Google is getting ready to test a new “IP Protection” feature for the Chrome browser that enhances users’ privacy by masking their IP addresses using proxy servers.
Recognizing the potential misuse of IP addresses for covert tracking, Google seeks to strike a balance between ensuring users’ privacy and the essential functionalities of the web.
IP addresses allow websites and online services to track activities across websites, thereby facilitating the creation of persistent user profiles. This poses significant privacy concerns as, unlike third-party cookies, users currently lack a direct way to evade such covert tracking.
What is Google’s proposed IP Protection feature?
While IP addresses are potential vectors for tracking, they are also indispensable for critical web functionalities like routing traffic, fraud prevention, and other vital network tasks.
The “IP Protection” solution addresses this dual role by routing third-party traffic from specific domains through proxies, making users’ IP addresses invisible to those domains. As the ecosystem evolves, so will IP Protection, adapting to continue safeguarding users from cross-site tracking and adding additional domains to the proxied traffic.
“Chrome is reintroducing a proposal to protect users against cross-site tracking via IP addresses. This proposal is a privacy proxy that anonymizes IP addresses for qualifying traffic as described above,” reads a description of the IP Protection feature.
Initially, IP Protection will be an opt-in feature, ensuring users have control over their privacy and letting Google monitor behavior trends.
The feature’s introduction will be in stages to accommodate regional considerations and ensure a learning curve.
In its initial approach, only the domains listed will be affected in third-party contexts, zooming in on those perceived to be tracking users.
The first phase, dubbed “Phase 0,” will see Google proxying requests only to its own domains using a proprietary proxy. This will help Google test the system’s infrastructure and buy more time to fine-tune the domain list.
To start, only users logged into Google Chrome and with US-based IPs can access these proxies.
A select group of clients will be automatically included in this preliminary test, but the architecture and design will undergo modifications as the tests progress.
To avert potential misuse, a Google-operated authentication server will distribute access tokens to the proxy, setting a quota for each user.
In upcoming phases, Google plans to adopt a 2-hop proxy system to increase privacy further.
“We are considering using 2 hops for improved privacy. A second proxy would be run by an external CDN, while Google runs the first hop,” explains the IP Protection explainer document.
“This ensures that neither proxy can see both the client IP address and the destination. CONNECT & CONNECT-UDP support chaining of proxies.”
As many online services utilize GeoIP to determine a users location for offering services, Google plans on assigning IP addresses to proxy connections that represent a “coarse” location of a user rather than their specific location, as illustrated below.
Among the domains where Google intends to test this feature are its own platforms like Gmail and AdServices.
Google plans on testing this feature between Chrome 119 and Chrome 225.
Potential security concerns
Google explains there are some cybersecurity concerns related to the new IP Protection feature.
As the traffic will be proxied through Google’s servers, it may make it difficult for security and fraud protection services to block DDoS attacks or detect invalid traffic.
Furthermore, if one of Google’s proxy servers is compromised, the threat actor can see and manipulate the traffic going through it.
To mitigate this, Google is considering requiring users of the feature to authenticate with the proxy, preventing proxies from linking web requests to particular accounts, and introducing rate-limiting to prevent DDoS attacks.