Google is preparing to test a new “IP Protection” feature for its Chrome browser that increases user privacy by masking IP addresses using proxy servers. Aware of the possible misuse of IP addresses for secret tracking purposes, Google strives to strike a balance between ensuring user privacy and the core functions of the Internet.

IP addresses allow websites and online services to track website activity, thus facilitating the creation of permanent user profiles. This raises serious privacy concerns because, unlike third-party cookies, users currently have no direct way to avoid such hidden tracking.

What is the IP Protection feature offered by Google?

While IP addresses are potential vectors for monitoring, they are also essential for critical web functions such as traffic routing, fraud prevention, and other critical network tasks.

The IP Shield solution solves this dual role by redirecting third-party traffic from specific domains to proxy servers, making users’ IP addresses invisible to those domains. As the ecosystem evolves, IP Protection will evolve and adapt to continue protecting users from cross-site tracking and adding additional domains to proxy traffic.

“Chrome is reintroducing a proposal to protect users from cross-site tracking using their IP addresses. This proposal is a privacy proxy that anonymizes IP addresses to identify traffic as described above,” reads the IP protection feature description.

Initially, IP protection will be an available feature, allowing users to control their privacy and track Google’s behavioral trends. The feature rollout will be phased to accommodate regional considerations and allow for training time.

To a first approximation, in the context of third parties, only the listed domains would be affected, expanding the scope of domains thought to be tracking users.

In the first phase, called Phase 0, Google will send proxy requests to its own domains using only its own proxy. This will help Google control the system infrastructure and gain more time to fine-tune the domain list.

For starters, only users signed in to Google Chrome and whose IP addresses are located in the US can access these proxies. A select group of customers will be automatically included in this preliminary testing, but the architecture and design will be subject to change during testing.

To prevent possible abuse, the authentication server managed by Google will set a quota for each user by distributing access tokens on the proxy. In later stages, Google plans to introduce a 2-hop proxy system to further increase privacy.

“We are considering using a 2-pass implementation to increase privacy. The second proxy will be run by the external CDN, while Google will handle the first pass.” IP Protection’s whitepaper explains this.

“This ensures that no proxy server can see the client’s IP address and destination at the same time. CONNECT&CONNECT-UDP supports connection of proxy servers”.

Because many online services use GeoIP to determine a user’s location to provide service, Google plans to assign IP addresses to proxy connections that represent the user’s “approximate” location rather than their specific location, as shown below.

Among the areas where Google plans to test this feature are its own platforms such as Gmail and AdServices. Google plans to test this feature between Chrome 119 and Chrome 225.

Possible security issues

Google explains that the new IP Protection feature is related to cybersecurity issues. Since traffic will be routed through Google’s proxy servers, it may be difficult for security and anti-fraud services to block DDoS attacks or detect invalid traffic.

Additionally, if one of Google’s proxy servers is compromised, the attacker can see and modify the traffic passing through that server.

To mitigate this, Google is considering requiring users using this feature to authenticate with a proxy server, preventing proxies from associating web requests with specific accounts, and implementing speed limits to prevent DDoS attacks. Source