Google set to introduce 'IP Protection' feature for Chrome browser

New feature aims to safeguard user privacy by concealing IP addresses and addressing covert tracking concerns

Google set to introduce 'IP Protection' feature for Chrome browser

Image:
Google set to introduce 'IP Protection' feature for Chrome browser

Google is gearing up to roll out a new ‘IP Protection’ feature for its Chrome browser, aiming to heighten user privacy by concealing their IP addresses through proxy servers.

Belatedly recognising the potential exploitation of IP addresses for clandestine tracking, Google says it is seeking to strike a delicate balance between ensuring user privacy and maintaining crucial web functionalities.

IP addresses, while essential for tasks like routing traffic and fraud prevention, also serve as an identifier for tracking user activities across websites, raising significant privacy concerns. With the current lack of a direct method for users to evade such covert tracking, Google's proposed IP Protection feature aims to address this challenge.

How will the IP Protection feature work?

The solution involves routing third-party traffic from specific domains through proxies, rendering users' IP addresses invisible to these domains. This system is designed to adapt and evolve alongside the changing online landscape, continuously safeguarding users from cross-site tracking while gradually incorporating additional domains into the proxied traffic.

Initially, the feature will be optional, enabling users to retain control over their privacy while allowing Google to monitor behavioural patterns. The rollout will occur in phases, taking into account regional nuances and facilitating a learning process.

Proxy requests

During the initial phase, Google will proxy requests exclusively to its own domains through a proprietary proxy, enabling the testing of the infrastructure and refinement of the domain list. Initially, access to these proxies will be limited to users logged into Google Chrome with US-based IP addresses.

To prevent misuse, an authentication server operated by Google will distribute access tokens to the proxy, imposing a quota for each user. As the feature progresses, Google plans to implement a 2-hop proxy system to further enhance privacy. The second proxy will be owned by a third party provider, not Google.

For some, this is likely to be a crucial step as it could afford some privacy from Google itself.

Notably, Google intends to assign IP addresses that represent a general rather than specific user location, considering the widespread use of GeoIP for service customisation by various online platforms. Gmail and AdServices are among the domains where Google plans to conduct initial tests of this feature.

Cybersecurity concerns

Google acknowledges potential cybersecurity concerns associated with the IP Protection feature. Routing traffic through Google's servers may complicate security and fraud protection services' ability to block DDoS attacks and identify invalid traffic. To address this, Google is exploring measures such as user authentication with the proxy, preventing proxies from linking web requests to specific accounts, and implementing rate-limiting to mitigate DDoS threats.

The feature is expected to undergo testing between Chrome 119 and Chrome 225, with the architecture and design subject to refinement as the trial progresses.

While the IP Protection feature holds promise for enhancing user privacy from trackers, Google's emphasis on security measures underscores the need to address potential vulnerabilities and ensure a secure browsing experience for Chrome users.

However, other measures purporting to increase user privacy have failed to convince. In January, Standards body W3C Technical Architecture Group rejected Google's Topics API proposal, which the search giant claimed would help replace intrusive third-party tracking cookies in Chrome.

In September, Google rolled out Privacy Sandbox its ad targeting system for Chrome that it says will allow it to exclude third-party tracking cookies while still allowing advertisers to direct relevant messages to users based on their activity and interests. The Electronic Frontier Foundation claimed this is still tracking technology and said that users wanting more privacy should switch browsers.