Google will soon start testing a new ‘IP protection’ feature for Chrome users, offering them greater control over their privacy. The tech giant the upcoming feature prevents websites from tracking users by hiding their IP address using proxy servers owned by Google.

To give you a quick recap, IP address is a unique numerical identifier that can be used to track a user’s geographical location and is used by advertisers to track a user’s browsing habits, see which websites they visit and provide personalized ads.

According to Google, the IP protection feature will be rolled out in multiple stages, with Phase 0 redirecting domains owned by Google (like Gmail) to a single proxy server. The company says the first phase will allow them to test its infrastructure and only a handful of users residing in the US will be enrolled.

Google also said that the upcoming IP protection feature will be available for users who have logged in to Chrome. To prevent misuse the tech giant will be implementing an authentication server that will set a quota for every user.

In the following phases, Google will start using a 2-hop proxy system, which essentially redirects a website’s request to a Google server that will again be redirected to an external CDN like Cloudflare.

While the IP protection feature might enhance user privacy, the tech giant has clarified that it is not a foolproof system. If a hacker is able to gain access to Google’s proxy server, they will be able to analyse all traffic passing through the network and even redirect users to malicious websites.

Since most of Google’s revenue comes from tracking users across the internet and offering them personalized ads, it will be interesting to see how the company strikes a balance between user privacy and revenue generation.

    • @tony@lemmy.hoyle.me.uk
      link
      fedilink
      English
      44
      edit-2
      1 year ago

      It gives google access to all the traffic statistics for users of chrome, not just those going via google. That’s valuable marketing data. They also have made sure that nobody else can get that data - they have to buy it from google as they become the sole source of it.

      That’s why they want to do it… nothing to do with ‘privacy’.

  • @sir_reginald@lemmy.world
    link
    fedilink
    English
    62
    edit-2
    1 year ago

    Since most of Google’s revenue comes from tracking users across the internet and offering them personalized ads, it will be interesting to see how the company strikes a balance between user privacy and revenue generation.

    Isn’t it obvious? Google own’s the proxies. And judging by the look of this, they are going to act as a a Man In The Middle for HTTPS, so they will be actually able to see everyone’s plain text connections. This is not a privacy feature, but a privacy nightmare. Like everything else on Chrome, tbh.

    Edit: I don’t know if they will be breaking HTTPS or no, since I didn’t see the details of how this works. But even if they don’t see your plain text traffic, they are logging your every request, which is scary.

    • @fubo@lemmy.world
      link
      fedilink
      English
      8
      edit-2
      1 year ago

      You can’t MITM HTTPS with a VPN unless the browser accepts an insecure certificate. And that can’t be done without being detected; and the security community would raise seven shades of hell.

      Google has actually helped build the infrastructure that (in a public, provable way that Google can’t subvert) makes it impossible to get away with MITM in this manner. It’s called Certificate Transparency.

      Put another way: Google wants other big companies and governments to use Chrome and Android. If Google started MITMing traffic like you suggest, no corporation or government would ever touch their products again. So they’ve built infra that lets them prove they don’t.

      They could use this to get more accurate figures about the popularity of different sites or services by IP and port. But they don’t need to; they have search.

      • @_s10e@feddit.de
        link
        fedilink
        English
        51 year ago

        You can’t MITM HTTPS with a VPN unless the browser accepts an insecure certificate.

        Yes, but the browser is Chrome and this is a feature built into Chrome.

          • @_s10e@feddit.de
            link
            fedilink
            English
            21 year ago

            I tend to agree with the trust argument. Google wants people to rely on Web technology and Google products and allowing MITM - or failing to prevent - goes against Google’s interest.

            I don’t buy the technical argument at all. Google could terminate the TLS connection at the proxy and communicate with the browser on a proprietary encrypted channel. Chrome could easily show a green padlock item and certificate details as seen by the proxy. The whole thing could be open source and transparent. A minority of users will disable the feature; many will accept it. Corporates can be bought by allowing to opt out for ‘sensitive’ servers.

            • @fubo@lemmy.world
              link
              fedilink
              English
              71 year ago

              They could just rewrite Chrome to send all your passwords in clear text to Mountain View too … but not without security people noticing. That’s my point. The behavior of browsers is not secret.

  • @Treczoks@lemm.ee
    link
    fedilink
    English
    231 year ago

    So instead of the websites tracking me, it would just be google that does so. With much more control and detail than ever. And then google will sell that information to those websites for even mroe profit!

  • @Knusper@feddit.de
    link
    fedilink
    English
    431 year ago

    Guess, AMP didn’t give them enough control over servers, now they also want to capture the clients.

    • JohnEdwa
      link
      fedilink
      English
      2
      edit-2
      1 year ago

      Unless you take considerable steps to prevent it by avoiding and blocking anything made by google, you basically already do.

      And this is a Chrome feature we are talking about. Someone who cares about privacy from Google wouldn’t be using it in the first place.

  • @Blackmist@feddit.uk
    link
    fedilink
    English
    331 year ago

    Well that would be great if Google wasn’t the main culprit trying to track me.

    Is that really the best business plan they have now? Stop everyone else tracking you so their own data is worth more?

    • @BearOfaTime@lemm.ee
      link
      fedilink
      English
      -11 year ago

      Credit where credit is due - they’ve been hypocrites since at least the day the posited “Don’t be evil”.

      Like any decent person needs to say that.

      • JohnEdwa
        link
        fedilink
        English
        2
        edit-2
        1 year ago

        That was their company motto, it’s supposed to be a silly reminder/moral goal to follow in your code of conduct. But back in 2000 when they started using it, it was also kinda genuine, meant as a stab at Microsoft and other such companies exploiting users.

        In 2015 Alphabet decided that “Don’t be evil” was too restricting and changed it to “Do the right thing”. Even that has since been removed.

  • @A_Random_Idiot@lemmy.world
    link
    fedilink
    English
    78
    edit-2
    1 year ago

    Ah yes, filter all my internet browsing through google servers for analysis, data harvesting and exploitation “privacy”

    Then again, anyone actually caring about privacy probably wouldnt be using chrome to begin with.

    • DarkThoughts
      link
      fedilink
      101 year ago

      To quote the “article”:

      While the IP protection feature might enhance user privacy, the tech giant has clarified that it is not a foolproof system. If a hacker is able to gain access to Google’s proxy server, they will be able to analyse all traffic passing through the network and even redirect users to malicious websites.

      This means that if a hacker can do this, then obviously the same goes for Google itself. Google will analyse all your online traffic data and use it for themselves. This isn’t pro privacy, it’s the complete opposite.

    • @kaitco@lemmy.world
      link
      fedilink
      English
      231 year ago

      It’s some high-level BS, is what it is.

      A better way to protect privacy is to use a neutral, paid VPN; use Firefox with all the best blockers; and not sign into anything while doing searches.

      Google is doing this so that they can see everything and so that others will have to pay them to see the everything they’ll have. Yes, it can “technically” be private from other parties, but Google’s bread and butter comes from collecting data and selling it. This is only a tool to collect even more data.

  • @Haywire@lemm.ee
    link
    fedilink
    English
    61 year ago

    I’m using Google’s VPN now. They promised they won’t look. Honestly I think a lot.more is leaked via the GBoard keyboard, but what do I know.

  • @iopq@lemmy.world
    link
    fedilink
    English
    61 year ago

    This would actually be good, because combined with encrypted client hello, a TLS connection to some website would only be identifiable by the IP and DNS queries. You don’t have to use Google’s DNS either.

    So Google will basically see that you’re connecting to a cloudflare hosted website or whatever the case is. Doesn’t help much because they can’t see encrypted data

    • @muntedcrocodile@lemmy.world
      link
      fedilink
      English
      91 year ago

      Googles ships the browser wich ships with the root certificates which they can update remotly as the see fit im sure u can see the issue here.

      • @fubo@lemmy.world
        link
        fedilink
        English
        2
        edit-2
        1 year ago

        Doing that would cause all corporations and governments to switch to Edge immediately. Google actually built infra to make it impossible to get away with this kind of hijacking: look up Certificate Transparency.

    • ripcord
      link
      fedilink
      11 year ago

      Next step would be rewrapping the encrypted data (which several existing proxies already support) as a “security enhancement”.

      • @darth_helmet@sh.itjust.works
        link
        fedilink
        English
        41 year ago

        They’d have to crack TLS or get you to trust their mitm cert, or fake what they present to the user…

        I don’t see Google doing anything that foolish, it’s a security nightmare

        • ripcord
          link
          fedilink
          51 year ago

          They ship the browser, which on at least many OSes has the certificate store. And Android. They can ship whatever they want.

          People fall for all kinds of shit for reasonableish-soubdubg security reasons. Lots of people would have said they didn’t believe people would go for this either.

          • @fubo@lemmy.world
            link
            fedilink
            English
            11 year ago

            They don’t want every government to immediately ban the use of Chrome on government computers …

            • ripcord
              link
              fedilink
              1
              edit-2
              1 year ago

              Can you really not imagine a way that they’d ship a feature like that - maybe, disabled permanently with a corporate policy - where this wouldn’t be a problem? Presumably they’d work with governments and corporations on something palatable, like they usually do.

              I mean, this current feature isn’t something that most governments really wouldn’t want their users using either. Or the existing “secure DNS” feature, etc.

              Edit: Or the root certificates they already add on top of what the OS provides and that the user can control.

              • @fubo@lemmy.world
                link
                fedilink
                English
                1
                edit-2
                1 year ago

                It’s not a matter of imagination. There’s specific infra preventing HTTPS MITM from being done secretly. Look up “Certificate Transparency”. The CA certs shipped with browsers are a matter of public record, and any security whiz would love to catch this sort of bullshit.

          • @darth_helmet@sh.itjust.works
            link
            fedilink
            English
            31 year ago

            Ok, but they still present the certificate to the user. They’d have to be very fucky with how they present that information if they were doing the validation at the proxy and then passing back that cert info.

            And yeah, regular users might fall for that shit but Chrome would be banned across the corporate landscape the second it was found out.

            • ripcord
              link
              fedilink
              3
              edit-2
              1 year ago

              That optional feature might be banned, it likely would be easily disabled (I.e. not disablable) by corporate policy.

              Having enough people to opt into it to be profitable would make it worth it. You may be underestimating the # of people who wouldn’t care if it was packaged well.

  • @0oWow@lemmy.world
    link
    fedilink
    English
    311 year ago

    So this is Google’s version of Microsoft tracking. Microsoft does it with Windows and Edge, Google does it with proxies. Sad.

    • Ghostalmedia
      link
      fedilink
      English
      71 year ago

      I would wager that this is probably more of a response to iOS and Apple’s encrypted proxy “Private Relay” feature.

      Google doesn’t care about Edge. If you look at the browser stats, mobile Safari is their major competitor. Especially in the states.