Yesterday, we learned that Google has killed off one of its Privacy Sandbox initiative called Federated Learning of Cohorts (FLoC), and is instead replacing it with "Topics". I read the research paper behind FLoC last year and published my thoughts on how clustering users could preserve individual privacy. At the same time, I emphasized that in order for the endeavor to be successful, "Google will need to have strong governance and security procedures in place which ensure that users cannot be de-identified by combining their data with other signals". It's clear that Google was not able to satisfactorily resolve these concerns around monopolizing individual data, hence the latest pivot to Topics.
I plan to publish an explainer on Google's Topics API in layman terms later in the week too, but for this piece, I just want to explore the idea of ensuring individual privacy while still showing personalized ads. Google's Privacy Sandbox plans to tackle this problem using privacy-preserving mechanisms, with its latest endeavors in the area being FLoC and Topics, and while they may appear to be a technically better implementation than what we have right now, I believe the actual uphill battle is shaping public perception, not the technology.
Google could announce one technology or API after the next, but the fact of the matter is that it has to regain public trust and win support from competitors for its efforts to be successful.
Let's take Topics as an example. Throughout its blog post, Google continues to emphasize that it will collect your interests (or topics) from a rolling time window of three weeks and then show only one interest per week to a website and its advertising partners. All your topics will be stored and processed locally by your browser and will not be sent to external servers, including those owned by Google. Topics older than three weeks will be deleted and users will also have control over manual deletion and complete blocking of the feature.
While that sounds better on paper than what we have right now, I do think Google will have to do a lot better to gain public trust. This is evident from the comments section in our article covering the announcement.
Suppose that I visit YouTube and the Topics API shows three of my top interests to an ad provider "X". Then I continue visiting YouTube every week with my topics being different each time. As a Chrome user, how do I know that a website and its ad partner isn't just racking up topics about it me in each three weeks and then selling them to different vendors for my data? Yes, Google says that Chrome will host and process all data locally and then remove it after three weeks, how do I know that ad provider X isn't just collecting all those topics, not deleting them, and building a profile on me, which is essentially what we have due to cookies right now?
This begs the question: how can a company like Google still show me personalized adverts while managing my personal data and ensuring that my privacy is not breached? This is a difficult question even for me to answer as a consumer and I'm sure that the head honchos at Google's Privacy Sandbox team are facing a similar predicament, maybe not in terms of the technical implementation but in terms of shaping the public perception around it.
Of course, as a consumer, one of the answers would be to disable Topics, cookies, and any other tracker altogether. But that would also mean that I don't get personalized experiences. While that sounds like a minor tradeoff, I think many people including myself have become so used to personalized experiences at online outlets, social media platforms, and other similar websites, that we do feel the need for a streamlined, personalized experience.
As such, this has also become a question for consumers who want some level of personalization: what degree of tracking are we okay with? How does Google, or any other company for that matter, convince us that our data is only being used for its intended purpose and not being sold to the next highest bidder?
I'll reiterate that none of these questions concern people who don't want personalized experiences at all. These are only thoughts to ponder for people who want personalized experiences without sacrificing their privacy completely.
Since Vivaldi and Brave were so vehemently opposed to FLoC, I was curious about what their workaround to this problem is.
Admirably, Vivaldi says that it collects absolutely no data about you and that it does not build a profile about you at all. It offers granular controls to delete cookies and also features a built-in tracker blocker to automatically do the same. In a 2019 blog post, CEO Jon von Tetzcher emphasized that "I am not suggesting that data cannot be used to provide a service. It is a question of whether that data can be used for other purposes. Your traffic data is useful there and then, and you would experience a benefit in sharing that data to get a better driving experience. [...] Companies should be custodians of our data. They should not own it or monetize it."
Similarly, Brave touts its privacy-preserving capabilities and disabled cookies and trackers out of the box. You do have fine-grained controls over what you want to enable, but in a more intelligent way, Brave actually enables you to directly offer monetary compensation to your favorite websites for blocking their ads and trackers.
If you don't want personalized experiences, I think both of these are great options. And this is what I want you to ponder as I close off this piece: if you don't want personalized experiences, you have a nice selection of other browsers that you can use, but if you want personalized experiences (ads for product categories I'm interested in have actually been useful for me multiple times in the past), you're caught between a rock and a hard place. It's extremely difficult, if not impossible to define a fine line between tracking your browsing for personalization versus invading your privacy, and that is something that Google needs to work on as it also endeavors to build trust and shape public perception around the topic.
What are your thoughts on the matter? Do you prefer personalized online experiences? If yes, what are your thoughts on the Topics API and any other similar implementation that Google comes up with next? Let us know in the comments section below!