Google will soon start testing a new ‘IP protection’ feature for Chrome users, offering them greater control over their privacy. The tech giant the upcoming feature prevents websites from tracking users by hiding their IP address using proxy servers owned by Google.

To give you a quick recap, IP address is a unique numerical identifier that can be used to track a user’s geographical location and is used by advertisers to track a user’s browsing habits, see which websites they visit and provide personalized ads.

According to Google, the IP protection feature will be rolled out in multiple stages, with Phase 0 redirecting domains owned by Google (like Gmail) to a single proxy server. The company says the first phase will allow them to test its infrastructure and only a handful of users residing in the US will be enrolled.

Google also said that the upcoming IP protection feature will be available for users who have logged in to Chrome. To prevent misuse the tech giant will be implementing an authentication server that will set a quota for every user.

In the following phases, Google will start using a 2-hop proxy system, which essentially redirects a website’s request to a Google server that will again be redirected to an external CDN like Cloudflare.

While the IP protection feature might enhance user privacy, the tech giant has clarified that it is not a foolproof system. If a hacker is able to gain access to Google’s proxy server, they will be able to analyse all traffic passing through the network and even redirect users to malicious websites.

Since most of Google’s revenue comes from tracking users across the internet and offering them personalized ads, it will be interesting to see how the company strikes a balance between user privacy and revenue generation.

  • iopq@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    11 months ago

    This would actually be good, because combined with encrypted client hello, a TLS connection to some website would only be identifiable by the IP and DNS queries. You don’t have to use Google’s DNS either.

    So Google will basically see that you’re connecting to a cloudflare hosted website or whatever the case is. Doesn’t help much because they can’t see encrypted data

    • muntedcrocodile@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      11 months ago

      Googles ships the browser wich ships with the root certificates which they can update remotly as the see fit im sure u can see the issue here.

    • ripcord@kbin.social
      link
      fedilink
      arrow-up
      2
      ·
      11 months ago

      Next step would be rewrapping the encrypted data (which several existing proxies already support) as a “security enhancement”.

      • darth_helmet@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        They’d have to crack TLS or get you to trust their mitm cert, or fake what they present to the user…

        I don’t see Google doing anything that foolish, it’s a security nightmare

        • ripcord@kbin.social
          link
          fedilink
          arrow-up
          4
          ·
          11 months ago

          They ship the browser, which on at least many OSes has the certificate store. And Android. They can ship whatever they want.

          People fall for all kinds of shit for reasonableish-soubdubg security reasons. Lots of people would have said they didn’t believe people would go for this either.

          • darth_helmet@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            2
            ·
            11 months ago

            Ok, but they still present the certificate to the user. They’d have to be very fucky with how they present that information if they were doing the validation at the proxy and then passing back that cert info.

            And yeah, regular users might fall for that shit but Chrome would be banned across the corporate landscape the second it was found out.

            • ripcord@kbin.social
              link
              fedilink
              arrow-up
              2
              ·
              edit-2
              11 months ago

              That optional feature might be banned, it likely would be easily disabled (I.e. not disablable) by corporate policy.

              Having enough people to opt into it to be profitable would make it worth it. You may be underestimating the # of people who wouldn’t care if it was packaged well.