The big picture: The IP address is a fundamental component for connecting a PC, a smartphone, or any other digital device to the internet. The global network primarily consists of IP addresses and data packets exchanged through them. However, IP addresses can also be exploited to infringe upon users’ rights to privacy and anonymity.
Google is intensifying its efforts to combat IP-based tracking and profiling with IP Protection, a new Chrome experiment previously known as Gnatcatcher. As Google Senior Software Engineer Brianna Goldstein explains, IP Protection is designed to route third-party traffic for specific domains through proxies. This process effectively masks the user’s original IP address from these domains.
Google states that browser developers are working diligently to safeguard users’ privacy. However, the IP address still offers an effective means to “associate users’ activities across origins” in a manner that wouldn’t be achievable otherwise. This information can accumulate over time, creating a distinctive “persistent user profile” for tracking users across the web.
In contrast to third-party cookies, which Google plans to replace with a new advertising platform, an IP address typically doesn’t offer a “straightforward” opt-out method for this kind of surreptitious, effective tracking. Google’s solution to address this privacy concern involves using proxies to conceal the IP address. Nonetheless, this feature will need to evolve gradually to ensure compatibility and interoperability with the evolving “ecosystem.”
IP Protection will undergo testing in multiple phases, as Goldstein explained. In Phase 0, the feature will be opt-in, and Google will employ its proxy to mask IP identification requests from domains it owns. Google will assess the infrastructure’s performance while ensuring minimal impact on other companies. To maintain simplicity, it will grant proxy access to clients with US-based IP addresses exclusively.
To participate in the IP Protection testing, users will need to be logged into Chrome. Google also mentioned that a small percentage of clients will be “automatically enrolled” in the initial test. In future phases, Mountain View plans to implement two proxies, with the second one being managed by an external CDN company. This arrangement ensures that neither proxy can access both the client’s IP address and the destination, as Google explains.
The advertising corporation has acknowledged the risks associated with IP Protection, as the system no longer provides a “stable IP” to masked users. This change could render IP-based geolocation for legitimate services impossible. As a solution, Google is planning to use proxy connections that can offer a “coarse” location of the user instead of their precise location.
Mountain View is also anticipating potential security issues, such as DDoS attacks or traffic manipulation, if a proxy is compromised. To address these concerns, the company is proposing an authentication measure for using the IP Protection proxy. Additionally, limiting the traffic rate could help mitigate the impact of a potential DDoS attack.