Goodbye FLoC, hello Topics

By Jake Edge
January 26, 2022

Back in May, we looked at a Google proposal to replace third-party cookies with something called the "Federated Learning of Cohorts" (FLoC). Third-party cookies were once used to track users all over the web so that advertisers could, supposedly, target their ads better, but, of the major browsers, only Google's Chrome browser fails to block them today. Google took a fair amount of flak for FLoC, since it was not perceived to be much of a win for users' privacy—and was mostly a sop to the (Google-dominated) web-advertising industry. Now the company is back with a different proposal that could, eventually, replace third-party cookies in Chrome: Topics.

FLoC would effectively pigeonhole users into "opaque" categories (cohorts), so that a given cohort ID would reflect a common set of interests those users have based on their recent browsing history. But exactly what information was being communicated is unclear, and was only opaque to browser users. Advertisers would presumably have been given some information about what a given cohort ID represented (so that they can target their ads) and web-site owners could potentially correlate additional information (e.g. account information) as well as track cohort ID changes over time.

No one, other than Google and web advertisers apparently, was lamenting the loss of third-party cookies, nor really looking for another "more limited" mechanism to track users' browsing habits. But Google sits in the catbird seat with respect to the web; the company is the dominant web-advertising player while also developing and distributing the most popular browser. That has allowed it to dictate, at least to a certain extent, how user tracking will (or will not) be done.

Apparently, the uproar over FLoC succeeded in diverting that particular plan, so Topics was born. Overall, Topics is more privacy-friendly than FLoC, though it still "leaks" more information than many will be comfortable with—that is the point, after all. But it is less opaque than its predecessor, with more controls for the user, though it is still an opt-out feature, so it will be on by default unless users take action.

The GitHub Topics API repository has more technical details than the introductory blog post linked above. The basic idea is that the browser tracks the user's top interests (based on a set of categories) over the past three weeks, then shares them with participating sites. The blog post describes it this way:

With Topics, your browser determines a handful of topics, like "Fitness" or "Travel & Transportation," that represent your top interests for that week based on your browsing history. Topics are kept for only three weeks and old topics are deleted. Topics are selected entirely on your device without involving any external servers, including Google servers. When you visit a participating site, Topics picks just three topics, one topic from each of the past three weeks, to share with the site and its advertising partners. Topics enables browsers to give you meaningful transparency and control over this data, and in Chrome, we're building user controls that let you see the topics, remove any you don't like or disable the feature completely.

The Topics "are thoughtfully curated to exclude sensitive categories, such as gender or race". Meanwhile, the mapping of sites to Topics will be done in the browser as the GitHub site describes:

The topics will be inferred by the browser. The browser will leverage a classifier model to map site hostnames to topics. The classifier weights will be public, perhaps built by an external partner, and will improve over time. It may make sense for sites to provide their own topics (e.g., via meta tags, headers, or JavaScript) but that remains an open question discussed later.

Advertisers (and others) can request information via a JavaScript call to document.browsingTopics(), which will return zero to three Topic IDs, one for each of the previous three weeks, in a random order. The top five Topics for a given week are collected and one random Topic chosen from the full list is added in; one of those six Topics will be chosen for the week. In addition, Topics are tracked in a somewhat complicated scheme to try to "prevent the direct dissemination of user information to more parties than the technology that the API is replacing (third-party cookies)". Said scheme restricts sending Topics to callers that have already called the Topics API for the user on another site that shares a Topic ID with the site in question. So browsers can only send a Topic ID if the advertiser has asked for Topics from a related site (i.e. one that shares the Topic). The GitHub site has a lengthy example to show how it all works.

The blog post shows a mockup of the interface for the browser that will allow users to view the Topics associated with them and to delete any that they do not wish to share. Users would need to do so regularly, though. The strategic use of Incognito Mode would also prevent those Topics from being added into the tracking, since browsing in that mode is not visible to the Chrome Topic-handling code.

Sites can opt-out of the Topic gathering by way of a HTTP header returned with their pages. Sites that do not want to participate can add the following header:

    Permissions-Policy: browsing-topics=()

To its credit, Google will also be honoring the opt-out header value (interest-cohort=()) that was available for FLoC, so sites that have already made that change (e.g. LWN.net) do not need to do anything further. The same complaints raised about this header for FLoC, with regard to web frameworks and content-management systems that do not provide ways to add this header, are still relevant, however.

Both FLoC and Topics are part of Google's Privacy Sandbox project. The FLoC experiment came to an end back in July; Topics is in the public discussion phase and has not been implemented in any browser at this point. While Google clearly hopes that other browser makers follow along, it is not clear that they will. Users do not seem to be clamoring for "relevant ads" (somehow defined); that feature is seen as somewhere between "creepy" and "annoying" (or both at once) by many. The Privacy Sandbox Topics site—another detailed, but less technical, description than the GitHub site—has a somewhat different take, naturally:

Interest-based advertising (IBA) is a form of personalized advertising in which an ad is selected for a user based on their interests, inferred from the sites they've recently visited. This is different from contextual advertising, which aims to match content on the page the user is visiting.
IBA can help advertisers to reach potential customers and help fund websites that cannot otherwise easily monetize visits to their site purely via contextual advertising. IBA can also supplement contextual information for the current page to help find an appropriate advertisement for the visitor.

But one of the more annoying aspects of targeted ads, those based on Google searches, are not really impacted by this change, it would seem. There is no easy way for fleeting searches, or those that resulted in a purchase that is not likely to be repeated anytime soon—or ever—to be removed from the information that Google provides its advertisers. Incognito Mode can help there, too, but the user has to remember to switch. While it is sometimes comical to see Google ads recommending the book you just purchased, or the hotel/flight/rental car you already reserved, it hardly seems like it leads to increased sales for the advertisers.

Overall, Topics is thought-out quite a bit better than its predecessor, but it still suffers from privacy concerns. Part of the problem is that some users do not want to see ads for unrelated interests when they visit a site—or they don't really want to see ads at all. There is a balance to be struck, since running web sites that provide useful content is not free; it is not clear that Topics truly finds that (unattainable?) sweet spot, however. Meanwhile, privacy advocates and users who care about such things are unlikely to be mollified, even if the grounding of FLoC is welcome.

Index entries for this article
Security	Privacy
Security	Web browsers

to post comments

Goodbye FLoC, hello Topics

Posted Jan 26, 2022 21:40 UTC (Wed) by flussence (guest, #85566) [Link] (16 responses)

Every mention of this thing tells site owners how to opt their users out as a courtesy.

How do we opt them *in*? Maybe if the browser is creepy and annoying enough, they'll stop using it.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 16:23 UTC (Thu) by khim (subscriber, #9252) [Link] (15 responses)

> How do we opt them *in*?

The only is via legislation and it's not clear whether this would be better solution than disease.

Lots of small US sites still refuse to show anything to people from EU just to make sure GDPR doesn't affect them.

Goodbye FLoC, hello Topics

Posted Jan 28, 2022 7:49 UTC (Fri) by JanC_ (guest, #34940) [Link] (14 responses)

Which doesn’t work, because EU users can visit their site through a proxy or VPN and (parts of) the GDPR would still apply.

(Also, it’s not just small sites doing that, but some large networks of sites too…)

Goodbye FLoC, hello Topics

Posted Jan 28, 2022 10:52 UTC (Fri) by khim (subscriber, #9252) [Link] (13 responses)

> Which doesn’t work, because EU users can visit their site through a proxy or VPN and (parts of) the GDPR would still apply.

I don't see how. Web site is outside of EU. Website makes it absolutely clear than EU citizens are not welcome. How can it fall under EU jurisdiction?

Sure, GDPR may include words which may talk about that situation, but it's not clear what court would be able to enforce these.

Goodbye FLoC, hello Topics

Posted Jan 28, 2022 14:10 UTC (Fri) by farnz (subscriber, #17727) [Link] (11 responses)

As far as the EU is concerned, GDPR applies if you process data of an EU resident, regardless of where you are based. You simply must not process an EU resident's data at all (even if you tried to stop them giving you access to that data) or be in breach of the GPDR.

In practice, this comes down to how easy it is to punish you - a web site hosted in Russia by a lone hacker living in Moscow almost certainly has nothing that the EU can legally take as a penalty. The Wall Street Journal, on the other hand, is owned by a company with business interests (Sky Italia, for a start) in the EU; if the WSJ refuses to submit to GDPR, the EU courts could well take the penalty out of the business group as a whole, and make it the business group's problem to make that work out in their accounts.

Goodbye FLoC, hello Topics

Posted Jan 29, 2022 2:22 UTC (Sat) by pabs (subscriber, #43278) [Link] (10 responses)

Presumably the GDPR also applies to EU residents who are visiting the USA and thus have a USA IP address of their hotel/friend etc?

Goodbye FLoC, hello Topics

Posted Jan 29, 2022 10:13 UTC (Sat) by farnz (subscriber, #17727) [Link] (9 responses)

Yes, it does. It's the fact that the data subject is EU-resident that counts from the law's point of view. Which is a separate matter to enforcing it, as it's very hard to enforce against an entity with no EU links at all.

Effectively, though, the EU is saying that if you're big enough to have EU links, GDPR applies to you whether you take efforts to avoid coming under its banner or not.

Goodbye FLoC, hello Topics

Posted Jan 29, 2022 16:46 UTC (Sat) by khim (subscriber, #9252) [Link] (8 responses)

> Effectively, though, the EU is saying that if you're big enough to have EU links, GDPR applies to you whether you take efforts to avoid coming under its banner or not.

Have this been actually tested in court? EU may say anything it wants, but the idea that someone who lives in the other country and does reasonable effort to never fall under jurisdiction of some foreign law yet, somehow, becomes bound by it, sounds very suspicious.

Not even Russia (who tries to make sure large internet companies have physical presence in the country) have ever tried to say that someone, who is not, legally, works in Russia should follow Russian laws.

Heck, even China doesn't try to force Google to censor content on Google.com (and yes, Google have pretty significant presence in China because otherwise it's very hard to produce electronic devices in modern world).

Goodbye FLoC, hello Topics

Posted Jan 29, 2022 21:06 UTC (Sat) by farnz (subscriber, #17727) [Link] (7 responses)

Not yet, but there's no reason to think that the EU won't apply GDPR the way it says it would. The rationale is that reasonable effort to not process the data of EU residents and citizens outside the terms of the GDPR is to always comply with the spirit of GDPR restrictions, not to try to ban EU residents and citizens from accessing your data.

More generally, the EU is quite keen on the idea that there should be no route that allows an EU entity to do an end run around the GDPR by somehow importing EU residents data from outside the EU; that means that if you don't comply with the GDPR requirements, then you need your data pile to be poisonous to EU entities, including others in the same group as you.

This is directly targeted at big tech like Google and Facebook - those companies can't be allowed to play tricks that allow them to say "welp, our bad, EU and US data got intermingled, so we breached GDPR. But don't worry, we made reasonable efforts not to fall under EU jurisdiction, so it's OK".

Goodbye FLoC, hello Topics

Posted Jan 30, 2022 15:34 UTC (Sun) by khim (subscriber, #9252) [Link] (6 responses)

> The rationale is that reasonable effort to not process the data of EU residents and citizens outside the terms of the GDPR is to always comply with the spirit of GDPR restrictions, not to try to ban EU residents and citizens from accessing your data.

No, it's not reasonable. If some group of people forget about what country borders are and how law works then it's not a good idea to try to placate them, usually it's cheaper to ensure you don't need to deal with them.

Only if you are already deeply involved with them it may be too costly to block them and pretend they don't exist.

Note: I'm not talking about specifics of GDPR here. The mere fact that it, supposedly, applies to entities beyond the EU border when they are dealing with people who are outside of EU border is deeply troubling and worthy of fighting against.

> This is directly targeted at big tech like Google and Facebook - those companies can't be allowed to play tricks that allow them to say "welp, our bad, EU and US data got intermingled, so we breached GDPR. But don't worry, we made reasonable efforts not to fall under EU jurisdiction, so it's OK".

Then why do they write a law in a way that mom-n-pop shop somewhere in Bangladesh have to, formally, deal with law of foreign country which they may not even know exist?

I have come to be accustomed to Russian lawmakers to be crazy but their latest invention sounds much more logical and clearly says: if you large enough and have enough customers in Russia mainland you have to deal with our rules (and if you have 500000 visitors daily in Russia then you are definitely large enough to afford office there), if you are someone small or foreign (and don't deal with lots of Russian citizens already) — we don't care.

There's centuries-old saying: however strict Russia's laws may be, their full power is reduced because they rarely are fully enforced. While European countries always tried to think about how laws can be executed once written.

And it just starts looking to me that Europe and Russia have swapped approaches to laws! This is madness!

Goodbye FLoC, hello Topics

Posted Jan 31, 2022 9:45 UTC (Mon) by taladar (subscriber, #68407) [Link] (5 responses)

Countries have been using their influence to protect their own citizens abroad for centuries. That is hardly a new thing.

If anything the US approach of applying their laws abroad in all kinds of cases that do not even remotely relate to protecting their citizens is an issue, not the EU one.

Goodbye FLoC, hello Topics

Posted Jan 31, 2022 12:47 UTC (Mon) by khim (subscriber, #9252) [Link] (4 responses)

Sure, countries have spent resources to protect their citizens when possible.

But that's significantly different from saying that laws of your country, somehow, should affect people in the other countries without these countries signing any agreements with you.

Even embassies or military bases impose foreign rules on their own soil, not around the whole country where they reside.

> If anything the US approach of applying their laws abroad in all kinds of cases that do not even remotely relate to protecting their citizens is an issue, not the EU one.

What's the difference? In both cases one country claim it's laws are extraterritorial and trump the laws of the other countries without there being an additional agreements to provide that extraterritoriality.

The only difference I see if that US is willing to use force to support that interpretation and EU only tries to impose it when it have the opportunity to do so on their own territory, but the idea is the same.

Goodbye FLoC, hello Topics

Posted Jan 31, 2022 16:58 UTC (Mon) by kleptog (subscriber, #1183) [Link] (3 responses)

> But that's significantly different from saying that laws of your country, somehow, should affect people in the other countries without these countries signing any agreements with you.

This happens all the time though. You don't need to interact with a country to be affected by their laws, you just need to interact with a person from that country. That's one of the things of the internet, it makes cross-border issues very common.

(BTW, "affect" is a very board term that can mean almost any kind of interaction)

The issue here revolves around the concept of "ownership". If I, by the laws of my country, legally own a widget X, then if I go to another country then they will generally accept that I own that widget, even if that country has never has any relations with my country. There are formal legal frameworks to give this effect, but even without these the concept of ownership is fairly universal.

When we created copyrights and patent we decided that people could own them. And in countries that didn't recognise said copyrights/patents they weren't bound per se, but there were plenty of tactics deployed, like import blockades, fining local subsidiaries, tariffs, seizing assets, etc to encourage said countries to recognise the existence of copyrights/patents and their ownerships and associated rights.

Now we're on to the next stage where some places in the world (the EU particularly) have decided that people own their personal data and have rights regarding them. The US in particular doesn't believe this and think people and especially large tech businesses have the right to do whatever they like with other people's personal data. As such we will see such tactics as import blockades, fining local subsidiaries, tariffs, seizing assets, etc to encourage said countries to respect the rights of the owners of their personal data.

The interesting thing is that people in the US are waking up to the idea that companies in China can also collect data on US citizens and process that however they like. Now the shoe is on the other foot they worry whether maybe they should prevent that, but unless you actually start with the idea that people have rights over their personal data, it's hard to argue China is doing anything wrong.

So back to the mom and pop shop in Bangladesh, if they do a transaction with an EU citizen that involves the transfer of personal data then they can choose (knowingly or otherwise) to not respect that user's rights and there may be consequences of that.

Goodbye FLoC, hello Topics

Posted Jan 31, 2022 17:54 UTC (Mon) by khim (subscriber, #9252) [Link] (2 responses)

> You don't need to interact with a country to be affected by their laws, you just need to interact with a person from that country.

Nope. Here's Russian version.

Foreign citizens enjoy rights in the Russian Federation and bear obligations on an equal footing with citizens of the Russian Federation, with the exception of cases provided for by federal law.

You may talk about GDPR or US law or anything like that as much as you want, court would just declare all these papers irrelevant and would ask you when and how agreement between Russia and your country was made and when federal law was changed to accommodate it.

> That's one of the things of the internet, it makes cross-border issues very common.

Yes, Internet made is possible to interact with someone who haven't left their own country. This creates collisions.

> So back to the mom and pop shop in Bangladesh, if they do a transaction with an EU citizen that involves the transfer of personal data then they can choose (knowingly or otherwise) to not respect that user's rights and there may be consequences of that.

What consequences? Bangladesh would ask EU citizens not to visit them? This is already happening, albeit under different pretext.

> Now we're on to the next stage where some places in the world (the EU particularly) have decided that people own their personal data and have rights regarding them.

Yes. And they, unilaterally, decided that the other countries wouldn't do anything about their wishes and desires but would just blindly accept them. They would, but blind acceptance is not in the cards.

> As such we will see such tactics as import blockades, fining local subsidiaries, tariffs, seizing assets, etc to encourage said countries to respect the rights of the owners of their personal data.

Nope. Not even close. Yes, EU may have started all that with the good intent. But… the road to hell is paved with good intentions. Other countries took note… and started preparing counter-measures.

In particular Russia demands that information about Russian citizens is processed in Russia — and wouldn't care one jot if it would contradicts the GDPR.

> Now the shoe is on the other foot they worry whether maybe they should prevent that, but unless you actually start with the idea that people have rights over their personal data, it's hard to argue China is doing anything wrong.

No. You may declare it illegal to collect personal data of US citizens abroad. Not say that citizens have certain rights over their data but that US have jurisdictions over them. China may agree to that. Move physical borders between countries into the virtual space, Internet. Rights of certain individual citizens? Nope. Never seen such an inclination in China authorities before, don't think they would start doing that now.

And even if some agreements would be reached and GDPR would become law in Russia — this would happen not because EU said so, but because Russia would adopt it into “federal law”. Which, frankly, sounds less and less likely with each passing year.

Goodbye FLoC, hello Topics

Posted Feb 1, 2022 14:00 UTC (Tue) by kleptog (subscriber, #1183) [Link] (1 responses)

You don't need to interact with a country to be affected by their laws, you just need to interact with a person from that country.
Nope. Here's Russian version.
Foreign citizens enjoy rights in the Russian Federation and bear obligations on an equal footing with citizens of the Russian Federation, with the exception of cases provided for by federal law.

Clearly there's some miscommunication going on here, because I don't see the relation. The GDPR doesn't apply to the data of Russian citizens, so what's the relevance?

In particular Russia demands that information about Russian citizens is processed in Russia — and wouldn't care one jot if it would contradicts the GDPR.

How can it contradict the GDPR since it doesn't apply to the data of Russian citizens in Russia?

Rights of certain individual citizens? Nope. Never seen such an inclination in China authorities before, don't think they would start doing that now.

Then you need to get up to speed (this entered into force 3 months ago):

The PIPL establishes the mechanism of personal information protection in China and it is modelled, in part, on the GDPR. It introduces several important concepts, such as personal information, sensitive personal information, and processing. It explicitly stipulates its exterritorial jurisdiction, and provides the traditional elements for data protection, such as principles of personal information processing, consent and non-consent grounds for processing, cross-border transfer mechanisms and rights of data subjects. At the time of writing this note, some provisions are still waiting for implementing rules to provide clarification.

The right of privacy and personal information would be categorised as a personality right, which provides a legal remedy from the perspective of Torts in cases of infringement of privacy and/or personal information. Furthermore, privacy is defined by law for the first time, which refers to the private peaceful life of a natural person and the private space, private activities, and private information that a natural person does not wish to be known by others.

Of course, being China it's surrounded by certifications and a lot of other top-down bureaucracy that the GDPR doesn't have, but many of the basics are similar.

Goodbye FLoC, hello Topics

Posted Feb 1, 2022 14:22 UTC (Tue) by khim (subscriber, #9252) [Link]

> The GDPR doesn't apply to the data of Russian citizens, so what's the relevance?

Huh? We are discussing that one:

You don't need to interact with a country to be affected by their laws, you just need to interact with a person from that country.

We are not talking about Russian citizens, but about foreigners who are, miraculously, according to you, entitled for what GDPR promises even if they are in Russia. But Russian law is extremely clear: when you are on Russia soil you may forget about your country laws which say something. Either there are Russian which gives you some rights or you have no rights at all.

Which means that if you ban the EU citizens on your website you can safely ignore GDPR: EU citizens which interact with you legally can not bring it in the court and the ones who used VPN to pretend they are on Russian soil are very unlikely to be taken seriously by the court.

> Of course, being China it's surrounded by certifications and a lot of other top-down bureaucracy that the GDPR doesn't have, but many of the basics are similar.

Yes, GDPR have opened the Pandorra box. Now every country claims that their own law are exterritorial and apply to the whole world… but can they actually enforce that? When other countries (like Russia and China itself) explicitly refuse to accept that exterritoriality?

I think that it would take 5-10 years before we would reach the final outcome, but I don't think it would be the ability of EU to enforce GDPR in all countries around the world and the ability of China to enforce PIPL around the world.

More likely outcome is separation of the world into regions with clearly outlined borders and where mon-n-pop shop in Bangladesh would continue to blissfully ignore GDPR (but may be tied by PIPL depending on where the line between regions fall).

IOW: I don't see the trend moving into the direction of more respect for people privacy. I would expect more and more geographic bans instead.

Goodbye FLoC, hello Topics

Posted Jan 28, 2022 23:22 UTC (Fri) by Wol (subscriber, #4433) [Link]

Under those circumstances, I think it's pretty clear that the data subjects have given their permission.

There's a lot of FUD flying about the GDPR, and it's a good thing that it gives people control over data about them, but the central tenet is that the data subject is in control.

If the data subject CHOOSES to hand their data over to a data controller outside the jurisdiction of the GDPR, pretty much any court will be behaving lawfully when they say "more fool you" to an aggrieved plaintiff.

The point of the GDPR is to protect me if I hand over my information as, say, a condition of employment. If my employer then sells (or fails to look after properly) that data, they WILL get slammed under the regs. But if I just hand over my data to any Tom Dick or Harry, then that's *my* problem. That's why websites ask permission - if they collect it without my knowledge then they're supposed to destroy it sight unseen.

Cheers,
Wol

Goodbye FLoC, hello Topics

Posted Jan 26, 2022 22:05 UTC (Wed) by james (guest, #1325) [Link] (11 responses)

The Topics "are thoughtfully curated to exclude sensitive categories, such as gender or race".

And with an eye to the GDPRs' "special categories" of sensitive data, which require "explicit consent to the processing of those personal data".

This was always a problem for FLoC, since membership of a cohort can easily reveal political opinions (for example, which news sources a user accesses). If membership of a cohort could be combined with other data to identify an individual, it is illegal to process that data (i.e. that the user is a member of that cohort) until the user gives explicit consent to it, which is a bit of a problem when this is all supposed to be automatic.

One might conclude that if it took this long for Google to identify this problem, they are not seriously looking for a replacement: they just feel it necessary to be Doing Something before someone decides to actually enforce GDPR on the advertising industry.

Goodbye FLoC, hello Topics

Posted Jan 26, 2022 22:29 UTC (Wed) by dskoll (subscriber, #1630) [Link] (9 responses)

So what do you think the probability that someone interested in "Face & Body Care/Make-Up & Cosmetics" is a woman? I'd say at least 80%. And how about the probability that someone interested in "Off-Road Vehicles" is a man? I'd say at least 55-60%.

Add in enough categories and I bet Google could figure out gender, at any rate, with a confidence of 95%.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 0:51 UTC (Thu) by developer122 (guest, #152928) [Link]

I fully expect these categories to shift and change and fragment further into sub categories. This is by no means the final list. I would even expect a framework for sites and advertizers to make custom extensions to the categories. Even in real-time response to events and trends.

The timing on that sort of thing with real-world events could be quite telling as to where a person lives or on what side of an issue they fall.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 12:57 UTC (Thu) by kleptog (subscriber, #1183) [Link] (7 responses)

> Add in enough categories and I bet Google could figure out gender, at any rate, with a confidence of 95%.

Which is probably why they only send 3. And there's a pretty good chance one of those three is a randomly chosen topic.

If Google wants to know your gender they can just examine your Facebook page. If you don't have a Facebook page you're not an interesting part of the market anyway.

Seriously though, if you told people that there was a panel where you could choose to see more ads for expensive electronics and fast cars instead of for diapers, I'm sure there's a significant group that would consider that a good thing.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 14:30 UTC (Thu) by excors (subscriber, #95769) [Link] (2 responses)

> Seriously though, if you told people that there was a panel where you could choose to see more ads for expensive electronics and fast cars instead of for diapers, I'm sure there's a significant group that would consider that a good thing.

I think the basic tradeoff is more like: you regularly visit a web site that needs to make $0.10 in revenue from you (to pay for operating costs plus profit), so they will choose to show however many ads for expensive electronics and fast cars are necessary before you'll spend an average of $1 on those products, or they'll show however many ads for diapers so you spend $1.

If you never buy diapers (but they don't know that), they'll have to show you an infinite number of diaper ads, probably with lots of provocative images and auto-playing videos to try really really hard to convince you to buy diapers which you don't need, and that still won't be enough. Whereas if they know your interests enough to show a single ad for something that is genuinely relevant and useful for you, you're reasonably likely to give them the revenue they need, and their site can be financially viable without an obnoxious quantity of ads. It doesn't seem surprising that many people would prefer the latter.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 16:33 UTC (Thu) by LtWorf (subscriber, #124958) [Link]

They might start to put static html pages without 50MiB of js if they want to save money and have less ad revenue though.

Goodbye FLoC, hello Topics

Posted Jan 31, 2022 17:24 UTC (Mon) by moltonel (subscriber, #45207) [Link]

The problem with this reasoning is that the number of ads shown is not determined by a target amount of money made. Instead, the number of ads is increased until they become obnoxious enough that users stop visiting the site and ad income begins to drop. Whether the obnoxiousness comes from the number of ads or their irrelevancy does not matter.

Also, there are people (me included) who actually prefer to see irrelevant ads, because they are easier to mentally ignore and less able to manipulate you.

Correlation

Posted Jan 27, 2022 18:37 UTC (Thu) by tialaramex (subscriber, #21167) [Link] (3 responses)

In my circle of friends it is usual to manipulate Facebook's algorithm so that the constant advertisements are for stuff you don't mind in your field of view. For a large majority of those friends it turns out that "goth girls in lingerie" is both an advertising topic Facebook can be persuaded to show you and acceptable visual noise. Even for those friends who would plausibly identify themselves as "goth girls" I don't think lingerie is something they're likely to buy based on a Facebook recommendation, but it's an acceptable source of visual noise.

Right now though my Facebook adverts are 100% wall-to-wall adverts for an "innovation centre" which I think was built in my city in late 2019 and presumably is now realising that nobody wants to rent their office space and they never will again, oops. Facebook doesn't necessarily know I live here, but it does know I studied here, since that's why I have a Facebook account.

I didn't explicitly tell Facebook my gender, but interestingly Google correctly guessed my gender and *despite that* it spent months advertising women's shoes to me after I bought one pair because they are pretty (they're seriously very pretty, they're on a shelf in my living room). Not just women's shoes, but specifically exactly that same pair of shoes. Again, they're very pretty but nobody is going to buy two pairs. Advertising is algorithm driven and algorithms are dumb.

I think the evidence suggests that actually all the fuss over tracking based Internet advertising was a waste of time and money. $1000 spent on tracked Internet advertising won't actually be more effective than $1000 spent on, say, a billboard or a magazine advert, but tracking means you will get more advertising executives trying to *persuade* you that it worked because they have more tools to lie with. In particular, while the sales guy telling you that definitely somebody saw the billboard and then bought a brand new car is easy to dismiss, the guy saying the same thing about your Facebook advert has a chart that says so, how can it be wrong? Well, the same as the first guy, it's lying. That guy was on his way to buy the car when he passed the billboard, and he was reading Facebook right before buying a car too, it's not causality it's coincidence, and they've got more powerful tools to harvest coincidence online.

Why did I see all those shoe adverts? Because it's correlated. This guy saw your shoe advert AND he bought shoes. What do you mean which happened first?

Correlation

Posted Jan 27, 2022 22:55 UTC (Thu) by rgmoore (✭ supporter ✭, #75) [Link] (2 responses)

The problem with ads continuing to chase you after you've already bought the product is notorious. My suspicion is that this is an especially bad problem when your decision to buy the product isn't affected by the ad at all; you just decided to buy it by browsing on their web site. The ad broker is tracking your surfing habits and knows you've been looking at a product. If you had decided to look at the product based on an ad, they'd know because they track clicks. They would probably know when you bought it, because they really want to be able to prove that their ads lead to sales.

But if you don't follow the ad to the product, the broker will only know that you've looked at the product; they won't know that you've bought it. Worse, the brokers keep exactly who they show which ad secret from the advertisers because knowing who to target is the core of their business. The last thing they want to do is to tell advertisers who is being shown which ads. So they keep showing you the ad in hopes you'll buy, all the while keeping it secret from the advertiser, who could tell them it's pointless because they've already made the sale.

Correlation

Posted Jan 28, 2022 9:29 UTC (Fri) by nilsmeyer (guest, #122604) [Link] (1 responses)

> They would probably know when you bought it, because they really want to be able to prove that their ads lead to sales.

Perhaps that piece of information is missing? Instead the algorithm assumed you didn't buy but were strongly interested in buying since the sale hasn't been reported back to the advertiser.

Correlation

Posted Jan 31, 2022 6:36 UTC (Mon) by rgmoore (✭ supporter ✭, #75) [Link]

Perhaps that piece of information is missing?

Yes, that's the idea. The point I was trying to convey is that the information isn't missing randomly. It's missing because of the way online ads work, which means it can't easily be fixed without deep changes to the system.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 8:33 UTC (Thu) by nim-nim (subscriber, #34454) [Link]

> The Topics "are thoughtfully curated to exclude sensitive categories, such as gender or race".

> It may make sense for sites to provide their own topics (e.g., via meta tags, headers, or JavaScript)

Ah ah ah. We’re not evil web sites are. We don’t abuse privacy and cookie laws web sites choose to implement them in the most uneffective way they can think of.

Are those people real?

Goodbye FLoC, hello Topics

Posted Jan 26, 2022 22:07 UTC (Wed) by josh (subscriber, #17465) [Link] (7 responses)

> Apparently, the uproar over FLoC succeeded in diverting that particular plan, so Topics was born.

Excellent. Now let's kill Topics, and ideally leave enough of a smoking crater to discourage trying again.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 1:01 UTC (Thu) by developer122 (guest, #152928) [Link] (6 responses)

I foresee an endless series of dominoes ending with all of this happening *entirely* within the browser in secret, communicating with advertizers through a back-channel.

This is what happens when google owns not only the market but the actual *browser* through which the whole web is viewed. They have what every advertizer wishes for: a hold on the actual physical device.

We need a real and concerted effort to get people off of chrome onto literally anything else. Sympathetic websites running ads for other browsers to chrome users. Other software asking if you'd like to install chromium/firefox/whatever along with the product, like google toolbar in the good old days. People getting loves ones off of chrome and onto another browser. This needs to be war.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 1:04 UTC (Thu) by josh (subscriber, #17465) [Link] (5 responses)

If we're coordinating to get people off of Chrome, let's not treat Chromium as meaningfully different.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 22:16 UTC (Thu) by developer122 (guest, #152928) [Link] (4 responses)

It is meaningfully different. It's not shipped by google. The have no control over what ends up in the final product and cannot include anything in secret that the browser vendor cannot remove.

The only reason you're saying that is because it runs on a similar codebase which is nothing more than a technical detail. All the other browsers have defied google in not supporting third party cookies regardless of what engine they use to render HTML.

Goodbye FLoC, hello Topics

Posted Jan 29, 2022 18:15 UTC (Sat) by josh (subscriber, #17465) [Link] (3 responses)

Chromium is absolutely shipped by Google, from the same codebase with configuration options changed; it's just *compiled* by others, sometimes with a few additional configuration changes. Yes, it's Open Source and not hiding anything, but that doesn't mean it won't *openly* do things you'd rather it didn't, and those things aren't likely to change.

Also, Chromium still uses the same browser engine, and as a result, further encourages websites to only care about that same browser engine, which makes life harder for other browsers.

Chromium does not meaningfully diverge from browser design decisions made in Chrome; it may disable individual features (or support others compiling binaries with those features disabled), but won't make substantial direction changes that diverge from Chrome's.

If you very much like Chrome and just want it to be fully Open Source, then by all means run Chromium.

If you don't like Chrome's direction or choices, Chromium generally won't help you avoid them.

And if you want a multiple browsers to continue existing and thriving, try something not based on the same engine, like Firefox.

Goodbye FLoC, hello Topics

Posted Jan 29, 2022 18:19 UTC (Sat) by amacater (subscriber, #790) [Link] (2 responses)

Couldn't agree more. Also - both Chromium and Firefox are beasts to build. Various Linux distros are struggling to keep pace, especially where you have to build Rust toolchains or whatever in addition. The two browsers have enough code to be a mini OS in themselves and, sadly, upstream aren't always interested in building on architectures other than Intel/AMD/Android. Not a great situation to be in.

Goodbye FLoC, hello Topics

Posted Feb 7, 2022 0:47 UTC (Mon) by flussence (guest, #85566) [Link] (1 responses)

Things could be worse, we still have WebKit and I don't think that's going away any time soon. The only thing holding it back on Linux is that it's treated like a throwaway thing and nobody tries to build a serious browser on it.

Goodbye FLoC, hello Topics

Posted Feb 7, 2022 4:38 UTC (Mon) by pabs (subscriber, #43278) [Link]

I haven't used it, but the GNOME Web browser is based on WebKit.

Goodbye FLoC, hello Topics

Posted Jan 26, 2022 22:26 UTC (Wed) by IanKelling (subscriber, #89418) [Link] (3 responses)

Right, this feature shouldn't exist. Assuming it does go forward,

> we're building user controls that let you see the topics, remove any you don't like or disable the feature completely

But "disabled" sounds like it isn't really disabled in practice. It sounds like it means sending 0 topics, which will categorize you as a special minority, one that websites will discriminate against, like the popups "You aren't helping us show ads! Stop or go away!". For this opt-out feature, disabled should be to send some of the most popular topics are so you appear normal.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 5:03 UTC (Thu) by devkev (subscriber, #74096) [Link] (2 responses)

> Advertisers (and others) can request information via a JavaScript call to document.browsingTopics(), which will return zero to three Topic IDs

My initial reaction was "Ugh, more JavaScript". But then I realised this makes it very easy to have a browser extension which monkey-patches the method to return 3 random topics instead.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 11:13 UTC (Thu) by k8to (guest, #15413) [Link] (1 responses)

I'm sure google will, in time, disallow such privacy extensions by api removal.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 12:06 UTC (Thu) by devkev (subscriber, #74096) [Link]

There are an awful lot of extensions that rely on content page JS injection, so I think it's more likely they'd adjust the Chrome Store policies to disallow hooking browsingTopics() (including whatever automated extension testing they have). The end result is effectively the same - any such extension could only be side-loaded, which is fine for technical folks, but as good as non-existent for regular users.

Goodbye FLoC, hello Topics

Posted Jan 26, 2022 22:38 UTC (Wed) by jmaa (guest, #128856) [Link] (14 responses)

Could someone explain why Google stopped with contextual advertisment? Seems like the acceptable sweet spot of usefulness and creepyness, while avoiding the adtech privacy catastrophe.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 3:41 UTC (Thu) by droundy (guest, #4559) [Link]

I see most of my ads when visiting recipe sites, but don't spend most of my money on cooking paraphernalia.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 5:38 UTC (Thu) by felixfix (subscriber, #242) [Link] (10 responses)

That has always confused me. The most appropriate ads are for the page you are viewing exactly right now. Reading a hiking blog? Flannel shirts, walking sticks, mountain bikes, all sorts of things come to mind. Nothing is more appropriate. Ads for what I was reading yesterday, pr the page before this one, are less relevant than the page I am reading right now.

I also wish they'd get back to simple text ads. My brain ignores flashing ads, columns of pictures, all that ad stuff. When there were text ads, I used to actually skim them.

It was the same back in the days when I read print newspapers and magazines. I ignored the mass production ads. If I was looking for snowshoes, I looked for snowshoe ads.

Context is everything. Why feed me ads for real estate agencies when I am reading a page with a pot roast recipe?

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 16:13 UTC (Thu) by khim (subscriber, #9252) [Link] (7 responses)

> That has always confused me.

Why?

> The most appropriate ads are for the page you are viewing exactly right now.

Sure. They are most appropriate, but are they most lucrative? Obviously no. And guess what advertisers prefer.

> Reading a hiking blog? Flannel shirts, walking sticks, mountain bikes, all sorts of things come to mind. Nothing is more appropriate.

Sure. But if you are avid fun of hiking you wouldn't spend all your money on these. And if they can, somehow, guess about what you want to buy (as opposed to what you want to read about) the chances of selling you something increases.

> When there were text ads, I used to actually skim them.

Yes, but is it more lucrative to try to sell something to you and not to someone who can barely read two sentences?

> Context is everything. Why feed me ads for real estate agencies when I am reading a page with a pot roast recipe?

Because this brings more money?

What often baffles me on LWN is simultaneous combo of people who are bright and, see many different things — yet, simultaneously, couldn't understand that they are rare minority and something designed to cater to majority, may, in fact, look stupid and crazy to them because majority is different and because if you look on who actually spends money on things situation is even more different.

Goodbye FLoC, hello Topics

Posted Jan 28, 2022 3:33 UTC (Fri) by felixfix (subscriber, #242) [Link] (6 responses)

Advertisers certainly want the most bang for the buck, but how do they know what that is? Google's incentive is to get advertisers to spend as much as possible, and their reporting on how well their own advertising works is suspect. All advertisers really have to go on is Google's reports vs other ad agencies. I don't have any reason to think Google is outright lying to their clients, but incentives work behind the scenes to distort things invisibly. I have no doubt Google analysts routinely come up with many marvelous ways to emphasize their most expensive advertising's benefits without any explicit bias.

Marketing departments also have the wrong incentives. Like all bureaucrats in unmeasurable fields, they operate on hunches backed by selective data. I imagine the old saying "you can't go wrong with IBM" has a Google counterpart today.

Don't get so excited by your own superior imagination. Your idea of majority and minority is just as wonky as what you claim as everyone else's delusions. Follow the money, follow the incentives, and remember that everyone is biased and usually doesn't know what invisible incentives they are following.

Goodbye FLoC, hello Topics

Posted Jan 28, 2022 8:12 UTC (Fri) by JanC_ (guest, #34940) [Link] (4 responses)

Interesting data-point: when the GDPR was introduced, the NYT switched from tracking-based ads to context-based & geographical-based advertising for EU visitors… and saw its ad revenue from those visitors increase.

Goodbye FLoC, hello Topics

Posted Jan 28, 2022 11:08 UTC (Fri) by khim (subscriber, #9252) [Link] (3 responses)

But that's only natural: if ads have become less effective them advertisers would need more of them to get the same sales.

It's precisely the same story as with TV ads: TV networks were getting lots of money from ads because they were less effective than ads in the Internet!

Of course after advertisers realized what's happening they moved ads from TV to the Internet. Which made ads in the Internet less lucrative thus some ads remained on TV.

GDPR reversed that trend and turned NYT into TV-of-sorts… of course this should introduce jump in revenues… till advertisers would realize what's happening and move ads elsewhere.

NYT is probably big and important enough to retain some advertisers, but small web sites may end up with no ads (and no income) at all if they would do something like that.

Goodbye FLoC, hello Topics

Posted Jan 28, 2022 12:17 UTC (Fri) by laarmen (subscriber, #63948) [Link] (2 responses)

Can we really draw any conclusion from the available data? An increase in revenue might mean an increase in views, but could also mean an increase in click conversion, as those *can* be measured and billed, contrary to TV-ads which are solely based on views.

Goodbye FLoC, hello Topics

Posted Jan 28, 2022 16:15 UTC (Fri) by JanC_ (guest, #34940) [Link]

Also, NYT was then selling those ads directly, instead of through a broker, so they cut out a middle man, I suppose…

Goodbye FLoC, hello Topics

Posted Jan 28, 2022 17:00 UTC (Fri) by khim (subscriber, #9252) [Link]

> as those *can* be measured and billed, contrary to TV-ads which are solely based on views.

Not anymore. They stopped serving targeted ads because they don't want to deal with GDPR requirements. I don't think they would want to bring these [potential] liabilities back just to get these numbers.

Goodbye FLoC, hello Topics

Posted Jan 28, 2022 11:01 UTC (Fri) by khim (subscriber, #9252) [Link]

> Like all bureaucrats in unmeasurable fields, they operate on hunches backed by selective data.

That's where third-party cookies become important. If they are used then you may count all the times ad was shown and even track user from the ads to purchase of goods.

Of course this only shows how lucrative ad is for the advertiser, it's hard to measure how effective is it for the Website.

Google actually shows irrelevant ads to small percentage of users on purpose to see if they would click on them!

And yes, of course it's not a precise science: if people who are visiting the web site were rational then ads would have been completely useless.

> Follow the money, follow the incentives, and remember that everyone is biased and usually doesn't know what invisible incentives they are following.

It's true, to some degree, but it's not as if Google used guns to make people switch from TV ads and newspaper ads to their platform. That part happened before it become an established truth that it's better to go with Google or YouTube ads than spending money on TV ads.

Goodbye FLoC, hello Topics

Posted Jan 28, 2022 2:50 UTC (Fri) by developer122 (guest, #152928) [Link] (1 responses)

"Most appropriate for the page" means nothing. If I'm an auto mechanic I'm most likely to buy tools so you shouldn't show me baking supplies the one time I visit a recipe site. I won't buy them.

The theory goes that google can overall produce an accurate profile of "you" and what you're most interested in buying, or what you're susceptible to that's most willing to pay for ad space. Then they plaster that *everywhere.* The mechanics forum, the baking site, your search results, every website you visit.

Goodbye FLoC, hello Topics

Posted Jan 28, 2022 3:18 UTC (Fri) by felixfix (subscriber, #242) [Link]

On the contrary: an auto mechanic on a recipes page is more likely to already have all the job tools he needs and more unlikely to have the cooking tools.

Auto mechanics use a lot of specialty tools that very few other people will ever know about, let alone use. They are also more likely to already have sources for new tools and not likely to respond to ads for new sources. They are also not likely to google for how to repair pages in the ordinary course of business.

Or to put it another way: the people most likely to google for how to repair pages are the amateurs who don't already have a vast collection of repair tools, not the professionals who do have that vast collection. Similarly, the people most likely to google for recipes are the amateur cooks who might be interested in new pots and pans and implements of cooking, not the professional chefs who already have almost everything they need, and if they do buy something new, it will be from a friend's and/or colleague's recommendation.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 15:27 UTC (Thu) by farnz (subscriber, #17727) [Link] (1 responses)

The timing correlates with when Google bought DoubleClick; from the outside, it looks like DoubleClick's values w.r.t. users and advertisers won out over the native Google attitudes.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 23:39 UTC (Thu) by rgmoore (✭ supporter ✭, #75) [Link]

That may be right, but it may also be that Google had already started to adopt, or was being pushed in the direction of, DoubleClick's attitudes, and that's what made the purchase seem reasonable. You only buy a company like DoubleClick if you're intending to move into their business.

Goodbye FLoC, hello Topics

Posted Jan 26, 2022 22:39 UTC (Wed) by Rigrig (subscriber, #105346) [Link] (5 responses)

> While it is sometimes comical to see Google ads recommending the book you just purchased, or the hotel/flight/rental car you already reserved, it hardly seems like it leads to increased sales for the advertisers.

It is my understanding this happens because ad-networks are simply interested in showing a high conversion rate, measured as "products bought after seeing them advertised". It turns out that predicting purchases is much easier than actually convincing people to buy something, and they don't have (real-time) access to sales data, so it pays off to show a few too-late ads if it increases the chance of having shown the ad just before a purchase.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 2:37 UTC (Thu) by pabs (subscriber, #43278) [Link] (4 responses)

That sounds like fraud to me, I wonder why the people placing advertisements with Google aren't suing over this. I guess it is pretty hard to prove though? Google ads are supposed to be helping create new purchases, not helping predict purchases that would have happened anyway.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 9:01 UTC (Thu) by nim-nim (subscriber, #34454) [Link]

Fraud is extremely common in the advertising space, traditional ads cost enough money customers do check they are effective, the web ad space is something else.

Cookies and topics exist, to reassure the people that bid for micro ads their money may produce some effect. It’s a belief system.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 16:17 UTC (Thu) by khim (subscriber, #9252) [Link] (1 responses)

> Google ads are supposed to be helping create new purchases, not helping predict purchases that would have happened anyway.

Who told you that?

It's really hard to convince someone to buy something new.

It's much easier to convince someone who is already planning a purchase to choose your shop rather than someone's else shop.

Of course Google ads were targeted on the latter auditory rather then former one. From the day one when ads were served only near search results.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 23:57 UTC (Thu) by pabs (subscriber, #43278) [Link]

Predicting purchases is a different to redirecting purchases from one vendor to another vendor.

Goodbye FLoC, hello Topics

Posted Jan 28, 2022 0:47 UTC (Fri) by Rigrig (subscriber, #105346) [Link]

What would they sue over? You order ads to be shown to interested people, they show ads to interested people. And then you work out how you are going to pay for those ads: per click, per view, per click-conversion, or per view-conversion.

And if you pay per view-conversion, obviously the algorithm will optimize for that, resulting in this effect.
Even if ad networks wanted to, I doubt the AI could be trained to "maximize conversion rate, but by creating new purchases, not predicting them". (They would if they could, because customers will notice a 30% conversion rate with ad broker A resulting in higher sales than 30% with broker B.)

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 2:31 UTC (Thu) by pabs (subscriber, #43278) [Link] (5 responses)

I wonder why they don't do the obvious thing of just switching entirely to contextual advertising; base the advertisement shown on what content is on the page near/containing the advertisement.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 4:55 UTC (Thu) by dmarti (subscriber, #11625) [Link]

The answer to that one is in the company's origin story: because stacks of generic PC hardware worked better for them than a big Digital or Sun server. Using the cheap generic option for a task means you get to keep the money that the competition is spending on the more expensive solution.

What worked for server hardware is also working for Google in the web ad market: Google can make more money by introducing ads on cheap, low-engagement sites into the same market with ads on higher-cost sites. And since no advertiser would believe audience info from a cheap, low-engagement site, the only way to make it work is with some kind of third-party tracking. It's all about commodity inputs, in this case commoditizing web content.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 8:25 UTC (Thu) by ballombe (subscriber, #9523) [Link]

Remember the time when every articles about RedHat was preceded by a banner advertising ostrich-feathered hats ?

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 12:57 UTC (Thu) by nim-nim (subscriber, #34454) [Link] (2 responses)

Google can’t do that because it advertises on web sites with no obvious marketable context.

The web sites that do have an obvious marketable context don’t run Google ads, they are either merchant web sites (displaying ads for their own product, like Amazon), or run adverts by price comparators for the products most obviously associated with their context.

Google specializes on low-effect advertisement carpet bombing, with creepy tracking to reassure buyers it has some effect.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 13:00 UTC (Thu) by nim-nim (subscriber, #34454) [Link]

(also the contextual part of Google’s ad business is implemented via sponsored links in their search engine)

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 23:54 UTC (Thu) by rgmoore (✭ supporter ✭, #75) [Link]

Google can’t do that because it advertises on web sites with no obvious marketable context.

That doesn't necessarily follow. I think the idea is to base the ads on what's on the web page, not necessarily try to sell what's on the web page. So, for example, if somebody has a web page describing their hikes, you figure out what hikers are interested in and try selling that. Maybe that's hiking equipment, but maybe people who like hiking are interested in their health, so it's a good place for ads for wellness products.

This was the traditional model of advertising. Advertisers tried to figure out what kind of people would be interested in their product and put their ads in the kinds of publications that would appeal to those people. If you bought a car magazine, it would be full of ads for cars and car accessories, but it would also include lifestyle products calculated to appeal to people who liked fancy cars. If you bought a fashion magazine, it would be full of ads for clothes, but also for perfume and cosmetics.

I think that's intended to be the goal of something like topics. The idea is that it lets ad companies figure out that people who are interested in topic foo are also interested in topics bar and baz. That way even if there aren't any obvious marketing angles related to foo, or if there are more web sites devoted to foo than there are advertisers interested in selling it, they can try selling bar and baz on foo websites.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 9:27 UTC (Thu) by developer122 (guest, #152928) [Link]

>Advertisers (and others) can request information via a JavaScript call to document.browsingTopics(), which will return zero to three Topic IDs, one for each of the previous three weeks, in a random order. The top five Topics for a given week are collected and one random Topic chosen from the full list is added in; one of those six Topics will be chosen for the week. In addition, Topics are tracked in a somewhat complicated scheme to try to "prevent the direct dissemination of user information to more parties than the technology that the API is replacing (third-party cookies)". Said scheme restricts sending Topics to callers that have already called the Topics API for the user on another site that shares a Topic ID with the site in question. So browsers can only send a Topic ID if the advertiser has asked for Topics from a related site (i.e. one that shares the Topic). The GitHub site has a lengthy example to show how it all works.

This sounds horrifyingly convoluted. I'm sure a smarter person than me can find lots of counter-intuitive ways to leak information from that mess by making repeated calls, for example from lots of throwaway sites with different topics.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 9:51 UTC (Thu) by camhusmj38 (subscriber, #99234) [Link] (1 responses)

The question really must be will any other browser vendor implement / enable this? In particular, Apple in mobile Safari, Microsoft in Desktop Edge and Mozilla in Firefox. If not then it's easy to escape without doing anything particular.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 12:28 UTC (Thu) by mathstuf (subscriber, #69389) [Link]

Do they care? Chrome has the market cornered, can't run their own engine on iOS anyways (where Chrome is least-used by platform), and can therefore put out whatever standards they want and know that "most" users will have it available in a few weeks of deployment (more or less). Sure, iOS isn't going to get it as nicely as others, but Apple gives everyone a laggard engine anyways, so any new feature is going to take time there no matter what. What kind of response do the other browser vendors have that would make Google care about dropping this kind of functionality (however they market it)?

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 13:55 UTC (Thu) by jezuch (subscriber, #52988) [Link] (2 responses)

"Under capitalism, our best and brightest minds are using their talents just to get people to click on ads"

The tragedy continues.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 17:10 UTC (Thu) by benj (guest, #156429) [Link] (1 responses)

I'm with you, this whole debate seems like a waste of everybody's time and Google will just do what they want anyway.

Goodbye FLoC, hello Topics

Posted Jan 29, 2022 14:31 UTC (Sat) by james (guest, #1325) [Link]

Until the EU decides they will just do what they want anyway.

Goodbye FLoC, hello Topics

Posted Jan 27, 2022 17:45 UTC (Thu) by IanKelling (subscriber, #89418) [Link]

I'd like to see the people implementing this to respond to
https://eshoo.house.gov/media/press-releases/eshoo-schako...

Goodbye FLoC, hello Topics

Posted Jan 29, 2022 8:12 UTC (Sat) by milesrout (subscriber, #126894) [Link]

> The Topics "are thoughtfully curated to exclude sensitive categories, such as gender or race".

Why is this a good thing? I don't want ads for feminine hygiene products, or make-up. What are 'sensitive categories' anyway? Gender and race, apparently. I don't think they're particularly sensitive, personally. What else? Is it basically the same as the list of factors you aren't typically allowed to factor in when hiring people? Does it include things like having children? Or that you are planning to have children? Does it include highly gendered topics like 'make up' or 'skirts' or 'business suits'? Does it include things that correlate with 'sensitive topics'? Is political affiliation a sensitive topic?

I now see the categories are public. And indeed it does include '/Arts & Entertainment/Music & Audio/Soul & R&B', '/Arts & Entertainment/Music & Audio/Rap & Hip-Hop' and '/Arts & Entertainment/Music & Audio/World Music/Reggae & Caribbean Music'. I wonder how much those correlate with race.

It includes '/Arts & Entertainment/TV Shows & Programs/TV Family-Oriented Shows'. It includes '/Beauty & Fitness/Face & Body Care/Make-Up & Cosmetics'. It includes '/Hobbies & Leisure/Outdoors/Hunting & Shooting'. It includes '/Jobs & Education/Education/Early Childhood Education'. It is not hard to imagine some of these being *highly* correlated with certain protected 'sensitive' categories.

Facebook got a lot of flack for allowing people to target ads at certain political groupings around the 2016 American elections. I don't see how Google will prevent people from targeting 'Rap & Hip-Hop' + 'Basketball' if they wanted to target African-Americans, or 'Hunting & Shooting' + 'Country Music' + 'Pickup Trucks' if they wanted to target "redneck" Americans, etc. etc. If this is meant to produce something that can't be used to target so-called "sensitive categories" then it's a blatant failure.

Goodbye FLoC, hello Topics

Posted Feb 3, 2022 7:03 UTC (Thu) by oldtomas (guest, #72579) [Link]

Privacy Sandbox

Oh, yeah. This is an ad company. They'll sell you a cilice [1] as a "comfort device".

Keeping a safe distance between myself and Chrome (and Android) for now.

[1] https://en.wikipedia.org/wiki/Cilice