Google is preparing to test a new “IP Protection” feature in the Chrome browser that aims to enhance users’ privacy by masking their IP addresses.

IP addresses allow websites and online services to track a user’s activities across different sites, enabling the creation of persistent user profiles. This poses significant privacy concerns — unlike third-party cookies — users currently lack a direct way to evade such covert tracking by IP addresses.

According to a recent BleepingComputer report, Google seeks to strike a balance between protecting users’ privacy and maintaining essential web functionalities that rely on IP addresses, like traffic routing and fraud prevention.

How IP Protection Works

The IP Protection solution works by routing third-party traffic from specific tracking domains through proxy servers, making a user’s actual IP address invisible to those domains. The list of domains proxied will evolve over time as the feature is tested and refined.

Initially, IP Protection will be an opt-in feature to give users control over their privacy while allowing Google to monitor any issues. The rollout will be gradual to accommodate regional differences and ensure a smooth transition.

In the first “Phase 0” test, Google will proxy requests only to its own domains using a proprietary proxy. This limited initial approach will help test the infrastructure while Google finalizes the broader domain list. Only Chrome users logged into a Google account with a US IP address will get access to the proxy servers during this phase.

An authentication server will distribute access tokens to the proxies and set quotas for each user to prevent misuse. In later phases, Google plans to adopt a two-hop proxy system involving an external CDN provider to improve privacy further.

Careful Considerations

Since many services rely on general location information from IP addresses, the proxies will assign IP addresses that reflect a user’s coarse region rather than their specific location.

Google recognizes potential security concerns around increased difficulty detecting DDoS attacks and invalid traffic through proxies. To mitigate risks, they are considering requiring user authentication with proxies, preventing the linkage of web requests to accounts, and introducing rate-limiting.

The feature is slated for testing between Chrome versions 119 and 225. Google intends to closely monitor the tests to identify any issues requiring design changes before considering a broader rollout.

Featured Image Credit: Graphic from Google DeepMind; Pexels; Thank you!

Radek Zielinski

Radek Zielinski is an experienced technology and financial journalist with a passion for cybersecurity and futurology.