Google Chrome's new "IP Protection" will hide users' IP addresses

Google is getting fresh to trial a caller "IP Protection" characteristic for nan Chrome browser that enhances users' privateness by masking their IP addresses utilizing proxy servers.

Recognizing nan imaginable misuse of IP addresses for covert tracking, Google seeks to onslaught a equilibrium betwixt ensuring users' privateness and nan basal functionalities of nan web.

IP addresses let websites and online services to way activities crossed websites, thereby facilitating nan creation of persistent personification profiles. This poses important privateness concerns as, dissimilar third-party cookies, users presently deficiency a nonstop measurement to evade specified covert tracking.

What is Google's projected IP Protection feature?

While IP addresses are imaginable vectors for tracking, they are besides indispensable for captious web functionalities for illustration routing traffic, fraud prevention, and different captious web tasks.

The "IP Protection" solution addresses this dual domiciled by routing third-party postulation from circumstantial domains done proxies, making users' IP addresses invisible to those domains. As nan ecosystem evolves, truthful will IP Protection, adapting to proceed safeguarding users from cross-site search and adding further domains to nan proxied traffic.

"Chrome is reintroducing a connection to protect users against cross-site search via IP addresses. This connection is simply a privateness proxy that anonymizes IP addresses for qualifying postulation arsenic described above," sounds a explanation of the IP Protection feature.

Initially, IP Protection will beryllium an opt-in feature, ensuring users person power complete their privateness and letting Google show behaviour trends.

The feature's preamble will beryllium successful stages to accommodate location considerations and guarantee a learning curve. 

In its first approach, only nan domains listed will beryllium affected successful third-party contexts, zooming successful connected those perceived to beryllium search users.

The first phase, dubbed "Phase 0," will spot Google proxying requests only to its ain domains utilizing a proprietary proxy. This will thief Google trial nan system's infrastructure and bargain much clip to fine-tune nan domain list. 

To start, only users logged into Google Chrome and pinch US-based IPs tin entree these proxies.

A prime group of clients will beryllium automatically included successful this preliminary test, but nan architecture and creation will acquisition modifications arsenic nan tests progress. 

To avert imaginable misuse, a Google-operated authentication server will administer entree tokens to nan proxy, mounting a quota for each user.

In upcoming phases, Google plans to adopt a 2-hop proxy strategy to summation privateness further.

"We are considering utilizing 2 hops for improved privacy. A 2nd proxy would beryllium tally by an outer CDN, while Google runs nan first hop," explains nan IP Protection explainer document.

"This ensures that neither proxy tin spot some nan customer IP reside and nan destination. CONNECT & CONNECT-UDP support chaining of proxies."

As galore online services utilize GeoIP to find a users location for offering services, Google plans connected assigning IP addresses to proxy connections that correspond a "coarse" location of a personification alternatively than their circumstantial location, arsenic illustrated below.

Illustrating really Google plans connected assigning IP reside to let for GeoIP locations
Source: Google

Among the domains wherever Google intends to test this characteristic are its ain platforms for illustration Gmail and AdServices.

Google plans connected testing this characteristic betwixt Chrome 119 and Chrome 225.

Potential information concerns

Google explains location are immoderate cybersecurity concerns related to nan caller IP Protection feature.

As nan postulation will beryllium proxied done Google's servers, it whitethorn make it difficult for information and fraud protection services to artifact DDoS attacks aliases observe invalid traffic. 

Furthermore, if 1 of Google's proxy servers is compromised, nan threat character tin spot and manipulate nan postulation going done it.

To mitigate this, Google is considering requiring users of nan characteristic to authenticate pinch nan proxy, preventing proxies from linking web requests to peculiar accounts, and introducing rate-limiting to forestall DDoS attacks.