BleepingComputer: Google Chrome's new "IP Protection" will hide users' IP addresses

[Undescribed Horrific Abuse, One Victim & Survivor of Many]

> https://www.bleepingcomputer.com/news/google/google-chromes-new-ip-protection-will-hide-users-ip-addresses/

# Google Chrome's new "IP Protection" will hide users' IP addresses

Google is getting ready to test a new "IP Protection" feature for the
Chrome browser that enhances users' privacy by masking their IP
addresses using proxy servers.

Recognizing the potential misuse of IP addresses for covert tracking,
Google seeks to strike a balance between ensuring users' privacy and
the essential functionalities of the web.

IP addresses allow websites and online services to track activities
across websites, thereby facilitating the creation of persistent user
profiles. This poses significant privacy concerns as, unlike
third-party cookies, users currently lack a direct way to evade such
covert tracking.

# What is Google's proposed IP Protection feature?

While IP addresses are potential vectors for tracking, they are also
indispensable for critical web functionalities like routing traffic,
fraud prevention, and other vital network tasks.

The "IP Protection" solution addresses this dual role by routing
third-party traffic from specific domains through proxies, making
users' IP addresses invisible to those domains. As the ecosystem
evolves, so will IP Protection, adapting to continue safeguarding
users from cross-site tracking and adding additional domains to the
proxied traffic.

"Chrome is reintroducing a proposal to protect users against
cross-site tracking via IP addresses. This proposal is a privacy proxy
that anonymizes IP addresses for qualifying traffic as described
above," reads a description of the IP Protection[1 - git repository]
feature.

Initially, IP Protection will be an opt-in feature[2], ensuring users
have control over their privacy and letting Google monitor behavior
trends.

The feature's introduction will be in stages to accommodate regional
considerations and ensure a learning curve.

In its initial approach, only the domains listed will be affected in
third-party contexts, zooming in on those perceived to be tracking
users.

The first phase, dubbed "Phase 0," will see Google proxying requests
only to its own domains using a proprietary proxy. This will help
Google test the system's infrastructure and buy more time to fine-tune
the domain list.

To start, only users logged into Google Chrome and with US-based IPs
can access these proxies.

A select group of clients will be automatically included in this
preliminary test, but the architecture and design will undergo
modifications as the tests progress.

To avert potential misuse, a Google-operated authentication server
will distribute access tokens to the proxy, setting a quota for each
user.

In upcoming phases, Google plans to adopt a 2-hop proxy system to
increase privacy further.

"We are considering using 2 hops for improved privacy. A second proxy
would be run by an external CDN, while Google runs the first hop,"
explains the IP Protection explainer document.

"This ensures that neither proxy can see both the client IP address
and the destination. CONNECT & CONNECT-UDP support chaining of
proxies."

As many online services utilize GeoIP to determine a users location
for offering services, Google plans on assigning IP addresses to proxy
connections that represent a "coarse" location of a user rather than
their specific location, as illustrated below.

https://www.bleepstatic.com/images/news/web-browsers/chrome/ip-protection/chrome-geo-ip-boundaries.jpg
[The map is subdivided into areas delimited by the blue boundaries in
the US and green boundaries in Canada. Users within a certain area
will be assigned an IP address that is mapped to the top city of that
area, marked with the pin \/. An area will never cross a country
border.]
Illustrating how Google plans on assigning IP address to allow for
GeoIP locations
Source: Google

Among the domains where Google intends to test[3] this feature are its
own platforms like Gmail and AdServices.

Google plans on testing this feature between Chrome 119 and Chrome 225.

# Potential security concerns

Google explains there are some cybersecurity concerns related to the
new IP Protection feature.

As the traffic will be proxied through Google's servers, it may make
it difficult for security and fraud protection services to block DDoS
attacks or detect invalid traffic.

Furthermore, if one of Google's proxy servers is compromised, the
threat actor can see and manipulate the traffic going through it.

To mitigate this, Google is considering requiring users of the feature
to authenticate with the proxy, preventing proxies from linking web
requests to particular accounts, and introducing rate-limiting to
prevent DDoS attacks.


1 - git repository: http://github.com/GoogleChrome/ip-protection
2: https://groups.google.com/a/chromium.org/g/blink-dev/c/9s8ojrooa_Q
[the path parameter is the groups conversation ID]
3: https://docs.google.com/document/d/1iCM3BxJ5cBVwepIL3L-ux-2eS-R0SgaCZEM_ja0ary4/edit