Hm. Privacy proxies can be a good idea, I'm generally in favor of them, and masking IP addresses does help with privacy. And while doing limited proxying for specific domains is not ideal (and obviously raises questions about how Google will decide which domains to use), it's also not a completely terrible middle ground for protection if costs are an issue. It's not inherently a bad idea to say "we can't solve all IP addresses for everyone, but we can get a list of trackers that we know are abusing them and specifically mask IP addresses from them."
I'm always cautious about Google proposals about privacy, this might have some catches that make it bad, but I don't immediately see (here or on the linked repo) what the catches are.
My bigger objection is honestly just cost? I guess I'm overestimating the extent of the data Google is going to be using, but I feel like I might have questions about how sustainable this is to build directly into a browser with no subscription or payment plan in front of it at all. I guess it's also opt-in, so Google might be banking on very few users ever enabling it. Funny how we decide what Chrome features are opt-in and opt-out. Or maybe it's just a way to get users to log in to Chrome instead of using it logged-out.
----
Note that if you're on iOS you can also set up a similar service through Apple; it costs money but from the look of things it's more comprehensive and will do a better job than what Google is proposing. So I'm not sure "we proxy your traffic and we're thinking about using multiple hops to do it" is actually that revolutionary.
----
But I don't immediately hate the idea, it seems like a good change and it seems like it should be a tangible increase in privacy, and it seems like the kind of effort I'd want to get behind. I like that in phase 0 they're including their own domains in the list (it is funny to think of Google needing to protect you from Google, but realistically if they had said "we won't use IP addresses to track" and then exempted themselves, I would be more critical). I don't like that they're planning to tie it to sign-in, but apparently that's temporary and will go away after a while? If they do eventually move to a 2-hop system, that will help address a lot of the "now Google knows what the destination is" concerns.
This seems kind of garbage and is more granular than I'd like:
> As many online services utilize GeoIP to determine a users location for offering services, Google plans on assigning IP addresses to proxy connections that represent a "coarse" location of a user rather than their specific location, as illustrated below.
But they're not wrong that course geography is still better than a full IP address.
We'll see. It seems like this has the potential to be positive, I just get nervous about Google because of gestures wildly at everything.
I think the idea is, currently a website owner can get a fairly good idea where you are. What google wants to do is change things so google knows exactly who you are and visited that website and what you looked at and searched for. And the website owners can get that if they pay google. And if they don't they have no idea who or where you are.
Its very puzzling, my understanding is most people use Google analytics anyway, and anyone serious about it pays them. Do they think they can extract more money from this sector or something? Surely they are the market leaders, unless something changed while I wasn't looking.
Imagine that - you pay Google for analytics and they tell you "oh, its a bunch of people using our free proxy service. It's extra to find out more." Seems real fishy.
If Google still knows my IP then this is a very minor improvement in terms of privacy. This is more likely a monopolistic move trying to harm the data collection efforts of other ad companies.
It’s nice that a large chunk of web traffic (this plus safari’s private relay) can obfuscate so much traffic off of telcos who have been notorious in the past for collecting and selling traffic data. Guess they have to limit their businesses to just selling internet service like they’ve pretended to only do all along!
I now only wish Apple would allow private relay for third party apps, and allow the ability to switch it on/off for specific apps so that unsavory ones (like temu) can collect even less info on users
> the proxy and network intermediaries are not privy to the contents of the traffic [...] There is an end-to-end encrypted tunnel via TLS, from Chrome to the destination server.
Let's imagine this as a building block for a bigger product.
A web server may be interested to verify that a request comes out of a Google proxy server. Would it ever make sense to treat differently the requests that come from the Google servers? Or allow only them?
If a publisher could verify that a user is using Chrome, is a user more valuable because tracking them is more robust? Another reason, if those servers recognize and stop the DDoS attacks, it can be cheaper to allow only them than pay for Cloudflare.
For the youngins, in the mid 2000s they branded a very similar service as “Google Web Accelerator” by saying their servers would deal with TCP slow-start for you faster than your home connection. The goal of course was to get you to tunnel all your traffic through their tracking/stalking engine.
> Furthermore, if one of Google's proxy servers is compromised, the threat actor can see and manipulate the traffic going through it.
> To mitigate this, Google is considering requiring users of the feature to authenticate with the proxy, preventing proxies from linking web requests to particular accounts, and introducing rate-limiting to prevent DDoS attacks.
Who are the "users of the feature" here? The users of the Chrome browser?
How will they authenticate? Using their Google accounts?
So so a nice feature (irony), now there will be a single point of control for all your traffic. Point controlled by Google and the US...
Also, it is a proxy, not a VPN, globally meaning that they could see in clear if not all the content of the traffic , at least the destination that is now hidden by TLSv3.
What is interesting is also with something like that they can grow again their ad and saas revenues: now they can easily identify "same users", also you could expect things like websites requiring authentication provided "transparently" by these proxies.
This is a copy of Apple's iCloud "private relay", right?
But why not, here it's gonna be "free" instead of 1€/month, so I guess it's a good QoL improvement in general.
Enabling it for general browsing can cause inconvenience when accessing shops and such.
But for all the rest of the traffic, it seems tempting to obfuscafe your IP by default - provided one believes in the safety of the offering.
I'm not sure if I trust Apple or Google more with my browsing history than say ProtonVPN or something like that.
But since I already use their service (Apple's here), using private relay seems to be a sensible default. If they are interested in my browsing history, they have it already.
I can't believe all the cynicism here, I would _love_ a free VPN from a reputable company. If Google wants to anonymize my data and use it to understand what websites are most popular, that's fine with me.
They absolutely, definitely are not anonymizing your data. They may be "anonymizing" it, but there is exactly zero chance that they aren't linking it to you in some other way.
Google does not give out free lunches. You are always paying for their services in some way, and that is usually by them mining your data and selling it to other companies. What possible motive would google have for operating a free proxy service? The sheer goodness of their hearts? Concern for your privacy and safety? Respect for the open web?
Everything google has done in the last decade shows very clearly that their motives are never good. At some point, you have to realize that the dog that keeps biting you will never stop biting you.
This isn't something they're offering for your benefit. Google wants your data for themselves while keeping it from their competitors. A free VPN (which this isn't) from a reputable company would be nice, but Google is not a reputable company. When the EFF offers a free anonymizing VPN I might be tempted, but for-profit companies that make their money by exploiting the private data of others shouldn't even be considered.
I just... don't see this ending well. Seems like a really bad idea. Most people who need a commercial vpn have one. But all this is going to result in is an additional step for internet traffic, by default for Chrome users. Other than the nefarious reasons, what will this accomplish?
Wonderful, having your IP hidden from everyone except Google must be wonderful for privacy. It's not like this is one of the single biggest, most abusively intrusive tech corporations in the world for pathologically surveilling everything you do at all costs no matter how much they try to paint their solutions as being in the name of security and privacy. Oh wait...
That anyone would take seriously any fundamental privacy protection solution from Google is laughable. After years of persistent data mining on a gargantuan scale rivaled only by Microsoft and maybe Meta, a company like this simply does not deliver a free bonus of genuine anonymity support.
48 comments
[ 2.7 ms ] story [ 46.8 ms ] threadI'm always cautious about Google proposals about privacy, this might have some catches that make it bad, but I don't immediately see (here or on the linked repo) what the catches are.
My bigger objection is honestly just cost? I guess I'm overestimating the extent of the data Google is going to be using, but I feel like I might have questions about how sustainable this is to build directly into a browser with no subscription or payment plan in front of it at all. I guess it's also opt-in, so Google might be banking on very few users ever enabling it. Funny how we decide what Chrome features are opt-in and opt-out. Or maybe it's just a way to get users to log in to Chrome instead of using it logged-out.
----
Note that if you're on iOS you can also set up a similar service through Apple; it costs money but from the look of things it's more comprehensive and will do a better job than what Google is proposing. So I'm not sure "we proxy your traffic and we're thinking about using multiple hops to do it" is actually that revolutionary.
----
But I don't immediately hate the idea, it seems like a good change and it seems like it should be a tangible increase in privacy, and it seems like the kind of effort I'd want to get behind. I like that in phase 0 they're including their own domains in the list (it is funny to think of Google needing to protect you from Google, but realistically if they had said "we won't use IP addresses to track" and then exempted themselves, I would be more critical). I don't like that they're planning to tie it to sign-in, but apparently that's temporary and will go away after a while? If they do eventually move to a 2-hop system, that will help address a lot of the "now Google knows what the destination is" concerns.
This seems kind of garbage and is more granular than I'd like:
> As many online services utilize GeoIP to determine a users location for offering services, Google plans on assigning IP addresses to proxy connections that represent a "coarse" location of a user rather than their specific location, as illustrated below.
But they're not wrong that course geography is still better than a full IP address.
We'll see. It seems like this has the potential to be positive, I just get nervous about Google because of gestures wildly at everything.
Count me out. I'm staying away from Google.
Yeah no thanks.
Imagine that - you pay Google for analytics and they tell you "oh, its a bunch of people using our free proxy service. It's extra to find out more." Seems real fishy.
I now only wish Apple would allow private relay for third party apps, and allow the ability to switch it on/off for specific apps so that unsavory ones (like temu) can collect even less info on users
Wait what? They are planning to proxy the cleartext, not https?
> the proxy and network intermediaries are not privy to the contents of the traffic [...] There is an end-to-end encrypted tunnel via TLS, from Chrome to the destination server.
[0] https://github.com/GoogleChrome/ip-protection#core-requireme...
A web server may be interested to verify that a request comes out of a Google proxy server. Would it ever make sense to treat differently the requests that come from the Google servers? Or allow only them?
If a publisher could verify that a user is using Chrome, is a user more valuable because tracking them is more robust? Another reason, if those servers recognize and stop the DDoS attacks, it can be cheaper to allow only them than pay for Cloudflare.
Google are a major contributor to Envoy Proxy and Envoy is used in their stack [0]. CONNECT-UDP support was recently added to Envoy [1, 2, 3]
0. https://twitter.com/gcpweekly/status/1708883000061055151
1. https://github.com/envoyproxy/envoy/pull/27714
2. https://github.com/envoyproxy/envoy/pull/29557
3. https://github.com/envoyproxy/envoy/pull/29651
Resulted in URLs ending in .amp and sad failure of an application.
Once as an attempt for content control.
Who are the "users of the feature" here? The users of the Chrome browser? How will they authenticate? Using their Google accounts?
Also, it is a proxy, not a VPN, globally meaning that they could see in clear if not all the content of the traffic , at least the destination that is now hidden by TLSv3.
What is interesting is also with something like that they can grow again their ad and saas revenues: now they can easily identify "same users", also you could expect things like websites requiring authentication provided "transparently" by these proxies.
Enabling it for general browsing can cause inconvenience when accessing shops and such.
But for all the rest of the traffic, it seems tempting to obfuscafe your IP by default - provided one believes in the safety of the offering.
I'm not sure if I trust Apple or Google more with my browsing history than say ProtonVPN or something like that. But since I already use their service (Apple's here), using private relay seems to be a sensible default. If they are interested in my browsing history, they have it already.
Google does not give out free lunches. You are always paying for their services in some way, and that is usually by them mining your data and selling it to other companies. What possible motive would google have for operating a free proxy service? The sheer goodness of their hearts? Concern for your privacy and safety? Respect for the open web?
Everything google has done in the last decade shows very clearly that their motives are never good. At some point, you have to realize that the dog that keeps biting you will never stop biting you.
I too would love a free VPN from a reputable company. Unfortunate Google isn’t one.
That anyone would take seriously any fundamental privacy protection solution from Google is laughable. After years of persistent data mining on a gargantuan scale rivaled only by Microsoft and maybe Meta, a company like this simply does not deliver a free bonus of genuine anonymity support.