Google is getting ready to test a new "IP Protection" feature for the Chrome browser that enhances users' privacy by masking their IP addresses using proxy servers.
Recognizing the potential misuse of IP addresses for covert tracking, Google seeks to strike a balance between ensuring users' privacy and the essential functionalities of the web.
IP addresses allow websites and online services to track activities across websites, thereby facilitating the creation of persistent user profiles. This poses significant privacy concerns as, unlike third-party cookies, users currently lack a direct way to evade such covert tracking.
What is Google's proposed IP Protection feature?
While IP addresses are potential vectors for tracking, they are also indispensable for critical web functionalities like routing traffic, fraud prevention, and other vital network tasks.
The "IP Protection" solution addresses this dual role by routing third-party traffic from specific domains through proxies, making users' IP addresses invisible to those domains. As the ecosystem evolves, so will IP Protection, adapting to continue safeguarding users from cross-site tracking and adding additional domains to the proxied traffic.
"Chrome is reintroducing a proposal to protect users against cross-site tracking via IP addresses. This proposal is a privacy proxy that anonymizes IP addresses for qualifying traffic as described above," reads a description of the IP Protection feature.
Initially, IP Protection will be an opt-in feature, ensuring users have control over their privacy and letting Google monitor behavior trends.
The feature's introduction will be in stages to accommodate regional considerations and ensure a learning curve.
In its initial approach, only the domains listed will be affected in third-party contexts, zooming in on those perceived to be tracking users.
The first phase, dubbed "Phase 0," will see Google proxying requests only to its own domains using a proprietary proxy. This will help Google test the system's infrastructure and buy more time to fine-tune the domain list.
To start, only users logged into Google Chrome and with US-based IPs can access these proxies.
A select group of clients will be automatically included in this preliminary test, but the architecture and design will undergo modifications as the tests progress.
To avert potential misuse, a Google-operated authentication server will distribute access tokens to the proxy, setting a quota for each user.
In upcoming phases, Google plans to adopt a 2-hop proxy system to increase privacy further.
"We are considering using 2 hops for improved privacy. A second proxy would be run by an external CDN, while Google runs the first hop," explains the IP Protection explainer document.
"This ensures that neither proxy can see both the client IP address and the destination. CONNECT & CONNECT-UDP support chaining of proxies."
As many online services utilize GeoIP to determine a users location for offering services, Google plans on assigning IP addresses to proxy connections that represent a "coarse" location of a user rather than their specific location, as illustrated below.
Source: Google
Among the domains where Google intends to test this feature are its own platforms like Gmail and AdServices.
Google plans on testing this feature between Chrome 119 and Chrome 225.
Potential security concerns
Google explains there are some cybersecurity concerns related to the new IP Protection feature.
As the traffic will be proxied through Google's servers, it may make it difficult for security and fraud protection services to block DDoS attacks or detect invalid traffic.
Furthermore, if one of Google's proxy servers is compromised, the threat actor can see and manipulate the traffic going through it.
To mitigate this, Google is considering requiring users of the feature to authenticate with the proxy, preventing proxies from linking web requests to particular accounts, and introducing rate-limiting to prevent DDoS attacks.
Comments
mikebutash - 6 months ago
Google is jealous of Microsoft Windows telemetry and Apple's spy^H^H^H"privacy" proxy in IOS things that sends everything a user does through them and wants in on the action. It's not good enough Chrome sends everything you do in a browser to Google, they want the rest of the app/os for training their AI too since users aren't quick on the uptake of Chromebooks to give them that.
blackhatcat - 6 months ago
this is also part of the reason theres such an enormous amount of vpn providers whom have popped up out of thin air over the past few years and flood the market with advertisements, most of which are playing the system and the lack of education of the end user placing their services between the end user and the services and systems accessed by the end user to try to garner first dibs on the data before the data reaches other services such as google, faceberg, etc
tcmb - 6 months ago
This is not about the privacy of users.
This is about selling your internet history to advertisers.
All kinds of VPN providers are monetizing that now. Googles of the world are losing money.
NoneRain - 6 months ago
LOL, Google is literally trying to kill competition. Chrome is becoming the Google's playground, where other kids can't play.
The_sea_of - 6 months ago
This is just the Google One VPN API incorporated into Chrome. No need to create a hype.
manxekitairn - 6 months ago
No clue what is happening based on this article. I pay good money to a VPN service with proxy, and I have no idea whether this nonsense will interfere with my service. I TRUST my VPN service. Doesn't look like I can do that for this new service from Google.
Hmm888 - 5 months ago
@manxekitairn Only fools trust their VPN service. Many websites now block access to their sites if using a VPN. Others push near impossible to solve captchas. VPN providers are failing to keep up with this trend.
Hmm888 - 5 months ago
Many apps now that insist on you enabling tracking. If you don't, you won't be able to access their service or website. Eventually you'll have to uncloak your IP address if you want to access the site.