The Hidden use of Federated Learning to Auction Adverts in your Browser – FLEDGE

It’s a general rule that if you’re using a company’s product and not paying, then you are the product. A recent application of Federated Learning we’ve come across is Google’s Federated Learning of Cohorts (FLoC). Strangely enough, FLoC never actually used Federated Learning… The application is not new, the European Commission was investigating FLoC as early as 2021 for “possible anticompetitive conduct”. With BranchKey being a Federated Learning company, it makes sense to try dig into exactly how this technology was (and still is) being used.

ref: wikipedia. chrome://components

At one time Google Chrome shipped with FLoC in every browser (see screenshot above). This effort was shut down by antitrust bodies, and data protection regulators in 2021. In January 2022, Google rebrand the technique as Topics API. Topics API is still hosted and documented as of today on Chrome’s developer docs here: https://developer.chrome.com/docs/privacy-sandbox/topics/. Although they had to move it inside the “Privacy Sandbox”. FLoC did not use, and Topics API does not appear to use Federated Learning, there is another tool that came from FLoC: FLEDGE: https://developer.chrome.com/docs/privacy-sandbox/fledge/. Both are worth understanding, but FLEDGE is more on topic.

What is FLEDGE?

This has taken some time to understand on it’s own, and the documentation can be read with some time and patience. To keep it short:

The FLEDGE experiment aims to move the web platform closer to a state where the user's browser, on their device—not the advertiser or adtech platforms—holds information about what that person is interested in.

It is an interesting concept, your Chrome browser now becomes the information holder and has some autonomous decision making right on your device, to sell this information to advertisers. Bear in mind, you don’t get actually paid for your own information – it appears Google does. In this scenario there is no longer a 3rd Party tracking you across sites, like cookies or other methods to track users. Your browser, working for Google, sells your information to the highest bidder! Genius, if not just a little evil…

How does FLEDGE work?

To break down how they propose this new method of purchasing ad-space, there is documentation and proposals available here: https://wicg.github.io/turtledove/. Let’s keep it short and contain it in this blog.

ref: FLEDGE dev docs

The above figure from the documentation proposes the following:

    1. An Advertiser pays to have it’s ad displayed somewhere
    2. The advertiser specifies which interest group they would like that ad shown to
    3. You visit a website that offers Google adspace
    4. This website uses your Chrome browser to run an AdAuction function selling your user profile to the highest bidder.
    5. You are displayed an ad sold to by the highest bidder of your data.

 

There is unfortunately not much more information on exactly what data Chrome is processing, how these auctions are taking place, how much of your personal data is exposed for the buyer to determine the value of your eyes.. But it does not look so much Privacy Friendly as our good friends at Google would like you to believe. Your data is being sold, and they are selling it – without needing to have it.

Is it all bad?

This is a functional use of Federated Learning, so analysing something like this is interesting – if not a little disappointing that Google didn’t go for a more beneficial application. It would be nice to try explain how this technology is used rather than rolling it out to unsuspecting users – even their documentation is somewhat cryptic to read. What do you think?

If this type of blog looking at “hidden” applications of Federated Learning is interesting please reach out to discuss more use cases or maybe a blog like this is just enough 🙂 Find us always at: [email protected]