretence here; FLoC is a privacy-invasive tracking technology.
The FLoC experiment does not work in Vivaldi. It relies on some hidden settings that are not enabled in Vivaldi.
The FLoC component in Chrome needs to call Google’s servers to check if it can function since Google is only enabling it in parts of the world that are not covered by Europe’s GDPR. It seems there is still some discussion as to whether FLoC could even be legal under the GDPR regulations. We will continue to follow this closely.
Although Vivaldi uses the Chromium engine, we modify the engine in many ways to keep the good parts but to make it safe for users; we do not allow Vivaldi to make that sort of call to Google.
We will not support the FLoC API and plan to disable it, no matter how it is implemented. It does not protect privacy and it certainly is not beneficial to users, to unwittingly give away their privacy for the financial gain of Google.
Traditionally, many websites relied legitimately on third-party cookies to maintain logins. Blocking third-party cookies would break these logins. But because these were abused for tracking, some browsers started blocking third-party cookies anyway.
Websites have steadily moved towards alternative solutions for logins that do not rely on third-party cookies, and very soon, third-party cookies could be disabled by default in all browsers.
This presents a challenge for ‘tracking’ companies such as Google who want to remain dominant, and so they look for alternatives. FLoC is one of them.
Third-party cookies — one of the fundamental technologies relied upon by advertisers — can be used to build up behavioural profiles of users. Instead of contextual adverts based on what page the user is currently looking at, these behavioural profiles display targeted advertising that matches the user’s personality.
Such adverts may be seen as a way to make money but can be used to influence user behaviour and control people in large numbers. They can even be tied to a social media account, a name, an actual person, their friends and relatives, and everything they have ever posted about themselves.
The vast majority of online adverts and trackers belong to just a few major corporations such as Google and Facebook. These corporations gather vast amounts of data from all of the trackers they supply and get to know all those private aspects of your personality.
This sort of tracking — one of the biggest invasions of privacy of our time — threatens our individuality. It compromises our privacy. Yet it is allowed because we have become accustomed to it, and people do not have a voice loud enough.
At Vivaldi, we believe that it should not be legal for a company to build up profiles about you. There should be no right to build profiles, with or without permission. There should be no way to consent. Not by clicking on an “OK” button. Not in any other way.
Ads or tracking resources (scripts or “tracking pixels”) are included on pages where their adverts are hosted. The first time the browser loads one, the tracker sets a third party cookie with a unique identifier.
Every time the user requests a tracking resource, the cookie gets sent to the tracker, and the tracker associates it with the data from previous requests. Over time, as a visitor visits several websites which have trackers from that same company, the company can build up a picture of the user’s behaviour. What pages they look at, what their political views are, what medical conditions they might have, where they live, and how much of their time is spent online.
The more intrusive trackers can watch what you type on the page, and how you move your mouse.
FLoC intends to do all of the profiling work within the browser. The browser sees everything you browse, so it gathers the data about your browsing habits and determines your preferences.
This is not like a browser maintaining your browsing history for you. It is analysing your personal behaviour, for Google. It decides which aspects of your browsing behaviour are important, and if enough other people share that behaviour, it assigns you the same ID as all of them.
Advertising companies no longer get to see a unique identifier so they cannot see exactly what you browsed — unless they also happen to be the same company that makes the browser you are using — so they cannot see you specifically. It does sound great.
But they can see that every person who buys certain medical products seems to be in the group (FLoC) 1324, or 98744, or 19287.
Now things start getting ugly.
So if you have one of those FLoC IDs, they can display ads for that product — even if that particular medical condition is something you would rather keep to yourself.
It’s all anonymised. Sounds like it should be all right, but that is far from the truth.
They can still work out that you have that certain medical issue. That you seem to be in a certain age group, or that you seem to have certain character traits because you share the same ID as other people that have those traits.
Statistical analysis of those IDs is harder for small ad companies. They don’t get quite so much data to work with. They don’t see every website where that FLoC ID appears.
The company that gets to know the most about that ID is the one that controls the largest amount of the advertising space — Google.
So once again, Google asserts more dominance.
In the past, an ad company could only see the aspects of your personality relating to the websites where its ads were used. An ad provider that was only used for 1000 websites might only have seen each visitor on one or two of their sites, so they could not build up much tracking data about you.
FLoC changes this completely. Its core design involves sharing new information with advertisers.
Now every website will get to see an ID that was generated from your behaviour on every other website. Websites that only have contextual ads, or no ads at all, still could get used in the calculation. This may change in future since the technology is currently experimental.
You might visit a website that relates to a highly personal subject that may or may not use FLoC ads, and now every other site that you visit gets told your FLoC ID, which shows that you have visited that specific kind of site. A totally different advertising company, but it shares the same information about the websites you visited.
FLoC does have very serious implications for people who live in an environment where aspects of their personality are persecuted — be it sexuality, political viewpoint, or religion. All can become a part of your FLoC ID.
A dictatorship may be able to work out that dissenters often seem to have one of the same five FLoC IDs. Now anyone who visits a nationally controlled website with that ID could be at risk. A country that outlaws certain religions or sexualities could do the same.
This is no longer about privacy but goes beyond. It crosses the line into personal safety.
It is extremely concerning that we have reached a stage that a number — FLoC ID — could be so dangerous. Could you ever imagine this?
The reality is that there were ads that existed even before tracking. But they were typically contextual; you were browsing a website selling car parts, so the ads were about cars. It’s what you were looking at, so you got relevant ads. You didn’t need to feel creeped out because you saw an advert for some very specific product that you were looking at a week ago on a completely different website. Ad companies made money. Websites made money from the ad companies.
In all likelihood, this approach would very quickly return to being the dominant type of ad, if only tracking would stop being used; after all, it still remains very effective today.
But instead of creating a world free from the problems of targeted ads, we are now facing a new reality of surveillance and individualized profiling through FLoC and ‘Privacy Sandbox’.
We reject FLoC. You should too.
Input from Vivaldi developers Tarquin Wilton Jones and Julien Picalausa