Google Chrome's FLoC Explained: Frequently Asked Questions

The programmatic advertising industry has been closely watching Google Chrome's Privacy Sandbox since it was first announced as a replacement for third-party cookies in January 2020.

The Privacy Sandbox encompasses many standards and APIs, but the one that has attracted the most attention — and controversy — is FLoC. It has drawn both praise, for its claimed effectiveness at reaching audiences, and sharp criticism from organizations including Mozilla, the EFF, and DuckDuckGo over privacy implications.

FLoC has been fairly well documented in technical literature, but it remains a genuinely difficult concept to parse. What follows is a structured set of frequently asked questions covering how FLoC works, how it differs from third-party cookies, and what the outstanding concerns are.

What is Google Chrome's FLoC?

Federated Learning of Cohorts (FLoC) is one of the standards within Google's Privacy Sandbox initiative. Its specific purpose is to enable audience targeting in a more privacy-friendly manner than the current approach — which relies on third-party cookies.

Rather than targeting individual users with unique identifiers, FLoC displays ads to people based on their cohort — a number assigned to a user's browser. Browsers are grouped into cohorts based on their web-browsing behaviour, and advertisers then target those cohorts. For example, cohort 4872 might represent browsers associated with an interest in tennis. An advertiser selling tennis equipment could then direct ads at browsers carrying that cohort ID.

How does FLoC work, and how are cohorts created?

The core mechanism is on-device processing combined with machine learning. FLoC runs locally within the browser, analyzing the sites a user has visited and using that history to assign a cohort ID — without sending individual browsing data to external servers.

To achieve adequate privacy protections, FLoC relies on two specific techniques:

• SimHash — an algorithm for quickly estimating how similar two sets of data are
• k-anonymity — a method for anonymizing data by ensuring any individual record is indistinguishable from at least k others

The machine learning process used here is called federated learning, which keeps the raw data on the device rather than aggregating it centrally.

Source: Web.dev

How does FLoC differ from audience targeting with third-party cookies?

For over a decade, AdTech platforms have enabled cross-site user identification by storing a unique ID inside third-party cookies. That ID links a user's browsing history, content interactions, and other behavioural signals across websites — making 1:1 personalized ad targeting possible. This has been both commercially valuable and deeply contentious from a privacy standpoint.

FLoC is designed to address those concerns by shifting from individual-level identification to group-level targeting:

• Third-party cookies work by assigning a unique ID to each individual user and tracking their behaviour across sites.
• FLoC works by grouping browsers with similar browsing histories into cohorts, then targeting those cohorts — without any user-level identifier.

FLoC specifically focuses on browsing history rather than explicit actions (such as clicks or purchases), and targets at the group level, not the individual level. Importantly, FLoC assigns cohort IDs to web browsers, not to individual users — a meaningful distinction in how the system is designed to operate.

Is FLoC more effective at reaching audiences than third-party cookies?

During initial tests, Google claimed that FLoC was 95% as effective as third-party cookies at reaching audiences.

Industry reaction to that figure was mixed, with notable scepticism about methodology. Google also faced scrutiny from antitrust regulators over a perceived lack of transparency in its testing process.

Regardless of Google's early numbers, the real-world effectiveness of FLoC will ultimately depend on how accurately cohort groupings reflect actual user interests. There are credible arguments on both sides of that question. A clearer picture will only emerge once FLoC is fully deployed at scale.

Will FLoC be implemented in browsers other than Google Chrome?

Almost certainly not across the major browsers. Although FLoC is being discussed within the W3C Improving Web Advertising Business Group, other popular browsers have been openly dismissive.

Mozilla Firefox and Brave have already confirmed they will not implement FLoC. Given Apple's well-established privacy stance, Safari adoption is considered equally unlikely.

Beyond browsers, a number of publishers and websites have indicated they will block FLoC or are actively considering it. Notable examples include The Guardian. WordPress was also considering a default block after a contributor described FLoC as a security concern — a decision that, if enacted, could significantly reduce FLoC's reach given WordPress's share of the web.

When will Google Chrome's FLoC be released?

FLoC origin trials have already begun on a limited number of browsers in select regions. Further iterations and additional trials are expected before any general release.

No firm timeline has been set for the final version, but the expected release window was around 2023, coinciding with Google Chrome's planned phase-out of third-party cookies. Development continues in the W3C Improving Web Advertising Business Group.

That said, the headwinds facing FLoC are substantial. Resistance from browsers and publishers, combined with antitrust scrutiny in the UK and elsewhere, means the final shape and timeline of FLoC could change significantly.

What is a cohort and how are cohorts generated?

A cohort is a group of web browsers that share similar browsing histories.

To illustrate: one browser might have visited a news site, a sports site, and a general-interest publisher. Another browser might have visited a different mix of sites but with enough overlap in themes or interests that both browsers end up in the same cohort. The grouping doesn't require identical browsing histories — it requires similar enough histories.

Cohort assignment is handled by machine learning algorithms running locally on the device — a process known as federated learning. Each cohort is assigned a cohort ID, typically a short number such as 7289.

Don't think of a cohort as a collection of people. Think of it as a grouping of browsing activity.

Source: Web.dev

How many cohorts will be available?

The exact number hasn't been specified, but current expectations point to a relatively small number — likely in the range of a few hundred cohorts.

How many browsers will be in one cohort?

To make individual identification within a cohort difficult, each cohort is expected to contain thousands of browsers. A browser's cohort assignment will likely be updated approximately every seven days to reflect recent browsing activity.

How can advertisers show ads to FLoC cohorts?

Advertisers observe the behaviour of cohorts visiting their own websites and pass that information to their AdTech partners. Those partners can then determine what various cohorts are interested in based on observed on-site behaviour.

For example: if an e-commerce retailer notices that browsers carrying cohort ID 3521 frequently browse their smart TV category, they can instruct their AdTech partners to target cohort 3521 with smart TV ads across the broader web.

Additional resources

• The Privacy Sandbox – Chromium Projects
• What is FLoC? – Web.dev (Google Chrome)
• Federated Learning of Cohorts (FLoC) – GitHub (WICG)
• FLoC Origin Trial & Clustering – Chromium Projects
• How to take part in the FLoC origin trial – Chrome Developers

How can publishers implement FLoC on their websites?

Publishers — and advertisers wanting to observe cohort behaviour on their sites — can access FLoC data by calling the FLoC API:

const { id, version } = await document.interestCohort();
console.log('FLoC ID:', id);
console.log('FLoC version:', version);

The API returns the cohort ID along with the FLoC/browser version:

{
  "id": "14159",
  "version": "chrome.1.0"
}

Once a publisher has the cohort ID, it can be passed to AdTech partners to match against the cohorts an advertiser wants to reach.

What role do AdTech companies play in FLoC-based campaigns?

AdTech platforms help publishers monetize inventory and help advertisers reach target audiences by matching the cohorts observed on advertisers' sites with cohorts present across publisher inventory.

The operational mechanics are similar to what AdTech does today — except instead of matching user IDs stored in third-party cookies, platforms match cohort IDs between advertisers and publishers.

For instance, if an AdTech platform has determined that browsers with cohort ID 3521 show strong interest in smart TVs, it can facilitate ad delivery for smart TV campaigns on any publisher site where that cohort is present.

Source: Web.dev

Can publishers opt out of FLoC data collection on their sites?

Yes. Publishers can opt out by sending the following HTTP response header:

Permissions-Policy: interest-cohort=()

Browsers visiting a site with this header set will not be included in FLoC calculations.

Will cohorts include sensitive categories such as race, religion, sexuality, or medical history?

FLoC is designed to exclude sensitive categories from cohort generation. The specifics of how this will be enforced are still being worked out, but the current proposal involves the FLoC service evaluating domain names, URLs, and page content to determine whether a page relates to a sensitive category, and excluding it from cohort clustering if so.

The clustering algorithm is designed to assess whether a given cohort might correlate with sensitive categories — without needing to know why a category is sensitive. Cohorts that might reveal race, sexuality, medical history, or similar sensitive attributes are blocked outright. In practice, when a browser determines its cohort, it only selects from cohorts that have passed this sensitivity screen.

Source: Web.dev

Why do critics argue that FLoC doesn't adequately protect user privacy?

FLoC was designed with privacy in mind, but it has attracted meaningful criticism on several fronts.

1. It's still personalized advertising. Many privacy advocates object to behavioural ad targeting in any form. Because FLoC still uses a user's browsing history as the basis for targeting, it doesn't address the fundamental objection to personalized ads — it only reduces the granularity.

2. Re-identification risk. It's possible for companies to identify which cohort a user belongs to and then match that cohort ID against PII (such as email addresses) to re-identify individuals. This effectively undermines the privacy protections FLoC is intended to provide.

3. Legal uncertainty in the EU. It remains unclear whether FLoC complies with the GDPR or the ePrivacy Directive. In March 2021, Google announced it would not run FLoC trials in the EU, citing unresolved questions about data controller/processor status and whether user consent is required. Resolution of these legal questions is a prerequisite for any EU rollout.

FLoC represents one of the more ambitious attempts to reconcile the commercial needs of the ad-supported web with legitimate privacy expectations. Whether it succeeds in that balance will depend on how the technical, legal, and industry-adoption challenges play out over the next few years. Tracking developments in the W3C Improving Web Advertising Business Group and the Chromium Projects documentation remains the most reliable way to stay current.