When you use your browser, your IP address is visible to websites, online services, and threat actors who can use that information against you for tracking and other privacy-invading actions.
At the same time, IP addresses are also necessary for things like traffic routing and fraud prevention.
Also: Cybersecurity 101: Everything on how to protect your privacy and stay safe online
According to the introduction to IP Protection (formerly Gnatcatcher), “As browser vendors make efforts to provide their users with additional privacy, the user’s IP address continues to make it feasible to associate users’ activities across origins that otherwise wouldn’t be possible. This information can be combined over time to create a unique, persistent user profile and track a user’s activity across the web, which represents a threat to their privacy. Moreover, unlike with third-party cookies, there is no straightforward way for users to opt out of this kind of covert tracking.”
The goals of IP Protection are (according to the official proposal):
- To improve user privacy by hiding users’ IP addresses so they cannot be used as a tracking vector.
- To minimize disruption to the normal operations of servers (until there is an alternative solution).
Also: What is phishing? Everything you need to know to protect yourself from scammers
The core requirements of IP Protection are:
- To prevent the destination origin from seeing the client’s original IP address.
- The proxy and intermediaries cannot view the contents of the client’s traffic.
Initially, IP Protection will be an opt-in feature, so users have complete control over whether they want to obfuscate their IP address from third parties. To accommodate regional considerations and ensure a shallow learning curve, IP Protection will be rolled out in stages; the first of which, dubbed Phase 0, will have Google proxying requests to its own domains. This will continue until Google has had plenty of time to fine-tune the affected domain list. Initially, only US-based IP addresses will be able to access those proxies.
In the next phases, Google plans on using a two-hop approach to improve privacy. The first hop will be maintained by Google, while the second hop is planned for an external CDN (Content Delivery Network).
Security concerns
Google also explained there are some concerns about this new effort. The first issue is that the service could make it difficult for various services (such as fraud prevention) to block Dynamic Denial of Service (DDoS) attacks. On top of that, if even one of Google’s proxy servers is compromised, the attacker would then be capable of manipulating traffic passing through it.
Also: How to find and remove spyware from your phone
Because of these possible issues, Google is considering a user authentication feature for the proxy to help mitigate DDoS attacks.
You can read more about Google’s IP Protection proposal.