We have some significant concerns about the long-term viability of FLoC due to some social consequences it might have.
Indeed, in FLoC, the user agent (Chrome browser) is the sole responsible to assign people "with similar interest (or behaviour)" into one cohort. This is a huge responsibility, and potentially one that could lead to some unintended, but very real societal consequences.
Let me give describe what I think is a likely bad usage of FLoC:
Let us consider an "attacker" who wants to harm a specific group (for instance, because of race, religion, sexual orientation, political views, etc). Some members of this group will likely share a FLoC, as it is FLoC's purpose to group user of similar interest based on their browsing history. The attacker can easily emulate the internet browsing history of a member of the group he is willing to harm and see the FLoC he/she has been added to. The "attacker" can then target this FLoC ID in any specific way they wish, even though they don't have access to any specific user. Would they want to get access to any specific user, the attacker would "just" need to get it via to a website with a PII browsed by anyone with the same FLoC ID.
This might look far fetched, but similar "artisanal" cases have already been used, for instance here https://www.pinknews.co.uk/2015/02/18/gay-dating-apps-used-by-attackers-to-trap-victims-in-ireland/
So it already exist today, in some form. But thing is, Chrome will have done all the heavy lifting to make such attacks work "at scale". Being part of the group, instead of shielding the user from potential harms, actually put a target on its back.
This makes this kind of attack significantly easier than with third-party cookies (you need either to drop directly a cookie on the group's website), and you benefit from added Chrome's intelligence to do so, as Chrome groups users together and give the FLoC IDs out to everyone.
Yes, the aforementioned threat could be reduced, but not eliminated. For example, as you proposed, not taking into account websites flagged as related in some way to marginalized communities could work on paper. But it is going to be extremely hard to set up in practice on an ever-changing web. As you stated in #27, it is possible to have bias even from a seemingly unbiased signal. Web browsing history represents the user's interests and therefore is by nature biased toward peoples' interest (and this includes groups suffering prejudices, or susceptible to be the target of malevolent actors). The web is extremely wide and diverse, and the chance that is no way that no remote part of it falls through the cracks, especially in countries and cultures unfamiliar to Chrome engineers, where endangered groups might wildly differ from the Western Hemisphere in general, and United States in particular.
Another point of contention of removing such groups is that it is discriminatory for businesses with legitimate interests, and people targeted by these businesses. For example, a FLoC of straight newlywed people will have a FLoC allowing for personalization and monetization for business targeting them, but the same business, specialized for LGBTQ+ (if they were to be filtered out for the sake of sensitivity) would not have any mean to do targeted advertising and therefore expand their business fairly compared to non-LGBTQ+ businesses!
I really believe that if FLoC happens, then seeing the examples such as those I listed above is not a matter of "what if", but "when". As such, it could seriously jam the long term prospect of FLoC as an accepted marketing framework.
Could you please let us know what elements would be put in place to shield FLoC from such risk and ensure its persistence in the long term?
We have some significant concerns about the long-term viability of FLoC due to some social consequences it might have.
Indeed, in FLoC, the user agent (Chrome browser) is the sole responsible to assign people "with similar interest (or behaviour)" into one cohort. This is a huge responsibility, and potentially one that could lead to some unintended, but very real societal consequences.
Let me give describe what I think is a likely bad usage of FLoC:
Let us consider an "attacker" who wants to harm a specific group (for instance, because of race, religion, sexual orientation, political views, etc). Some members of this group will likely share a FLoC, as it is FLoC's purpose to group user of similar interest based on their browsing history. The attacker can easily emulate the internet browsing history of a member of the group he is willing to harm and see the FLoC he/she has been added to. The "attacker" can then target this FLoC ID in any specific way they wish, even though they don't have access to any specific user. Would they want to get access to any specific user, the attacker would "just" need to get it via to a website with a PII browsed by anyone with the same FLoC ID.
This might look far fetched, but similar "artisanal" cases have already been used, for instance here https://www.pinknews.co.uk/2015/02/18/gay-dating-apps-used-by-attackers-to-trap-victims-in-ireland/
So it already exist today, in some form. But thing is, Chrome will have done all the heavy lifting to make such attacks work "at scale". Being part of the group, instead of shielding the user from potential harms, actually put a target on its back.
This makes this kind of attack significantly easier than with third-party cookies (you need either to drop directly a cookie on the group's website), and you benefit from added Chrome's intelligence to do so, as Chrome groups users together and give the FLoC IDs out to everyone.
Yes, the aforementioned threat could be reduced, but not eliminated. For example, as you proposed, not taking into account websites flagged as related in some way to marginalized communities could work on paper. But it is going to be extremely hard to set up in practice on an ever-changing web. As you stated in #27, it is possible to have bias even from a seemingly unbiased signal. Web browsing history represents the user's interests and therefore is by nature biased toward peoples' interest (and this includes groups suffering prejudices, or susceptible to be the target of malevolent actors). The web is extremely wide and diverse, and the chance that is no way that no remote part of it falls through the cracks, especially in countries and cultures unfamiliar to Chrome engineers, where endangered groups might wildly differ from the Western Hemisphere in general, and United States in particular.
Another point of contention of removing such groups is that it is discriminatory for businesses with legitimate interests, and people targeted by these businesses. For example, a FLoC of straight newlywed people will have a FLoC allowing for personalization and monetization for business targeting them, but the same business, specialized for LGBTQ+ (if they were to be filtered out for the sake of sensitivity) would not have any mean to do targeted advertising and therefore expand their business fairly compared to non-LGBTQ+ businesses!
I really believe that if FLoC happens, then seeing the examples such as those I listed above is not a matter of "what if", but "when". As such, it could seriously jam the long term prospect of FLoC as an accepted marketing framework.
Could you please let us know what elements would be put in place to shield FLoC from such risk and ensure its persistence in the long term?