Google is set to pilot its “IP Protection” for Chrome, aimed at enhancing user privacy by anonymizing IP addresses through proxy servers. This initiative addresses the covert use of IP addresses in tracking user behavior across the web.
IP addresses serve a dual purpose: they’re essential for critical web operations, like routing and fraud prevention, but can also be harnessed for stealthy tracking. Unlike third-party cookies, there’s no direct way for users to circumvent this kind of surveillance.
Google’s solution, the “IP Protection”, mitigates this by channeling third-party traffic from specific domains via proxies, thereby hiding users’ IPs from these domains. As the digital landscape changes, the IP Protection feature will adapt, further securing users from cross-domain tracking.
The feature’s description states, “Chrome is presenting a proposal to shield users from cross-domain IP tracking through a privacy proxy that makes specific traffic’s IP addresses anonymous.”
Users will have the option to enable IP Protection, letting Google discern user preferences. It will be launched progressively, considering geographical implications and allowing users to adapt. At first, only specific domains, especially those suspected of tracking, will be impacted.
The inaugural “Phase 0” will have Google directing requests solely to its domains using an in-house proxy. This phase aims to test the infrastructure and refine the domain roster. Initially, only users signed into Chrome with US IPs will have proxy access.
A select clientele will participate in this early test, with subsequent alterations in design based on the findings.
To prevent misuse, Google will employ an authentication server to dispense access tokens to the proxy, capping usage for each individual.
Google’s roadmap includes transitioning to a 2-hop proxy system for bolstered privacy. The IP Protection document details, “Considering a 2-hop system, an external CDN would manage the second proxy, with Google overseeing the first, ensuring neither proxy has a complete view of the user’s journey.”
For services using GeoIP for tailoring user experiences, Google will assign proxies IP addresses reflecting a general user location, rather than pinpointing it.
Google’s own platforms, such as Gmail and AdServices, will be among the test domains. The testing period spans Chrome versions 119 to 225.
However, Google acknowledges potential security issues. Channeling traffic via Google’s servers could hinder defenses against DDoS attacks or identifying suspicious activity. A compromised Google proxy could risk traffic exposure or manipulation. Countermeasures might include mandatory user authentication with the proxy, disconnecting web requests from specific accounts, and introducing rate limits against DDoS attacks.