Google Chrome’s FLoC Explained + FAQs

AdTech Industry, Data & Privacy

Google Chrome’s FLoC Explained + FAQs

Published on July 22, 2021, Updated on September 15, 2021 by

The programmatic advertising industry has been consumed with news about Google Chrome’s Privacy Sandbox since it was first announced as a replacement for third-party cookies in Chrome in January 2020.

Although there are many standards and APIs in the Privacy Sandbox, the one that’s received the most attention is FLoC. 

FLoC has received both good and bad press, from it being as effective at reaching audiences as third-party cookies to privacy concerns raised by companies like Mozilla, the EFF, and DuckDuckGo. 

Even though FLoC has been fairly well documented, it’s a hard concept to understand.

To help you make sense of FLoC, we’ve put together a list of frequently asked questions.

If you have any questions about FLoC that aren’t listed here, then get in contact with us and we’ll try our best to answer them.

Table of Contents

Frequently Asked Questions (FAQs) About Google Chrome’s FLoC

What is Google Chrome’s FLoC?

How does FLoC work and how are cohorts created?

How does FLoC differ from how audience targeting is done now with third-party cookies?

Is FLoC more effective at reaching an audience than third-party cookies?

Will FLoC be implemented into other web browsers apart from Google Chrome?

When will Google Chrome’s FLoC be released?

What is a cohort and how will they be generated?

How many cohorts will be available?

How many browsers will be in one cohort?

How can advertisers show ads to FLoC cohorts?

How can publishers implement FLoC into their websites?

What role will AdTech companies play in the targeting and delivery of FLoC-based campaigns?

Can publishers opt out or stop FLoC data being collected on their websites?

Will cohorts contain sensitive categories, e.g. race, religion, sexuality, and medical history?

Why are people saying that FLoC doesn’t protect user privacy?

Frequently Asked Questions (FAQs) About Google Chrome’s FLoC

What is Google Chrome’s FLoC?

Google Chrome’s Federated Learning of Cohorts (FLoC) is one of the standards in the Privacy Sandbox. Specifically, FLoC is designed to run audience targeting but do it in a much more privacy-friendly way than how it’s done today, i.e. with third-party cookies. Instead of showing ads to individuals, FLoC will display ads to people based on their cohort, which is a number assigned to a user’s browser. 

Web browsers will be placed into cohorts based on their web-browsing behavior. Advertisers will then be able to display ads to those cohorts. For example, cohort 4872 could relate to people interested in tennis. Advertisers can then show ads for tennis equipment to browsers with that cohort.

How does FLoC work and how are cohorts created?

The general concept is that FLoC will incorporate on-device processing and machine learning to place web browsers into a certain cohort based on the websites they’ve visited.

To provide adequate levels of privacy, FLoC will use SimHash — a technique for quickly estimating how similar two sets are — and k-anonymity — a technique used to anonymize data.

The FLoC service divides up “cohort space” into thousands of segments.
Source: Web.dev

How does FLoC differ from how audience targeting is done now with third-party cookies?

AdTech companies have been able to identify individuals across different websites for over a decade by storing a unique ID inside third-party cookies. From there, they’ve been able to help their clients (advertisers and publishers) show ads to people based on their web-browsing history, content they’ve interacted with, and other factors. 

While this has enabled 1:1 personalized ad targeting, it has brought with it a number of privacy concerns. 

Users and privacy advocates have been condemning this practice for years and, recently, governments and tech companies, like Apple, have been addressing these privacy issues.

Even Google, a company whose revenue is largely derived from advertising, has made a number of changes to address these privacy concerns. 

The standards and APIs in the Privacy Sandbox are examples of Google’s commitment to move away from the current way of running programmatic advertising processes and towards new, privacy-friendly alternatives. 

FLoC is designed to address the privacy concerns originating from 1:1 personalized ad targeting by showing ads to users based on their web-browsing history, rather than any specific actions (e.g. clicks and purchases), and doing it on a group level, instead of an individual level (i.e. with user-level identifiers).

In short, audience targeting with third-party cookies is done by identifying individual users and tying together their behavior, interests, and actions with a unique ID. Audience targeting with FLoC is done by showing ads to users based only on their web-browsing history and not using any user-level IDs to identify them. 

FLoC also talks about assigning a cohort ID to web browsers instead of individual users. For this reason, we’ll be referring to web browsers instead of users in this blog post.

Is FLoC more effective at reaching an audience than third-party cookies?

During its initial tests, Google claimed that FLoC was 95% as effective as third-party cookies at reaching audiences.  

Reactions to these results were mixed, with a fair dose of scepticism. 

Google has also come under fire from antitrust regulators about the lack of transparency with its testing

Google’s testing aside, the effectiveness of FLoC compared to audience targeting via third-party cookies will depend on how well the cohorts align with the user’s interests. 

There are arguments both for and against whether FLoC is more effective than third-party cookies at reaching an audience. Once FLoC is implemented, then we’ll have a better idea about whether FLoC is as effective at reaching audiences as third-party cookies.

Will FLoC be implemented into other web browsers apart from Google Chrome?

Although Google Chrome’s Privacy Sandbox is being discussed and worked on in the W3C Business Group, it’s highly unlikely that other popular web browsers will adopt the Privacy Sandbox.

Popular web browsers Firefox and Brave have already said they won’t be implementing FLoC, and with Apple’s strong stance on user privacy, it’s safe to say that it won’t be implementing FLoC either. 

Apart from web browsers, other websites have also come out and said that they’ll either block FLoC or are considering it. It’s also possible to WordPress will block FLoC as a contributor from WordPress called FLoC a “security concern”. If WordPress decides to block FLoC by default, then it could render FLoC useless. 

When will Google Chrome’s FLoC be released?

Google Chrome has already started its origin trials of FLoC on a limited number of web browsers in some parts of the world. There will likely be many more iterations of FLoC and possibly more trials. 

There’s no information on when the final version of FLoC will be released, but we can expect to see it go live sometime in 2023 when Google Chrome begins phasing out third-party cookies and introducing its Privacy Sandbox. It’s still being worked on in the W3C Improving Web Advertising Business Group

However, because FLoC is facing a lot of headwinds, not only from web browsers and websites that are going to block it but also from antitrust regulators that are scrutinizing it, a lot can change.

What is a cohort and how will they be generated?

A cohort represents a group of web browsers that have similar web-browsing history.

For example, one web browser might have visited example.com, news-site.com, and sports-site.com and another web browser might have visited publisher.com, news-site.com, and golf-site.com. 

Even though these two browsers didn’t visit the exact same websites, their web-browsing history was similar enough to place them in the same cohort. This is a highly simplified version of how cohorts will be assigned to web browsers. Cohorts will be assigned to web browsers via machine learning algorithms (i.e. federated learning).  

Each cohort will be assigned a cohort ID, which will likely be a short number such as 7289.

Don’t think of a cohort as a collection of people. Instead, think of a cohort as a grouping of browsing activity.

Source: Web.dev

How many cohorts will be available?

It’s not known how many cohorts will be available, but it’s likely that it will be small, e.g. a few hundred. 

How many browsers will be in one cohort?

To preserve user privacy and make it hard for companies to identify individual members of a cohort, it’s likely that each cohort will contain thousands of web browsers. 

A web browser’s cohort will probably be updated every 7 days to reflect the websites the browser has visited.

How can advertisers show ads to FLoC cohorts?

Advertisers will be able to observe the behavior of the cohorts on their website and pass this information to their AdTech partners. From there, AdTech companies will be able to determine what the various cohorts are interested in based on the behavior displayed on websites. 

For example, if an ecommerce store (advertiser) observes that web browsers with the cohort ID 3521 view their range of smart TVs, then they can inform their AdTech partners that they want to show ads for their smart TVs to browsers with the cohort 3521.

Additional resources

How can publishers implement FLoC into their websites?

Publishers, as well as advertisers wanting to observe the cohorts on their websites, will be able to implement FLoC by calling the FLoC API:

const { id, version } = await document.interestCohort();
console.log('FLoC ID:', id);
console.log('FLoC version:', version);

The API will then return the cohort ID and the FLoC/browser version:

{
    id: "14159",
    version: "chrome.1.0"
}

Once publishers receive the cohort ID, they can then pass it to their AdTech partners to match the cohort ID with the ones advertisers are wanting to reach.

What role will AdTech companies play in the targeting and delivery of FLoC-based campaigns?

AdTech companies will be able to help publishers monetize their inventory and help advertisers reach their target audiences by matching the cohorts observed by advertisers with the cohorts present on websites. 

AdTech companies will do many of the same things they do today, but instead of matching IDs in third-party cookies, they’ll be matching cohort IDs between advertisers and publishers. 

For example, if an AdTech has observed that browsers with the cohort ID of 3521 are interested in smart TVs, then they can help advertisers show ads for smart TVs on websites where this ID is present.

Source: Web.dev

Can publishers opt out or stop FLoC data being collected on their websites?

Publishers can opt out of FLoC by sending the following HTTP response header:

Permissions-Policy: interest-cohort=()

Browsers that visit the publisher won’t be included in the FLoC calculations.

Will cohorts contain sensitive categories, e.g. race, religion, sexuality, and medical history?

FLoC will aim to exclude sensitive categories when generating cohorts.

It’s not quite known yet how this will work. 

It’s possible that the FLoC service will evaluate the domain, URL, and contents of a web page and decide whether it relates to a sensitive category and then subsequently exclude it from being added to a cohort.

The clustering algorithm used to construct the FLoC cohort model is designed to evaluate whether a cohort may be correlated with sensitive categories, without learning why a category is sensitive. Cohorts that might reveal sensitive categories such as race, sexuality, or medical history will be blocked. In other words, when working out its cohort, a browser will only be choosing between cohorts that won’t reveal sensitive categories.

Source: Web.dev

Why are people saying that FLoC doesn’t protect user privacy?

Even though FLoC is designed to be a privacy-friendly way of running audience targeting, it has still received its fair share of criticism. 

Firstly, because it’s still a form of personalized advertising, many privacy advocates say that it isn’t privacy friendly as it enables advertising based on a user’s browser history. Many privacy advocates don’t want personalized ad targeting to exist at all. 

Secondly, it’s also possible for companies to identify which cohort you belong to by matching PII (e.g. email addresses) with your cohort ID, leading to many privacy concerns and essentially removing the privacy protections that FLoC was designed to provide. 

Thirdly, it is not known whether FLoC complies with privacy laws like the EU’s GDPR and ePrivacy Directive. In March 2021, Google announced that it wouldn’t be running its FLoC trials in the EU, citing concerns about whether it should act as a data controller or processor and if user consent was required or not. 

It’s likely that Google Chrome will run FLoC trials in the EU at a later date, once they’ve sorted out these legal issues.

Custom AdTech Platform Development Services For Tech Companies

Whether you want to improve your current AdTech platform or build one from scratch, our full-service AdTech development teams can help you plan, design, develop, and maintain high-performance advertising technology

VIEW OUR DEVELOPMENT SERVICES

FREE AdTech & MarTech Resources

Thousands of C-level executives, software engineers, marketers, and advertisers all learn about the inner workings of AdTech and MarTech with our bimonthly newsletter — and so can you! Subscribe today and get access to the latest and best articles, videos, and guides!