October 22, 2023 at 06:06PM
Google is proposing a new “IP Protection” feature for the Chrome browser to enhance users’ privacy by masking their IP addresses. The feature will route third-party traffic through proxies, making the IP addresses invisible to those domains. Initially, it will be an opt-in feature, allowing users to control their privacy. Google plans to test the feature in stages and consider additional privacy measures to address potential security concerns.
Google’s proposed IP Protection feature aims to enhance users’ privacy by masking their IP addresses using proxy servers. The feature will route third-party traffic from specific domains through proxies, making users’ IP addresses invisible to those domains. Initially, it will be an opt-in feature, allowing users to control their privacy while letting Google monitor behavior trends. The feature will be introduced gradually to accommodate regional considerations and ensure a learning curve.
In the initial phase, only Google’s own domains will be affected in third-party contexts. Users who are logged into Google Chrome with US-based IPs will have access to the proxies. A select group of clients will be included in the preliminary test, and the system will undergo modifications based on the test results. To prevent misuse, a Google-operated authentication server will distribute access tokens to the proxy, setting a quota for each user.
In upcoming phases, Google plans to adopt a 2-hop proxy system to further increase privacy. This would involve using an external CDN to run the second hop, while Google runs the first hop. The IP addresses assigned to proxy connections will represent a “coarse” location of a user rather than their specific location.
Google intends to test this feature on its own platforms like Gmail and AdServices between Chrome 119 and Chrome 225. However, there are potential security concerns related to the feature. Proxied traffic may make it difficult for security and fraud protection services to block DDoS attacks or detect invalid traffic. Google is considering measures such as requiring authentication with the proxy, preventing proxies from linking web requests to specific accounts, and introducing rate-limiting to mitigate these concerns.