Privacy Changes and Google FLoC – Will it Affect Device Fingerprinting?
by Jimmy Fong
Google announced it wants to stop tracking users – individually. That’s true, but the reality is more complicated…
The average internet user isn’t necessarily aware of it, but there’s a war raging on. It’s to do with tracking.
In one camp, you have advertisers, cybersecurity firms, and fraud prevention companies, whose entire business model relies on aggregating data.
In the other camp, you have the consumers and regulators, who have no interest in personalised ads, worry about their privacy, and generally distrust cookies.
And the battleground? It takes place in your browser.
Nowhere is this more apparent than with the new privacy changes announced by Google and their new FloC model, described in this blog post by the tech giant’s User Trust and Privacy Manager.
Let’s take a closer look at how it works, and how it might impact device fingerprinting for fraud prevention. But first, let’s go over the technical aspects of third-party cookie-tracking.
How Third-Party Cookie Tracking Works
Websites deploy cookies through code snippets, to collect information about visitors. Third-party cookies are used by advertisers or ad servers to track that information across multiple sites, in order to gather information about their profiles and behaviour. Basically, these trackers build their own version of your browsing history that they can later use to show you targeted advertisements.
While it is one of the most effective tools in an online marketer’s arsenal, it’s also one of the most controversial. Which is why many privacy-oriented web browsers have disabled them by default. Safari started blocking them around 2017. Mozilla Firefox followed suit in 2019.
Today, one of the friendliest browsers for cookie-based tracking is Google Chrome. It’s also the most popular browser on the planet.
But could this all change with the deployment of their new FLoC technology?
What is Google FLoC?
FLoC stands for Federated Learning of Cohorts. It is a system designed to eliminate privacy problems caused by third-party cookie tracking from websites.
Instead, Google plans to use Google Chrome itself to analyse your browsing history. Rather than following and analysing each user individually, FLoC will create groups of users with similar interests, by feeding your browsing data to machine learning algorithms within the browser.
Let’s say that you regularly check tech news, read about Italian food and listen to heavy metal on Youtube.
Chrome will put you in a bucket with other users with similar interests. This bucket is called a Cohort and will be assigned an ID. When you visit a website, advertisers can see that ID through an API and will display targeted ads for that specific ID rather than your personal data.
This would allow advertisers to target the right audience, without getting granular details about each individual user. It’s part of a larger pro-privacy effort known as the “privacy sandbox”.
At the time of writing, the changes are already implemented in Google Chrome 89 for testing.
What Google Says About the Privacy Changes
For Google, FLoC technology is one step towards improving user privacy. It’s supposed to reassure anti-tracking Chrome users about the kind of information websites can learn about them.
All the tracking info is kept locally on your computer via Google Chrome and doesn’t need to be uploaded on different web servers worldwide. In theory, the only data you send is your Cohort ID.
For advertisers, Google claims that this new tracking method will barely affect their bottom line. The company calculated that FLoC-based advertising reduced conversion by 5%, and it hopes it will increase in precision in the future.
What Others Say About It
According to tech experts and advertisers, the problems with Google FLoC are threefold:
Google Chrome will still be able to track your activity across every single website. Even on the ones that didn’t use third-party cookies before.
Google Chrome will be designed to work best with Google AdSense, its own ad programme. If every website is optimised for FLoC, there will be very little incentive for website owners to work with other third-party ads providers.
Finally, many websites will also prioritise working with Chrome instead of other browsers.
In effect, this could lead to a double monopoly from the tech giant, who already runs the most popular web browser in the world, as well as the most powerful advertising network, AdSense.
How Other Companies Are Reacting
Unsurprisingly, the reaction to the announcement of FLoC has been largely negative. There has been no shortage of articles detailing how bad the idea appears to be. Privacy-focused browser Brave had a whole post about why it disables FLoC by default. Safari, Vivaldi, Mozilla and Edge are also unconvinced.
The Electronic Frontier Foundation (EFF) is standing firmly against the proposal and even launched their AmIFloced website, to see if you are currently part of a FloC ID.
Will it Affect Device Fingerprinting?
When it comes to fraud prevention, the more data you have about a user, the better. And we’ve already seen that there is a movement of device spoofing and anti fingerprinting browsers. So would disabling third-party cookies also affect the technology?
For some online fraud detection systems, yes.
But the good news is that SEON’s device fingerprinting works independently from cookie-tracking.
We specifically focus our efforts on creating a device ID, which is based on the technical parameters related to the configuration of software and hardware, but not the individual user’s behavioural patterns. It does not need cookies to work.
Moreover, we also strive to be compliant with data collection practices. SEON is one of the rare fraud prevention systems to be fully GDPR compliant and to have ISO 270001 certification. (You can read more about GDPR and fraud prevention here).
Data Collection for Advertising Vs Security
While fraud prevention and advertising both work by collecting user data, the way in which they use it couldn’t be further apart. Targeting groups is possible in advertising, but in security, it is essential to identify individual users.
The new rift that Google’s FLoC technology opened between users, advertisers, and regulatory agencies only highlights that difference.
While the technology hasn’t yet fully deployed, it certainly opened a dialogue about the difficult balancing act between privacy changes and delivering tailored services – especially when it comes to advertising.
The good news is that even without cookie-tracking technology, SEON’s device fingerprinting will still be able to protect both your users and your business.
See a live demo of our product
Jimmy Fong is the Chief Commercial Officer of SEON. His expertise in payments saw him supervise the acquisitions of companies by Ingenico, Visa and American Express. Jimmy’s enthusiasm for transparent sales and Product-Led-Growth companies drives SEON’s global expansion strategy, and he interviews both fraud managers and darknet fraudsters in our podcast to stay on top of the latest risk trends. Yes, it’s also him wearing the bear suit on our YouTube channel.
Sign up for our newsletter
The top stories of the month delivered straight to your inbox