Can Google Chrome’s FLoC replace browser cookies?

What is FLoC?

FLoC (Federated Learning of Cohorts) is a system created by Google to replace browser cookies on Chrome. According to the tech giant, they believe FLoC can help to protect user privacy.

That’s right; Google would like to protect your privacy. Unconvinced? Well, you’re not the only one. Multiple privacy-focused browsers, including DuckDuckGo and Brave, have already rejected FLoC and condemned it as a step in the wrong direction.

Before we can look at the problems with FLoC, however, we need to understand what it is, and what it’s meant to replace.

FLoC vs. browser cookies

Browser cookies are little pieces of data that websites implant in your browser, allowing them to track you across multiple different pages. While they can be useful at times, helping sites recognize returning visitors, cookies also facilitate invasive advertising.

Google is trialing FLoC on their Chrome browser as an alternative system for ad targeting. In theory, it works like this:

1. Chrome watches what you do online, and matches you to a “cohort” — a cluster of thousands of other users who have very similar interests and characteristics.
2. When you visit a website through your Chrome browser, that site will see your FLoC ID (an ID you share with everyone else in your cohort).
3. The FLoC ID will allow the site to show you relevant ads, based on your cohort, without ever knowing the specifics of your personal browsing history.

On the surface, that seems like a neat idea. Let’s say Chrome can tell from your browsing history that you’re in New York and interested in electric guitars. It will assign you to a relevant cohort, along with thousands of similar people.

When you view a website, that site will receive your FLoC ID. They can then target you with ads for guitar shops in New York, but they won’t have any specific information about the previous pages you’ve visited.

So why is FLoC a bad idea?

The problem with FLoC is that it doesn’t actually make you more private — it just strengthens Google’s stranglehold on your data. The websites you visit on Chrome might not know the specifics of your browsing history, but Google will.

Google trying to monopolize user data is nothing new, of course, but their attempt to frame FLoC as a win for individual privacy seems particularly disingenuous.

Further undermining the “privacy-first” argument is the fact that your FLoC ID could still be linked to your personal IP address relatively easily. While cohorts won’t be based on sensitive information like medical history or religious affiliations, this is still very far from a genuinely private browsing experience.

What browsers are rejecting FLoC?

Here’s the good news: the companies behind several major browsers are refusing to adopt this system. As of writing, the following browsers are putting privacy first and opposing FLoC:

• DuckDuckGo
• Vivaldi
• Brave

While only these three have officially rejected FLoC, other mainstream browsers have voiced concerns and assured users that they don’t intend to implement the system (for now). These browsers include:

• Edge
• Firefox
• Opera

The Safari browser is expected to join this list as well, although Apple is yet to officially lay out their position.

Beyond FLoC: how to protect your privacy

So if you stop using Chrome and carefully avoid FLoC-enabled browsers, will your internet activity stay private? Well, not necessarily.

The real issue is that your data probably wasn’t that private to begin with. FLoC is the tip of a much larger iceberg; companies can already track your IP address, and your internet service provider (ISP) is legally entitled to monitor and sell your data. You can uninstall Google Chrome, but privacy is far from assured.

We recommend using a virtual private network, or VPN. Premium services like NordVPN will encrypt your data, ensuring that your ISP can’t see what you’re doing online. A VPN can also mask your IP address, so websites are unable to match your activity with your device.