Google Chrome security feature in testing
Google’s plan to enhance privacy in its Chrome browser extends beyond its existing security measures, which include site isolation, sandboxing, and predictive phishing protections. Reporting from Mashable and The Register indicate that the company is reportedly developing a new feature that aims to obscure users’ IP addresses, a move designed to thwart tracking attempts across the web. This upcoming privacy upgrade, discovered via GitHub and highlighted by Bleeping Computer, involves routing users’ traffic through a Google-owned proxy server, rendering their IP addresses invisible to specific domains and providing what is termed as IP Protection.
The IP Protection project, formerly known as “ip-blindness” or “Gnatcatcher,” is part of Google’s broader Privacy Sandbox initiative, initially surfacing in 2021. Unlike a comprehensive solution to privacy concerns, IP Protection focuses on addressing cross-site tracking via IP addresses. The Github description refers to it as a “privacy proxy” that anonymizes IP addresses for qualifying traffic. However, concerns have been raised about the potential risks associated with routing traffic through a Google-owned proxy server.
Chrome’s privacy enhancement comes at a time when the tech giant is also set to drop support for the Theora video codec in the desktop version of the browser, citing emerging security risks. This change is slated for implementation in Chrome 123 by March. Websites still relying on Theora will be required to adopt an ogv.js polyfill.
Google’s testing strategy for IP Protection involves initial trials using a single Google-owned proxy and later progressing to a two-hop proxy setup, incorporating both a Google-owned and a third-party proxy server. The implementation aims to strike a balance between user privacy and functionality, ensuring that one proxy remains unaware of the client’s IP address while the other is blind to the client destination.
Despite the promising aspects of IP Protection, it is not a one-size-fits-all solution, particularly considering the potential vulnerabilities associated with traffic routing through a Google-owned proxy server. The concern raised is that if Google’s servers were to be compromised, a hacker could gain access to a significant amount of user information. The development and testing of IP Protection are ongoing, with a planned initial opt-in approach before making it the default setting to allow industry adjustment and feedback.