Google IP protection

Google is gearing up to test a new “IP protection” feature for Chrome that will protect your privacy by masking your IP addresses using proxy servers. 

The feature, first unveiled by Google in May, serves to protect users' privacy from covert location tracking while keeping the web's essential functionalities intact. 

IP addresses allow websites and online services to track activities across websites, which they can use to create a profile of their users' activity. This is detrimental to the user’s privacy, since, unlike third-party cookies, users currently lack a direct way to opt out of such covert tracking.

But IP addresses are also crucial to key web functionalities like routing traffic, fraud prevention, and other vital network tasks – meaning that removing them entirely puts users’ security at risk online. 

Google’s "IP Protection" feature addresses this by routing third-party traffic from specific domains through proxies, making users' IP addresses invisible to those domains.

“As browser vendors make efforts to provide their users with additional privacy, the user’s IP address continues to make it feasible to associate users’ activities across origins that otherwise wouldn’t be possible,” reads a description of Google’s IP protection feature.

"Chrome is reintroducing a proposal to protect users against cross-site tracking via IP addresses. This proposal is a privacy proxy that anonymizes IP addresses for qualifying traffic as described above.” 

A phased approach to IP Protection 

Google’s IP Protection is just the latest move from Google to improve user privacy on the Chrome Browser. 

The search giant has also been slowly phasing out third-party cookies and plans to cut them out entirely by Q2 2024, replacing cookies with a series of APIs to limit user data being shared with third parties and remove cross-app identifiers. 

Like its approach to cutting cookies from Chrome, Google will introduce its IP protection feature in stages to accommodate regional considerations and allow websites to slowly adjust to the new privacy implementations. 

The feature will initially be an opt-in feature, allowing users to have control over who has access to their IP addresses while letting Chrome continue to keep tabs on behavioural trends. 

Dubbed "Phase 0”, this first phase will see Google proxying requests only to its own domains using a proprietary proxy. This will allow Google to test the system's infrastructure and buy more time to fine-tune the domain list. 

A select group of clients will be automatically included in this preliminary test, but the architecture and design will undergo modifications as the tests progress. 

A Google-operated authentication server will distribute access tokens to the proxy, setting a quota for each user to prevent potential misuse. In later phases, Google plans to adopt a 2-hop proxy system to increase privacy further.

Google coarse ip addresses
Illustration of how Google plans on assigning IP address to allow for GeoIP locations. Source: Google

“We are considering using 2 hops for improved privacy. A second proxy would be run by an external CDN, while Google runs the first hop," Google explains in its IP Protection announcement. 

"This ensures that neither proxy can see both the client IP address and the destination. CONNECT & CONNECT-UDP support chaining of proxies."

Since many online services rely on location data to determine a user's location for offering services, Google plans on assigning IP addresses to proxy connections that represent a "coarse" GeoIP location of a user rather than their specific location. 

Among the domains where Google intends to test this feature are its own platforms like Gmail and AdServices. It plans on testing the feature between Chrome 119 and Chrome 225.

Addressing the security risks

While IP tracking hinders users’ privacy, it is also crucial to keeping users safe online, preventing fraud and other vital security tasks by keeping close tabs on user activity. 

Since Google’s IP Protection feature will see traffic proxied through its own servers, however, it may make it difficult for security and fraud protection services to block DDoS attacks or detect threat actors. 

To ready more are cyber attacks, visit our dedicated Security Page. 

If one of Google’s proxy servers is compromised, malicious actors could potentially manipulate the traffic and steal the location data going through it. 

Google has said it will introduce a number of “anti-abuse protections” to mitigate these risks, which include requiring users of the feature to authenticate with the proxy and preventing proxies from linking web requests to particular accounts. 

It will also introduce a rate limit for the number of tokens per account to prevent DDoS attacks, as well as allow websites to report these attacks and other security concerns before the feature is fully implemented.