in

Google Chrome is testing a new feature to automatically hide users’ IP addresses

<!–>

DrAfter123/Getty Images

When you use your browser, your IP address is visible to websites, online services, and threat actors who can use that information against you for tracking and other privacy-invading actions. 

At the same time, IP addresses are also necessary for things like traffic routing and fraud prevention.

Also: Cybersecurity 101: Everything on how to protect your privacy and stay safe online

As first reported by Bleeping Computer, according to the introduction to IP Protection (formerly Gnatcatcher), “As browser vendors make efforts to provide their users with additional privacy, the user’s IP address continues to make it feasible to associate users’ activities across origins that otherwise wouldn’t be possible. This information can be combined over time to create a unique, persistent user profile and track a user’s activity across the web, which represents a threat to their privacy. Moreover, unlike with third-party cookies, there is no straightforward way for users to opt out of this kind of covert tracking.”

–>

The goals of IP Protection are (according to the official proposal):

  • To improve user privacy by hiding users’ IP addresses so they cannot be used as a tracking vector.
  • To minimize disruption to the normal operations of servers (until there is an alternative solution).

Also: What is phishing? Everything you need to know to protect yourself from scammers

The core requirements of IP Protection are:

  • To prevent the destination origin from seeing the client’s original IP address.
  • The proxy and intermediaries cannot view the contents of the client’s traffic.

Initially, IP Protection will be an opt-in feature, so users have complete control over whether they want to obfuscate their IP address from third parties. To accommodate regional considerations and ensure a shallow learning curve, IP Protection will be rolled out in stages; the first of which, dubbed Phase 0, will have Google proxying requests to its own domains. This will continue until Google has had plenty of time to fine-tune the affected domain list. Initially, only US-based IP addresses will be able to access those proxies. 

In the next phases, Google plans on using a two-hop approach to improve privacy. The first hop will be maintained by Google, while the second hop is planned for an external CDN (Content Delivery Network).

Security concerns

Google also explained there are some concerns about this new effort. The first issue is that the service could make it difficult for various services (such as fraud prevention) to block Dynamic Denial of Service (DDoS) attacks. On top of that, if even one of Google’s proxy servers is compromised, the attacker would then be capable of manipulating traffic passing through it.

Also: How to find and remove spyware from your phone

Because of these possible issues, Google is considering a user authentication feature for the proxy to help mitigate DDoS attacks.

You can read more about Google’s IP Protection proposal.


Source: Information Technologies - zdnet.com

FCC approves access to faster 6GHz band for AR and VR headsets

Would you pay a buck to Tweet? X takes a step toward paywall