"FLoC cohorts will comprise thousands of users each, so a cohort ID alone shouldn’t distinguish you from a few thousand other people like you. However [a tracker now] only has to distinguish your browser from a few thousand others (rather than a few hundred million). In information theoretic terms, FLoC cohorts will contain several bits of entropy—up to 8 bits, in Google’s proof of concept trial. This information is even more potent given that it is unlikely to be correlated with other information that the browser exposes. This will make it much easier for trackers to put together a unique fingerprint for FLoC users."
"as your FLoC cohort will update over time, sites that can identify you in other ways will also be able to track how your browsing changes [...] a FLoC cohort is nothing more, and nothing less, than a summary of your recent browsing activity."
The second paragraph you quote is literally the counter example of what I just said.
There needs to exist a way to identify you in other ways and in the future cookies won't be one of those. So a site that has your information because you shared it with them will be able to see your cohort changing, otherwise you'll look like a new user each time.
And yeah I'm extremely familiar with FLoC, more so than the EFF.
The link you posted examines the issue in detail, IP address on its own is already on its own a decent identifier at the household level, and used today, and that's why there is a specification on Willful IP Blindness proposed by Google.
But IP alone is imperfect as well anyway for tracking.
Interesting, didn't know that. In that case then how does it identify a cohort in a useful manner? Surely websites will need to temporally tie together the values to be able to target ads?
The cohort semantic meaning is stable, although not disclosed an ML system would learn its correlation to a given goal.
Cohort membership changes pretty frequently instead. So the system may put all people that browse mostly golf sites together in cohort 12345 that only the algorithm knows it's about golf sites, people enter and leave that cohort on a daily basis and you can only be a member of a single cohort at a time.
Why would the cohort membership change frequently? Isn't it based on your browsing habits? I don't think my habits change frequently—do most people's?
Also, even if I take for granted that everyone's cohort changes daily, how does that imply anonymity? Like say my habit is that I check emails a ton on Monday, go on YouTube on Saturday, read the news on Sunday, etc... so my habits are changing daily, okay, but not weekly, right? Or maybe I do them in a different order on another week, but I'm not going to develop 1000 different habits across 1000 days, right? Shouldn't some kind of frequency analysis provide fairly consistent results?
Cohorts cannot be too small (or they are not published), nor too big (or they are not particularly useful for capturing a particular set of behaviors/interests). The algorithm will balance these two constraints which will lead to any individuals coming in and out of particular cohorts. The semantic meaning of a cohort will likely change over time as well. For that, FLoC is proposing adding version IDs
“Why would the cohort membership change frequently? Isn't it based on your browsing habits?” -> cohorts need to be rebalanced over time, so your cohort membership could change.
