Brianna Goldstein, James Bradley, David Schinazi
IP Protection formerly known as Gnatcatcher
None
IP Protection is a feature that sends third-party traffic for a set of domains through proxies for the purpose of protecting the user by masking their IP address from those domains.
After receiving much feedback from the ecosystem, the design of the broader proposal is as follows:
IP Protection will be opt-in initially. This will help ensure that there is user control over privacy decisions and that Google can monitor behaviors at lower volumes.
It will roll out in a phased manner. Like all of our privacy proposals, we want to ensure that we learn as we go and we recognize that there may also be regional considerations to evaluate.
We are using a list based approach and only domains on the list in a third-party context will be impacted. We are conscious that these proposals may cause undesired disruptions for legitimate use cases and so we are just focused on the scripts and domains that are considered to be tracking users.
We plan to test and roll out the feature in multiple phases. To start, Phase 0 will use a single Google-owned proxy and will only proxy requests to domains owned by Google. This first phase will allow us to test our infrastructure while preventing impact to other companies and gives us more time to refine the list of domains that will be proxied. For simplicity, only clients with US-based IP addresses will be granted access to the proxies for phase 0.
A small percentage of clients will be automatically enrolled in this initial test, though the architecture and design will evolve between this test and future launches. To access the proxy, a user must be logged in to Chrome. To prevent abuse, a Google-run authentication server will grant access tokens to the Google run proxy based on a per-user quota.
In future phases we plan to use a 2-hop proxy, as had previously been indicated in the IP Protection explainer.
Privacy>Fingerprinting>IPProtection
None
N/A
IP Protection changes how stable a client's IP address is but does not otherwise cause a breaking change for existing sites. In this experiment the only sites impacted are Google owned domains which include the some domains when they are loaded in a third party context.
For those requests, a stable IP address for a client can no longer be expected. There is no impact to other domains at this time.
Gecko: No signal
WebKit: Shipped a similar feature in Intelligent Tracking Protection. This experiment is only a single proxy, however we plan in a later phase to move to the double hop proxy model that Safari has also shipped.
Web developers: No signals
Other signals:
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
This experiment does not include Webview.
We will enable this experiment in the pre-stable Chrome channels at most to 33% of clients. For this initial experiment we want to test our infrastructure and the integrations between various components for bugs, stability and reliability. We want to measure the latency of requests using the full flow to get an early picture of where we can improve performance as we ramp up traffic.
None
How to test IP Protection if the feature is enabled on your client
Navigate your configured browser to chrome://net-export.
Click “Start Logging To Disk” and save the log as something you can remember
Open another tab and navigate to a sites that loads 3p Google ads
Go back to your net-export tab and click “Stop Logging”. This will download a JSON log file.
Navigate to https://netlog-viewer.appspot.com/#import and import your file
Using the left navigation bar, navigate to the Sockets tab, if IP Protection is enabled for you will see a socket corresponding to the IP Protection Proxy that handles traffic to some Google owned domains.
No, not WebView.
No
kEnableIpProtectionProxy
chrome/browser/ip_protection/ handles authenticated requests to the token signing server.
M119 - M125
https://chromestatus.com/feature/6574194264899584
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALO2AEczuZgtFBOSVq2x4G41%3D8h1KZu13y69AAGqwABy-edtRg%40mail.gmail.com.
I'm recused from voting on this feature so with my API OWNER hat off (or maybe just back and to the side to make me look cool...), it's possible that we submit an FYI review in the future ahead of an I2S.
That said, this is a feature that arguably does not materially
alter web platform APIs, but instead masks the client's IP using
IETF defined CONNECT, CONNECT-UDP, and MASQUE, etc. But if TAG
would like to provide input on our design choices, that could be
useful. But it shouldn't block an experiment.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA44PQi5unZHkS0W34Ns4AEO4Fbt-4yF7QE89Cuyp87iu-m0Dg%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA44PQg0L45W7T0zpkJC_NbTNXr83jkHHiJHxReE6%3Ducf%2BeA0w%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOqqYVFicT9hYsjxPE6GnBboM2bw-md%2B5oe95T3dksVZfBHD9Q%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA44PQg0L45W7T0zpkJC_NbTNXr83jkHHiJHxReE6%3Ducf%2BeA0w%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALO2AEfjo4UU0j%2BxK-PCfgoXCs2Nw2zVuNtfAoi2OpJ8M5M28A%40mail.gmail.com.
Sure, the plan is to file one before any future I2S. But this
isn't a blocking concern for this first experiment, imho.
On 10/20/23 3:41 AM, 'Thomas Steiner' via blink-dev wrote:
In the attached document, there are (at first sight) three domains of long-dead Google services:
Is this on purpose?
Yep, for the ~* retro vibes *~.
(But also, this is a test list in the first of a few experiments.)
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALgRrLm%3DMXhD4DDM5xib9B9pXrxrhjMhHh5o2yMdVWrxr%2Bv0Qg%40mail.gmail.com.
Hi Pete,
Yes, users will be able to turn the feature off. See:
https://github.com/GoogleChrome/ip-protection/issues/16
https://support.google.com/chrome/a/answer/7679408?sjid=15843372962730454051-NA#upChromeBrsrX118
thanks,
Mike
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/78991b54-9758-4843-a076-f98568743f12n%40chromium.org.
Hi Eric,
Sure - we will have more details about which domains will be
proxied as we get past the experimentation phases and sent an
Intent to Ship.
thanks,
Mike
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/5202fb6a-5dd6-4a1b-8692-bf4e0aa8b662n%40chromium.org.
Hi Daniel,
You can read more about the Blink process for shipping features
here:
https://www.chromium.org/blink/launching-features/
And yes, we do have plans for phase 0 and phase 1 experiments (and possibly others, depending on what we learn in the process).
best,
Mike
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/0924a485-03b2-4883-96ca-4c9e1b86b0ba%40chromium.org.
Hi Daniel,
We don't have any further details to announce right now, but when we do we can update this thread.
thanks,
Mike
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/5c0f63c7-5dc0-4619-8801-44010dfece52n%40chromium.org.