Google will soon start testing a new ‘IP protection’ feature for Chrome users, offering them greater control over their privacy. The tech giant the upcoming feature prevents websites from tracking users by hiding their IP address using proxy servers owned by Google.
To give you a quick recap, IP address is a unique numerical identifier that can be used to track a user’s geographical location and is used by advertisers to track a user’s browsing habits, see which websites they visit and provide personalized ads.
According to Google, the IP protection feature will be rolled out in multiple stages, with Phase 0 redirecting domains owned by Google (like Gmail) to a single proxy server. The company says the first phase will allow them to test its infrastructure and only a handful of users residing in the US will be enrolled.
Google also said that the upcoming IP protection feature will be available for users who have logged in to Chrome. To prevent misuse the tech giant will be implementing an authentication server that will set a quota for every user.
In the following phases, Google will start using a 2-hop proxy system, which essentially redirects a website’s request to a Google server that will again be redirected to an external CDN like Cloudflare.
While the IP protection feature might enhance user privacy, the tech giant has clarified that it is not a foolproof system. If a hacker is able to gain access to Google’s proxy server, they will be able to analyse all traffic passing through the network and even redirect users to malicious websites.
Since most of Google’s revenue comes from tracking users across the internet and offering them personalized ads, it will be interesting to see how the company strikes a balance between user privacy and revenue generation.
That will just allow google to track every website you visit.
Both. It will prevent other sites from seeing some of your data, while giving Google more of your data. Of course Google wants to do this, it gives them a competitive edge. Smells like brewing lawsuits, though.
Using one dominant position (Chrome market share) to extend into another (data brokerage) is textbook Monopoly 101.
Yeah, we saw Microsoft do that with Windows and Internet Explorer back in the day.
Nobody can track what you’re looking at*!
*For free any more because now they’ll have to pay us for that data which we’ll have wayyyy more of."
Nah, they don’t sell your data. They sell their ability to serve you ads based on their data about you.
Smells like brewing lawsuits, though.
This is America. No one cares about your privacy and corporations own the government.
Google also operates in the EU. They’ll probably get a slap on the wrist in the end, but first there will be a widely publicized lawsuit.
I hate to admit how accurate this is
Second pull the ladder move of Google in a short succession.
Google’s idea of privacy is to capture all your activity through Google’s VPN so nobody but Google’s advertisers can see it.
Looks like a great business plan to me.
Edit: Firefox is a great option for more privacy.
Librewolf is a hardened fork of Firefox, but not for everyone. Although I am very happy with it personally.
Mullvad also has a browser.
Which is great except that it constantly breaks websites.
Yeah, that’s going to happen. The features that make website useful are the same features used to track everything. It’s a sliding scale from usability to privacy. The further you go in one direction the less you get from the other.
Hopefully what it does is popup a message urging users to STOP USING GOOGLE CHROME
That’s pretty brilliant, actually.
I propose a nice server side open source library that will replace pages served from Google IP space with redirects to the Firefox download page. Or just a page presenting the problem and danger.
Or like an nginx plug-in. So many options.
So a proxy of their own so Google can watch everything you do themselves? GTFO.
Since most of Google’s revenue comes from tracking users across the internet and offering them personalized ads, it will be interesting to see how the company strikes a balance between user privacy and revenue generation.
Isn’t it obvious? Google own’s the proxies. And judging by the look of this, they are going to act as a a Man In The Middle for HTTPS, so they will be actually able to see everyone’s plain text connections. This is not a privacy feature, but a privacy nightmare. Like everything else on Chrome, tbh.
Edit: I don’t know if they will be breaking HTTPS or no, since I didn’t see the details of how this works. But even if they don’t see your plain text traffic, they are logging your every request, which is scary.
So instead of the websites tracking me, it would just be google that does so. With much more control and detail than ever. And then google will sell that information to those websites for even mroe profit!
Google will soon start testing a new ‘IP protection’ feature for Chrome users, offering them greater control over their privacy. The tech giant the upcoming feature prevents websites from tracking users by hiding their IP address using proxy servers owned by Google.
Jesus fucking Christ…
I wonder how much Indianexpress gets paid for this bullshit advertisement.This was actually the least-biased coverage of the day:
https://www.techmeme.com/231023/p18#a231023p18
So this is Google’s version of Microsoft tracking. Microsoft does it with Windows and Edge, Google does it with proxies. Sad.
Well we know what’ll happen to this service, especially if it works. https://killedbygoogle.com/
It gives google access to all the traffic statistics for users of chrome, not just those going via google. That’s valuable marketing data. They also have made sure that nobody else can get that data - they have to buy it from google as they become the sole source of it.
That’s why they want to do it… nothing to do with ‘privacy’.
Sounds like what Apple’s been doing recently
This post seemed to put things in context a bit better as it sounds like Google’s two-proxy hopping is what Apple does as well:
https://reddit.com/r/apple/comments/xo8ha0/_/iq5e40h/?context=1The difference (AFAIK) is that Apple’s business is less-centered around profiting off users’ data, so they’re less liable to use the data, while Google will almost certainly use the data.
That link makes it seem like Apple can’t read what you’re doing, so it’s different from Google.
This is where Private Relay comes in. When enabled, the addresses you visit are encrypted on your device, and then handed to Apple (who can’t read it - think of it as handing a sealed envelope to a letter carrier). Apple then passes these onto Cloudflare 1.1.1.1 DNS. Cloudflare only sees that they came from Apple, so they have no idea who the actual person is. In this sense, only Apple knows who you are, and only Cloudflare knows what website you visited, so it’s more private (unless both companies collude to match up the data). The technical term for this is Oblivious DNS over HTTPS.
True, but w/ a caveat at the bottom:
At the end of the day, you have to remember that Apple devices are essentially a sealed unit. Any claims they make about privacy cannot be proven - they could slip tracking and keyloggers into every device, and unless you build a device from scratch and program it yourself, there’s nothing you can do about it. You have to trust that they won’t do that, and Apple is in a relatively unique position (particularly compared to google and facebook) in that the business isn’t designed to profit from this, so they have no real reason to do so.
Well that would be great if Google wasn’t the main culprit trying to track me.
Is that really the best business plan they have now? Stop everyone else tracking you so their own data is worth more?
Credit where credit is due - they’ve been hypocrites since at least the day the posited “Don’t be evil”.
Like any decent person needs to say that.
That was their company motto, it’s supposed to be a silly reminder/moral goal to follow in your code of conduct. But back in 2000 when they started using it, it was also kinda genuine, meant as a stab at Microsoft and other such companies exploiting users.
In 2015 Alphabet decided that “Don’t be evil” was too restricting and changed it to “Do the right thing”. Even that has since been removed.
So instead of giving random websites your general location, you give google everything you do on the web?
Unless you take considerable steps to prevent it by avoiding and blocking anything made by google, you basically already do.
And this is a Chrome feature we are talking about. Someone who cares about privacy from Google wouldn’t be using it in the first place.
This will be great from a privacy perspective, because it will legitimize VPN endpoints.
If nothing else after your super private paranoid VPN journey, you could terminate the traffic in a Chrome proxy, and the other site wouldn’t be able to discriminate against you.
I’m using Google’s VPN now. They promised they won’t look. Honestly I think a lot.more is leaked via the GBoard keyboard, but what do I know.
This would actually be good, because combined with encrypted client hello, a TLS connection to some website would only be identifiable by the IP and DNS queries. You don’t have to use Google’s DNS either.
So Google will basically see that you’re connecting to a cloudflare hosted website or whatever the case is. Doesn’t help much because they can’t see encrypted data
Googles ships the browser wich ships with the root certificates which they can update remotly as the see fit im sure u can see the issue here.
Next step would be rewrapping the encrypted data (which several existing proxies already support) as a “security enhancement”.
They’d have to crack TLS or get you to trust their mitm cert, or fake what they present to the user…
I don’t see Google doing anything that foolish, it’s a security nightmare
They ship the browser, which on at least many OSes has the certificate store. And Android. They can ship whatever they want.
People fall for all kinds of shit for reasonableish-soubdubg security reasons. Lots of people would have said they didn’t believe people would go for this either.
Ok, but they still present the certificate to the user. They’d have to be very fucky with how they present that information if they were doing the validation at the proxy and then passing back that cert info.
And yeah, regular users might fall for that shit but Chrome would be banned across the corporate landscape the second it was found out.
That optional feature might be banned, it likely would be easily disabled (I.e. not disablable) by corporate policy.
Having enough people to opt into it to be profitable would make it worth it. You may be underestimating the # of people who wouldn’t care if it was packaged well.
Guess, AMP didn’t give them enough control over servers, now they also want to capture the clients.
