Many of the privacy concerns raised around FLoC could be addressed if the FLoC was not actually exposed to the websites that a user visits. One way this could be accomplished, would be to expose it only through two paths.

First, the browser would send the FLoC along with the contextual data to the PARAKEET anonymization proxy (or similar), which would then route it to the ad networks without revealing to them the actual user. The ad networks would not be able to incorporate the FLoC into a user profile, since they won't know which user this is, but they will be able to use it to serve an ad.

Second, when an ad served as a result of a FLoC where the user later converts, the aggregate reporting API should report not only the value of the ad to aggregate conversions, but should break that down by the different FLoCs used to select that ad. The reporting should also include the user's current FLoC at the time of conversion, so that advertisers can discover the FLoCs that are more likely to be associated with people who convert.