Google’s FLoC user profiling proposal is receiving a lot of opposition, largely from privacy advocates. Unlike Apple, Microsoft does not stake its reputation on maximising user privacy, and when asked if they will be supporting Google’s FLoC proposal they gave the Verge the following statement:
We believe in a future where the web can provide people with privacy, transparency and control while also supporting responsible business models to create a vibrant, open and diverse ecosystem. Like Google, we support solutions that give users clear consent, and do not bypass consumer choice. That’s also why we do not support solutions that leverage non-consented user identity signals, such as fingerprinting. The industry is on a journey and there will be browser-based proposals that do not need individual user ids and ID-based proposals that are based on consent and first party relationships. We will continue to explore these approaches with the community. Recently, for example, we were pleased to introduce one possible approach, as described in our PARAKEET proposal. This proposal is not the final iteration but is an evolving document.
Importantly, like Google, Microsoft appears to be committed to replacing 3rd party cookies with something, but they of course prefer their own proposal, which raises the question – what exactly is PARAKEET.
What is Microsoft’s PARAKEET Proposal
PARAKEET (Private and Anonymized Requests for Ads that Keep Efficacy and Enhance Transparency) is Microsoft’s differential privacy proposal.
It uses a proxy server that stands between the user and the ad company. Users would have a unique ID known only to the proxy server.
When a web page requests an ad, the request is routed via the trusted proxy server. There a small amount of statistical noise is added to each result to mask the user’s actual private data.
Such noise includes:
- Anonymizing the publisher requesting an ad
- Anonymizing the geography from which the user is requesting content
- Anonymizing the IP from which the user is requesting content
- Anonymizing the User Agent String that is used to match content to the capabilities of their web-enabled device
- Add noise or other random information into different requests from the same web-enabled client
- Reduce granularity of audience interests
- Add an encoded vector of recent browsing activity, they call Representations
The noise is significant enough to protect the privacy of an individual, but still small enough that it will not materially impact the accuracy of the answers extracted by analysts and researchers.
Then, the amount of information revealed from each query is calculated and deducted from an overall privacy-loss budget, which will stop additional queries which in total may reveal the user’s real private data.
The information is then passed on to the ad networks who send an ad back to the user. If a user clicks on the ad information is once again routed via the trusted proxy server. This proxy redirect allows Parakeet to control what information the recipient marketer or publisher domain receives when users navigate the web.
This proxy service also would allow the Parakeet gatekeeper service to provide aggregate reporting to ad networks and if marketers send their conversion data to the proxy service, could also provide attribution reporting.
Microsoft expects to charge to run these trusted proxy servers. Importantly PARAKEET would not require any on-device processing and Microsoft says the use of a proxy server is not too different from what ad networks already use to serve ads.
Ultimately Microsoft plans to implement whatever proposal becomes the industry standard, which will be disappointing for those who had hoped for a viable privacy-first alternative to Google Chrome.