FLoC & Topics API by Google against Interoperable Private Attribution by Mozilla

Everyone hates ads. Modern piracy started also for this reason, but somehow people need to pay bills so as it is the most profit way to make money with internet you have to deal with it.

I am talking as a developer that have to deal with team for work, so I know a bit how they work. Anyway, in these recent years there was a big concern about Google how was fighting against extensions that block ads like Adblock or uBlock. The WebExtension Manifest v3 started by Google for Chrome adds new features, but remove the APIs required by those extensions to block ads deeply (with the pledge that the browser will have one built-in). Also, already adblockers on Firefox works better compared to Chrome for APIs reasons.

Apart this and I don’t want to talk about adblockers as there are a lot of discussion,s I want to talk about this new stuff. I am not an expert, so I don’t talk about so much of details but giving resources and hints, so you can get your idea about it.

FLoC

With GDPR and third party cookie blockers (like in Firefox), this created a problem for the biggest source of revenue of Google (that is sent also to Mozilla for a deal they have as default search engine in some countries).
I remember this discussion because I talked in my Italian podcast, but also because affected the WordPress community (that I am part of). The idea was not to integrated natively this technology with a ticket, where was discussed for a while.

The Electronic Frontier Foundation explains the tech part, in few words a browser send a header in every request to a website with an ID that let the users get grouped by interests. This means that the browser will collect your history to understand what you like and so on to assign you to this group. More technical details are available in the official announcement of the technology that as today is died in a less a year.

Also, it was proposed to W3C as draft spec but seems that the hate generated and all the blocking request about this and the missing adoption everywhere moved to abandon the idea.

There is also a review of this technology by Mozilla that includes more information about the information that leaks.

Anyway like the next one this could means that with extensions or other things you can alter those information as you want.

Topics API

A couple of weeks ago, Google proposed a new technology that start from the dust of FLoC. In this interesting (and complete) recap I will do another recap.

Advertisers have various circuits?providers, and they understand your interests based on the website page you are reading. They don’t share this information to each other (your data are valuable), so you are tracked by different services for the same reasons.
We have to think also that ads when they are showed they are picked by bet between the various providers.
I mean, user loads a page, in that page there is an ads provider like Google Ads that is configured to reach 10 different ads services to asks them do you have an ad of those sizes for this page and user? The one that offers more will be downloaded and showed. They can use to understand the best topic only by contextual information like the user tracking (if they have) and the website topic (or the page).

So you can understand why performance matters in websites, more fast they are and without redraw and so on (Core Web Vitals by Google basically) means that the ads will be printed earlier.

Also, it is a long ping pong traffic requests, you can see it opening a website with the browser dev tools in the network list. You can see also that is very very very fast.
So for an ads provider is important to provide the best ad to get the maximum profit, because show the ads of a dentist for someone that is looking a website about car racing news maybe is not the best option.

This new APIs will work differently, a page do a request to an ads server to get the group ID, for a group that is provided by the browser. The browser will have a map of websites by interests, or it will be capable to catalog a website by the content. So it is again the browser informing the ads what are the user interests based on a specific period of time (so it changes every few weeks).

This solution honestly is better because this means that finally ads will be potentially more focused on your interests, also this technology will be easier to block as it is enough to block the request to the service like before.

Again as any user profile technology this allows to fingerprint and this is bad, but the premise now are different. If you check the first link I shared to you, there are other details that improve and change the tracking issues.

Interoperable Private Attribution

Last week, Mozilla presented with Facebook (or Meta) a new proposal for a new ads technology.

This technology was sent to W3C (like the others) and the biggest complaint was that it was shared in a Google document.
I am joking as now this was the biggest complaint as it is too early to see the troubles of that.

There is also a less technical presentation, that is more than 50 slides, compared to the doc that is 24 pages (but is more simple to read).

Reading the announcement and the docs we learn:

  • It is based on the idea of the Mozilla telemetry system, that is anonymous
  • It is aggregated (like the others)
  • The priority is to protect the user privacy

Moving on, the slides:

  • Asks the users to consent because we know that is tricky, people don’t read or the consent doesn’t explain, they are annoying etc so better avoid them
  • The actual ad tracking solution (already explained) is easy to fingerprinting
  • The Apple solution as base, where is the device that contain the information and send to Apple that shares them to advertisers, like ads clicked or other actions (the different from the Topics API is a third party that shares the data), this solution has some issues like the timing when those reports are shared and no cross device, so again fingerprinting
  • IPA proposal instead generate reports not for aggregated conversions (users click on ads etc) but on aggregated group of events by external services instead of browsers/app (sharing an identifier like a login)
  • The whole technology is based on the fact that you are not sharing information to services but aggregated and encrypted in asymmetric way, also that advertisers get useful information about what kind of stuff is interesting but not who is interested
  • Also, this allows to use more different servers that decrypt those data and that are required to read it together

So basically the idea is not new in the Mozilla ecosystem, the information is gathered, sent to a proxy system that reshare to another and so on. This in Mozilla was used during their experiment with Firefox Voice, as example, the user voice recording was sent to a Mozilla proxy server and sent to Amazon service to get converted as text. This allowed to anonymize the user, and this proposal is different because adds more layers to avoid fingerpriting (like randomness and cross device support).

It’s a good alternative? I don’t know yet, as it is more complicated compared to the Google solution.

It’s too soon to read feedback about, but on Adxchanger.com there are some hints from an interview to the Mozilla employee. It is similar to Google’s Aggregated Reporting API, but is not possible for the advertiser to get a user by a group. At the same time, is another proposal, like many others by big companies that are trying to push a solution for a privacy tracking or gathering interests solution.

There is also a prototype repository with code about the proposal itself.

I didn’t talk about the fact as it is in collaboration with Facebook/Meta, this is a sterile discussion as a lot of companies are building the web and contributing to the Linux kernel or using React that is by Facebook…

Another fact is that Meta now want to clean their name and not using any more Facebook as it is sawn an evil thing like Google (with Alphabet owner of the company). Also, Mozilla did a lot of things against Facebook from the Facebook container extension to stop using it at all (not Instagram anyway).

Comparing the three

All of them starts from a same point, something that is required to be integrated in the browser, the third include also something that can be included in apps or other solutions.
As user and developer, I didn’t know those proposals on W3C (and the others) and this explains how much is critical for companies to find a solution for their business that will avoid more ad blockers solution to spread.

I had already dealt with some iOS “issues” with Facebook about tracking as it is now required server side instead to be sent via JS in the page itself.
At the same time, I tried to study as final user a bit how works inside Facebook for their ads. It is easy to get ads based on the websites you visited that have a Facebook pixel, so if you saw a Jewelry website, you will get Jewelry ads. This also if you are not following any page, friend or group that talks about it.
In this case they have various sources of information like Whatsapp, FB messenger, Instagram, content that you like and follows and so on compared to services like Twitter for example.

In Facebook case you can check how the social network profiled you by topics and what ads are you seeing, from here you can check what are the topics. When you interact with these pages and remove/block things you will see that on opening again Facebook, will take a bit to show ads as they need to think again on what are your interests.

My only hope as user is whatever is the winning technology is that is user’s privacy first and reading on internet this is the first one (that maybe) is more complete. It is competitive with the other proposal by Microsoft or Google? I have no idea as this will require to be approved by them and others as require getting implemented in various technologies. This approval step by W3C with various companies interested means that everything is public and will be reviewed to get the best technology in a way that users don’t block it.

Also if it is inside the browser it will be easy to hack so any solution that is better of the actual one is good and looking on this ecosystem and various proposal they are working more and more to avoid to be the bad guy.

Liked it? Take a second to support Mte90 on Patreon!

Leave a Reply

Your email address will not be published. Required fields are marked *