Google is preparing to test a new Chrome browser feature called “IP Protection” that aims to enhance user privacy by masking their IP addresses using proxy servers.
In order to address the potential misuse of IP addresses for covert tracking, Google is seeking a balance between protecting users’ privacy and maintaining essential web functionalities.
IP addresses play a significant role in tracking activities across websites, enabling the creation of persistent user profiles. This raises privacy concerns as users currently do not have a direct way to avoid such covert tracking, unlike third-party cookies.
What is Google’s proposed IP Protection feature?
While IP addresses can be used for tracking, they are also crucial for important web functionalities like traffic routing and fraud prevention.
The “IP Protection” solution tackles this dual role by routing third-party traffic from specific domains through proxies, rendering users’ IP addresses invisible to those domains. As the digital landscape evolves, IP Protection will adapt to protect users from cross-site tracking and include additional domains in the proxied traffic.
“Chrome is reintroducing a proposal to protect users against cross-site tracking through IP addresses. This proposal is a privacy proxy that anonymizes IP addresses for qualifying traffic as described above,” states a description of the IP Protection feature.
Initially, IP Protection will be an opt-in feature, allowing users to control their privacy while enabling Google to monitor behavioral trends.
The feature will be introduced in stages to accommodate regional considerations and facilitate a learning curve.
In the initial approach, only specific domains will be affected in third-party contexts, focusing on those believed to engage in user tracking.
The first phase, known as “Phase 0,” will involve Google proxying requests exclusively to its own domains using a proprietary proxy. This will enable Google to test the system’s infrastructure and refine the domain list further.
Initially, only users logged into Google Chrome and with US-based IP addresses will have access to these proxies.
A select group of clients will be automatically included in this preliminary test, but the architecture and design will be modified as the tests progress.
To prevent potential misuse, an authentication server operated by Google will distribute access tokens to the proxy, setting a quota for each user.
In upcoming phases, Google intends to implement a 2-hop proxy system to further enhance privacy.
“We are considering using 2 hops for improved privacy. A second proxy would be run by an external CDN, while Google runs the first hop,” explains the IP Protection explainer document.
“This ensures that neither proxy can see both the client IP address and the destination. CONNECT & CONNECT-UDP support chaining of proxies.”
As many online services rely on GeoIP to provide location-based services, Google plans to assign IP addresses to proxy connections that represent a “coarse” location rather than a specific one, as demonstrated below.
Among the domains where Google intends to test this feature are its own platforms like Gmail and AdServices.
Google plans to test this feature between Chrome 119 and Chrome 225.
Potential security concerns
Google acknowledges potential cybersecurity concerns associated with the new IP Protection feature.
As the traffic will pass through Google’s servers, it may pose challenges for security and fraud protection services in terms of blocking DDoS attacks and identifying invalid traffic.
In addition, if one of Google’s proxy servers is compromised, a threat actor could view and manipulate the traffic passing through it.
To address this, Google is considering implementing user authentication with the proxy, preventing proxies from linking web requests to specific accounts, and introducing rate-limiting to mitigate DDoS attacks.