Google is getting ready to test a new "IP Protection" feature for the Chrome browser that enhances users' privacy by masking their IP addresses using proxy servers. Recognizing the potential misuse of IP addresses for covert tracking, Google seeks to strike a balance between ensuring users' privacy and the essential functionalities of the web. What is Google's proposed IP Protection feature? The "IP Protection" solution addresses this dual role by routing third-party traffic from specific domains through proxies, making users' IP addresses invisible to those domains. "Chrome is reintroducing a proposal to protect users against cross-site tracking via IP addresses. This proposal is a privacy proxy that anonymizes IP addresses for qualifying traffic as described above," reads a description of the IP Protection feature. Initially, IP Protection will be an opt-in feature, ensuring users have control over their privacy and letting Google monitor behavior trends. The first phase, dubbed "Phase 0," will see Google proxying requests only to its own domains using a proprietary proxy. To start, only users logged into Google Chrome and with US-based IPs can access these proxies. In upcoming phases, Google plans to adopt a 2-hop proxy system to increase privacy further. "We are considering using 2 hops for improved privacy. A second proxy would be run by an external CDN, while Google runs the first hop," explains the IP Protection explainer document. As many online services utilize GeoIP to determine a users location for offering services, Google plans on assigning IP addresses to proxy connections that represent a "Coarse" location of a user rather than their specific location, as illustrated below. Among the domains where Google intends to test this feature are its own platforms like Gmail and AdServices. Google plans on testing this feature between Chrome 119 and Chrome 225. Google explains there are some cybersecurity concerns related to the new IP Protection feature. As the traffic will be proxied through Google's servers, it may make it difficult for security and fraud protection services to block DDoS attacks or detect invalid traffic. To mitigate this, Google is considering requiring users of the feature to authenticate with the proxy, preventing proxies from linking web requests to particular accounts, and introducing rate-limiting to prevent DDoS attacks. Google Chrome's organize tabs will automatically reorder tabs. Google pays $93M to settle Android tracking lawsuit in California. Google rolls out Privacy Sandbox to use Chrome browsing history for ads. Google is enabling Chrome real-time phishing protection for everyone.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000