Google - yes, that Google - testing proxy scheme to hide IP addresses for privacy

Trending 1 month ago

Google says it plans to prototype a method to disguise IP addresses via web proxies successful early versions of its Chrome browser, a privateness protection akin to Apple's iCloud Private Relay work for its Safari browser.

The task first surfaced arsenic portion of Privacy Sandbox backmost successful 2021 erstwhile it was initially referred to arsenic "ip-blindness" aliases "Gnatcatcher." It is now called IP Protection, wherever IP refers to Internet Protocol and not intelligence property.

The project, planned initially for Chrome connected some Android and nan desktop, is an effort to limit cross-site search connected nan web that complements nan move distant from third-party cookies, different system for ad-focused surveillance. It does not reside browser fingerprinting – isolated from making IP addresses little useful for generating a fingerprint worth – aliases CNAME tracking. Nor does it woody pinch search via autochthonal apps.

"As browser vendors make efforts to supply their users pinch further privacy, nan user’s IP reside continues to make it feasible to subordinate users’ activities crossed origins that different wouldn’t beryllium possible," nan IP Protection explainer says.

"This accusation tin beryllium mixed complete clip to create a unique, persistent personification floor plan and way a user’s activity crossed nan web, which represents a threat to their privacy. Moreover, dissimilar pinch third-party cookies, location is nary straightforward measurement for users to opt retired of this benignant of covert tracking."

Google says it will initially trial IP protection utilizing a azygous Google-owned proxy that only useful connected domains it controls. A consequent trial shape will impact a two-hop proxy setup that puts some a Google-owned and a third-party proxy server betwixt nan customer and nan destination server. One of these proxies will not spot nan customer destination and nan different will not spot nan customer IP address.

While a number of group person expressed interest successful nan IP Protection issue tracker astir Google proxying browser traffic, nan Chocolate Factory's attack shares immoderate similarities to nan IETF's Masque proposal.

  • Everything Apple announced: Tor-ish Safari anonymization. Cloaked iCloud addresses. Cloud CI/CD. And more
  • Shot down: Google's expansive fancy scheme for pro-privacy targeted ads
  • Google fresh to footwear nan cooky wont by Q3 2024, for existent this time
  • Mobile networks really dislike Apple's Private Relay: Some folks find iOS privateness characteristic blocked connected their iPhones

Google hasn't yet projected a timeline for testing IP Protection, nor did it seek a design review from nan W3C's Technical Architecture Group (TAG).

Whether TAG's rejection of Google's Topics API played a domiciled successful nan determination not to activity a reappraisal of IP Protection isn't clear, but skipping this measurement has occurred often capable that those progressive precocious sent retired a reminder to do so. In immoderate event, a Google technologist has indicated that a reappraisal mightiness beryllium requested at immoderate point successful nan future.

Implementation is currently underway and a number of specifications request to beryllium ironed retired earlier Chrome's IP Protection moves into afloat testing. These see ensuring anti-abuse mechanisms are disposable and allowing IP-based geolocation services – wide utilized for contented localization and advertisement targeting – proceed to function.

Also, this research does not see Android WebView-based applications. So astatine this point, autochthonal Android apps that embed Chrome arsenic a WebView will not person entree to IP Protection, it seems.

"​​We scheme to people much specifications connected our timelines this summer, truthful enactment tuned," explained Google task head James Bradley successful a post to nan project's GitHub repo.

"We expect to motorboat IP Protection arsenic an opt-in characteristic initially, which will later connected go nan default setting. The logic for this is that we admit that this connection whitethorn impact immoderate important changes for companies, and arsenic is existent for each Privacy Sandbox proposals, we want to springiness nan ecosystem clip to set and supply feedback earlier nan characteristic is rolled retired broadly." ®