Duckduckgo Chrome



© Illustration: DuckDuckGo

DuckDuckGo has also updated its Chrome extension to block FLoC. At the time of writing this, the update is yet to appear on the Chrome web store. But if you have the DuckDuckGo extension installed. While we might never see that day, at least companies like DuckDuckGo are doing their part to combat the latest and greatest in tracking technologies. In this case, that’s Google’s decision to push.

Duckduckgo ChromeDuckduckgo news page

Dsg service cost. Wouldn’t it be lovely if you could browse the web without having to worry about your actions and activities being tracked, dumped into a profile, and sold to marketers so they can more effectively target you with ads for stuff that might interest you slightly more than other stuff?

While we might never see that day, at least companies like DuckDuckGo are doing their part to combat the latest and greatest in tracking technologies. In this case, that’s Google’s decision to push forward with FLoC—something DuckDuckGo dislikes so much, it’s now adding anti-FLoC tracking capabilities to its Chrome extension. And it’s worth checking out if you want to limit tracking as much possible while you’re in Google’s house.

What the FLoC?

If you haven’t heard of FLoC, I don’t blame you. I can’t count the number of people I know who don’t use any kind of blocking software whatsoever in their browsers; the average person doesn’t know about, nor care about, how they’re tracked around the web.

Google’s decision to block third-party cookies in Chrome and instead switch to a model based around FLoC, or a “Federated Learning of Cohorts,” works like this: Instead of being treated as an individual whose browsing habits (combined with all kinds of other data) could be used to de-anonymize you online, you’ll instead be a nameless individual inside of a larger group of people, or cohort, who share similar characteristics.

As the Web Incubator Community Group’s GitHub page for FLoC describes:

“The browser uses machine learning algorithms to develop a cohort based on the sites that an individual visits. The algorithms might be based on the URLs of the visited sites, on the content of those pages, or other factors. The central idea is that these input features to the algorithm, including the web history, are kept local on the browser and are not uploaded elsewhere — the browser only exposes the generated cohort. The browser ensures that cohorts are well distributed, so that each represents thousands of people. The browser may further leverage other anonymization methods, such as differential privacy. The number of cohorts should be small, to reinforce that they cannot carry detailed information — short cohort names (“43A7') can help make that clear.”

Critics of FLoC argue the technology creates as many privacy problems as it attempts to solve: from what happens when a user’s information (“hidden” in a cohort) is suddenly tied to identifying characteristics, like a login, to the general discriminatory issues that come from being able to target different groups of people in different ways on the web. As the EFF’s Bennett Cyphers writes:

“Even with absolute power over what information can be used to target whom, platforms are too often unable to prevent abuse of their technology. But FLoC will use an unsupervised algorithm to create its clusters. That means that nobody will have direct control over how people are grouped together. Ideally (for advertisers), FLoC will create groups that have meaningful behaviors and interests in common. But online behavior is linked to all kinds of sensitive characteristics—demographics like gender, ethnicity, age, and income; “big 5” personality traits; even mental health. It is highly likely that FLoC will group users along some of these axes as well. FLoC groupings may also directly reflect visits to websites related to substance abuse, financial hardship, or support for survivors of trauma.”

The ideal solution to this problem is to eliminate tracking altogether—no third-party cookies, no fingerprinting, no cohorts, no nothing. Realistically, you’re going to have to wage this battle yourself, as companies like Google have a vested interest in playing to the middle (or, barring that, being a little more advertiser-friendly, since that’s what helps keep the lights on).

That’s where DuckDuckGo’s extension comes into play. Since Chrome is the only browser that currently uses FLoC—rather, will use FLoC (it’s being tested right now)—all you have to do is make some tweaks to keep yourself away from the tracking tech. If installing an extension is too onerous, DuckDuckGo notes that you can try a few other techniques to disable FLoC (for now):

  • Stay logged out of your Google account;
  • Don’t sync your history data with Chrome, or create a sync passphrase;
  • In Google Activity Controls, disable “Web & App Activity” or “Include Chrome history and activity from sites, apps, and devices that use Google services;”
  • In Google Ad Settings disable “Ad Personalization” or “Also use your activity & information from Google services to personalize ads on websites and apps that partner with Google to show ads.”

I’m not a huge DuckDuckGo user, but I can’t fault the company’s assessment on this one. And then there’s whole “Google testing FLoC without asking users to opt-into the trial” aspect, which also leaves me a bit at a loss for words, privacy-wise. Daemon tools for mac keygen. (Disable all third-party cookies to opt out of the FLoC trial, if you’re enrolled—though that’ll probably break your web experience, so you might be better off using a different browser entirely for the time being.)

I don’t envision the future will be FLoC-free, but if you’re a Chrome fan, you can at least steady yourself for the next big push into your privacy. And I can’t wait for someone to make an extension that tells you whether the website you’re visiting is taking advantage of FLoC or opting out.

  • Google has created a new tracking method called FLoC, put it in Chrome, and automatically turned it on for millions of users.
  • FLoC is bad for privacy: It puts you in a group based on your browsing history, and any website can get that group FLoC ID to target and fingerprint you.
  • You can use the DuckDuckGo Chrome extension to block FLoC's tracking, which is an enhancement to its tracker blocking and directly in line with the extension's single purpose of protecting your privacy holistically as you use Chrome.
  • DuckDuckGo Search (via our website duckduckgo.com) is now also configured to opt-out of FLoC, regardless if you use our extension or app.

What just happened?

If you're a Google Chrome user, you might be surprised to learn that you could have been entered automatically into Google's new tracking method called Federated Learning of Cohorts (FLoC). It groups you based on your interests and demographics, derived from your browsing history, to enable creepy advertising and other content targeting without third-party cookies. After a short trial period, Google decided not to make this new tracking method a user choice and instead started automatically including millions in the scheme. If you're reading this in Chrome while logged in to a Google account, yes, that likely means you too, and if not now, then eventually.

As a user, what can I do to avoid this?

The criteria for being opted into FLoC are somewhathidden and conflicting, but there are three methods for blocking FLoC:

  1. Don't use Google Chrome! Right now FLoC is only in Google Chrome, and no other browser vendor has expressed an intention or even interest to implement it. There are various browsers that are free to download, and we recommend some in our guide to Google alternatives. On iOS or Android we suggest you use our own mobile browser, which offers best-in-class privacy protection by default when searching and browsing.
  2. Install the DuckDuckGo Chrome extension. In response to Google automatically turning on FLoC, we've enhanced the tracker blocking in our Chrome extension to also block FLoC interactions on websites. This is directly in line with the single purpose of our extension of protecting your privacy holistically as you use your browser. It’s privacy, simplified. (If you use a non-Chrome browser, you can get our extension here.) The FLoC blocking feature is included in version 2021.4.8 and newer of the DuckDuckGo extension, which should auto-update, though you can also check the version you have installed from the extensions list within Chrome.
  3. Change your Chrome and/or Google settings, which we recommend you do in any case if you continue to use Chrome. It seems (but Google isn't very clear about this so we aren't certain) that if you perform any of the following, then Google will exclude you from FLoC, at least for the time being. And as there are still many unknowns and things are changing rapidly, the effectiveness of these steps may change in future.
    • Stay logged out of your Google account;
    • Don't sync your history data with Chrome, or create a sync passphrase;
    • In Google Activity Controls, disable “Web & App Activity” or “Include Chrome history and activity from sites, apps, and devices that use Google services;”
    • In Google Ad Settings disable “Ad Personalization” or “Also use your activity & information from Google services to personalize ads on websites and apps that partner with Google to show ads.”

Install Duckduckgo Chrome

Note that even if you change these settings, we also recommend installing the DuckDuckGo Chrome extension to get holistic privacy protection when using Chrome, including private search, tracker blocking, Smarter Encryption, and Global Privacy Control. For non-Chrome desktop browsers, you can get our extension here.

So, what is FLoC anyway?

With browsers dropping support for third-party cookies, FLoC is Google's approach for replacing them. It's being developed in the open and is claimed by Google to be good for privacy. However, it has received widespread criticism from privacy experts, including from EFF who say it's a 'terrible idea' and implored Google 'please don't do this.' We agree with their assessment, and, in a world where it does exist, it should be explicitly opt-in for users (free of dark patterns). In addition, while Google isn’t phasing out third-party cookies in Chrome until at least 2023, FLoC is already live today in 2021.

What are some of those privacy concerns with FLoC?

With FLoC, by simply browsing the web, you are automatically placed into a group based on your browsing history (“cohort”). Websites you visit will immediately be able to access this group FLoC ID and use it to target ads or content at you. It's like walking into a store where they already know all about you! In addition, while FLoC is purported to be more private because it is a group, combined with your IP address (which also gets automatically sent to websites) you can continue to be tracked easily as an individual.

Google itself maintains detailed profiles of users, built up over time from what they've learned about users (including through passive trackers lurking on most websites), but with FLoC they're now exposing your derived interests and demographics from this profile to the websites you visit via FLoC IDs. Although the cohorts you belong to over time are non-descriptive and represented by an anonymous-looking number, it won't be long before people or organizations work out what FLoC IDs really mean, e.g. what interests and demographic information they are likely correlated with.

Duckduckgo Chrome Plugin

But don't just take it from us. Google itself has said this new approach is at least 95% as effective as third-party cookie tracking, continuing the ability to target people based on age, gender, ethnicity, income, and many other factors. This targeting, regardless of how it's done, enables manipulation, discrimination, and filter bubbles that many people would like to avoid.

Please also note that FLoC IDs will also be accessible by third-party trackers lurking on websites. As we’ve explained recently, to protect yourself from these trackers, you need to stop them from loading in your browser, which is also accomplished by the DuckDuckGo extension and app.

As a website owner, what can I do to avoid this?

Websites can take steps to protect the privacy of their users by opting out of FLoC, which would be applicable to all their visitors. It's done by simply sending the following Permissions-Policy HTTP response header:

Permissions-Policy: interest-cohort=()

Some publishers like The Markup and The Guardian have already done so, as have we at DuckDuckGo Search, and we encourage others to follow.

What’s next?

We're disappointed that, despite the many publicly voiced concerns with FLoC that have not yet been addressed, Google is already forcing FLoC upon users without explicitly asking them to opt in. We're nevertheless committed and will continue to do our part to deliver on our vision of raising the standard of trust online.

For more privacy advice follow us on Twitter, and stay protected and informed with our privacy newsletters.