|
|
|
|
|
|
by SquareWheel
1836 days ago
|
|
|
I think language could be an issue here, but the problem as I see it is that cohort ID doesn't contain even a summary of the data. It's really just a number. The website or ad network is able to read those numbers and build profiles on them, but it's still divorced from the user and their specific data. I think a better comparison is that of a hash. It sums up the data, but is just a unique identifier for it. Of course with a cohort ID it's non-unique (by design). Because the browser is only sending a number, it retains the ability to change, randomize, or obscure that number. That's an important privacy consideration of the system. For what it's worth, I do think more work is needed. One of Mozilla's suggestions which I liked was to automatically send a missing ID on occasion, just to keep things a little hazy and reduce fingerprinting viability. Fingerprinting is inherently less-necessary as a result of FloC, and you need to balance it to not become necessary again, but it's a way to protect users that fully opt-out without themselves become fingerprintable. |
|
|
Almost certainly your browser history is summarized into a vector, and then the closest class number is chosen and sent.
You might not know which vector the number represents, but it does represent a vector for the centroid, and has relationships with other cohorts.
I'd say it's guaranteed that that interface is leaky