Embeddings and Differential Privacy Methods as an Alternative to Internet Cookies

The advertising industry can no longer hope to continue tracking users as they are doing today in the coming years as customers are growing more aware, if not enraged, by the practices. Cookies along with other tracking mechanisms make customers feel uneasy, which in turn has led governments to introduce privacy laws – users need to be aware of what data they are giving away, what they are used for, and they may reject giving away data altogether. Marketers today, through browsers, are increasingly facing the challenge of handling third-party cookies as the usage become more and more controversial. Browsers such as Safari and Firefox in the last few years have blocked third-party cookies by default. It is understandable that for Safari and Firefox it is much easier to block cookies as the two browsers’ parent organization don’t rely on advertising revenues, unlike Google – Google’s Chrome browser does not block cookies by default. But now, even Google has conceded to the need to create a more private internet. It has recently announced that it will phase out the usage of third-party cookies by 2022. Finding alternative to cookies is good from many perspectives. First and foremost, privacy risk from cookies will be removed, this in turn, is good for business in the long term as customers are growing to be more and more privacy-aware. In the regulatory sense, as customers have pushed governments to pass strict regulations, keeping compliance means avoiding legal trouble, which is good for business in the short-term as well as long-term – regulations will only get tougher. If businesses – the browsers as well as advertisers, don’t adapt now, they will be too big of a gap in the future. Through it’s Privacy Sandbox initiative, Google has been exploring different methods to replace cookies while still enabling marketing use cases that rely on cookies today. Google believes that it is possible to create relevant ads without necessarily sacrificing privacy, which is the situation today. The Privacy Sandbox has allowed debates around privacy, it has enabled the community to participate in creating a more private internet as the initiative is open-sourced. Most importantly, the initiative has created progress. At first, Google did not exactly commit to ending the usage of third-party cookies, but through experimenting one of the proposal generated in the initiative, it is now confident that the idea is feasible. This paper analyzes the proposal, FLoC (Federated Learning of Cohorts). The proposal is evaluated from the perspective of it being one of the alternatives to cookies – whether it indeed offers privacy, whether it is technically feasible, and whether there are any researches backing its commercial potential. The proposal is also evaluated for privacy risks that remain open and what improvements can be done - particularly to address fingerprinting issues. Embeddings and differential privacy are explored as solution to the issues. As background of the research, the paper starts with the context of internet advertising, the mechanics and usage of cookies, the different types of cookies and the legal regulations around cookies. The paper also closely examines the privacy concern specifically with third-party cookies to be able to then conclude whether the privacy offered by the FLoC proposal is adequate. Details of the current state of third-party cookies handling by different browsers existing in the market are also examined. At the end of the paper, the paper will examine what next steps are advised to further the research in this field.