April 14, 2021

Taquer-Tech

Melts In Your Technology

Google Works to Bring Cookieless Marketing and Privacy Future Into Focus

A person holds a frosted cookie with the words "Google FAQ here; you have a new number" other words are cut off because a piece of the cookie is missing


PHOTO:
Chris Wetherell

Cliffhangers work well for keeping TV show fans mesmerized. For digital marketers, cliffhangers bring more anxiety than anticipation.

Last year Google introduced a doozy of a cliffhanger when it announced Sandbox, a two-year research initiative to eliminate third-party cookies from its Chrome browser.

Last week Google revealed a browser extension containing an API called Federated Learning of Cohorts or “FLoC” — a nickname pronounced as “flock.” FLoC employs a machine learning framework that replaces the browser cookie. It is one of several solutions Google is exploring. In its blog Google Chrome shared that early testing of FLoC examples, showed that this new privacy-preserving ad solutions approach can be similarly effective to cookie-based approaches. Chetna Bindra, the group project manager, feels, “more confident than ever that the Privacy Sandbox is the best path forward to improve privacy for web users.”

Marketers should pay attention to the lessons learned as Google further explores the strengths and weaknesses in the framework.

How Machine Learning Powers Federated Learning

The browser extension bases its API on the FLoC framework. It uses data as signal for a person’s browser activity. It applies a K-estimate clustering technique to the browsing activity. If the mention of clustering makes you recall your old statistics course in grad school or college, you have the right idea. K estimate is a cluster analysis in which K nearest neighbor, a geometric distance measure, estimates the likely number of classifications from a given data set. The estimates classify the data as shared traits based on the FLoC’s interpretation of data parameters. In this case those parameters are the browser history. 

The name Federated Learning of Cohorts may sound awkward but the application of cluster analysis in this instance is brilliant. The result is gaining associated behavior which can be matched to marketing media without identifying individuals. The output is a cohort ID rather than an individual ID. That diminishes the chances of identifying a person or creating a privacy leak. With identities among a cohort, the approach is like a person hiding in a crowd.

Federated Learning of Cohorts is a radically different take on browser identification compared to the evolution of cookie usage. Cookies are text files originally designed for a specific purpose in the browser — to provide convenience in recalling entry preferences when a person navigates to and from a site. You can learn more about the history of the cookie in my Google Sandbox post. Because the text gets an individual ID, cookie usage identifies a particular browser and, consequently, a particular user.

Related Article: Google Privacy Sandbox: Say Goodbye to Third-Party Cookies in Chrome

Stopping Evil at the Browser

While marketers and developers gained innovation opportunities from the browser cookie, the evolution of the cookie also introduced a liability that bad actors could exploit — the manipulation of text in the cookie. Bad actors can manipulate it without detection. Analytics experts remember Nacho Analytics, the rogue firm that launched an extension that hacked the browser search histories of its user. The result was the collection of every webpage that a given browser user visited. This not only effectively identified users but their sensitive information provided, such as entries for bank records and personal medical details. 

In 2019 Ars Technica reported the details of Sam Jadali, the researcher who discovered and documented the Nacho Analytics scheme, coining the phrase DataSpii to describe the investigation. After discovering the issue among a few of his clients that were impacted, Jadali found as many as 4.1 million Chrome and Firefox users were also impacted. The extensions collected the URLs and webpage titles. Nacho Analytics would then share those histories with other parties.

Since the investigation, Nacho Analytics has been shut down. Google also investigated and suspended multiple Google Analytics properties owned by Nacho Analytics when it was discovered that the URLs can appear within Google Analytics reports. Identifying information in an  analytic reports is a terms of service violation for Google.

The Potential Browser Horizon for Marketers

Industry experts and marketing insiders celebrate Google’s milestone but remain cautious on a final cookie-less solution. The technology seems to solve an immediate problem for Google — providing a safer means to track customers using the latest suite of Google products. But it does leave some trusted third parties unsure how to interact with the new protocol. To help make the transition smoother, Google is working with other web standard organization like W3 to develop a suite of solutions. Anxieties will ease once choices for a third-party cookie replacement become clear.

The Nacho Analytics incident also highlights a serious downside with browser extensions. Browser extensions are not scrutinized in the same way as apps are. Apple and Google can remove rogue apps that do not meet privacy standards for an app marketplace or that facilitate dangerous real-world activity, as the removal of Parler demonstrates. Many firms use browser extensions as frequently as they do apps to provide services that enhance customer experience. All of this means preventing spyware will require the establishment of oversight in order  to keep consumers protected.

Marketers can learn more about Federated Learning of Cohorts through Google’s Github repository. There are also public forums on the Sandbox initiative in general — W3C has one for Privacy Sandbox proposals at its Improving Web Advertising Business Group.

Stay tuned for the next article on digital marketing attribution and consumer privacy online.