Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Google Chrome IT

Google Chrome's New 'IP Protection' Will Hide Users' IP Addresses (bleepingcomputer.com) 131

Google is getting ready to test a new "IP Protection" feature for the Chrome browser that enhances users' privacy by masking their IP addresses using proxy servers. From a report: Recognizing the potential misuse of IP addresses for covert tracking, Google seeks to strike a balance between ensuring users' privacy and the essential functionalities of the web. IP addresses allow websites and online services to track activities across websites, thereby facilitating the creation of persistent user profiles. This poses significant privacy concerns as, unlike third-party cookies, users currently lack a direct way to evade such covert tracking.

While IP addresses are potential vectors for tracking, they are also indispensable for critical web functionalities like routing traffic, fraud prevention, and other vital network tasks. The "IP Protection" solution addresses this dual role by routing third-party traffic from specific domains through proxies, making users' IP addresses invisible to those domains. As the ecosystem evolves, so will IP Protection, adapting to continue safeguarding users from cross-site tracking and adding additional domains to the proxied traffic. "Chrome is reintroducing a proposal to protect users against cross-site tracking via IP addresses. This proposal is a privacy proxy that anonymizes IP addresses for qualifying traffic as described above," reads a description of the IP Protection feature. Initially, IP Protection will be an opt-in feature, ensuring users have control over their privacy and letting Google monitor behavior trends.

This discussion has been archived. No new comments can be posted.

Google Chrome's New 'IP Protection' Will Hide Users' IP Addresses

Comments Filter:
  • Oh yes! (Score:5, Insightful)

    by dskoll ( 99328 ) on Monday October 23, 2023 @12:22PM (#63946181) Homepage

    Hey buddy! Enhance your privacy by running all of your Web browsing traffic through Google-owned proxy servers. Yeah... yeah, that's the ticket!

    • Hey buddy! Enhance your privacy by running all of your Web browsing traffic through Google-owned proxy servers. Yeah... yeah, that's the ticket!

      You should read the article.

      The scheme is modeled on a similar one that Apple deployed a couple of years ago. It uses two proxies, operated by different companies (though I think Apple operates both in their scheme). The idea is pretty simple. It uses two proxies in sequence. The first sees your origin IP, but doesn't see your destination, the second one sees your destination but not your origin. And of course the destination site also doesn't see your origin, and neither of the proxies see any of the tra

      • Whose CDN?

        While the TLS part is good, as long as they retain the ability to associate URLs and other stuff in the original request headers, they are still positioned as a central source of info on browsing habits.
        I am quite sure that they won't introduce so much privacy as to break existing features in Google Analytics or keyword buying.

        Color me skeptical that this will not increase their control over data on browsing habits, no matter what the technical implementation is.

        • Whose CDN?

          The article doesn't say.

          While the TLS part is good, as long as they retain the ability to associate URLs and other stuff in the original request headers

          URLs and other stuff in the original request headers are all encrypted by TLS, so none of that will be available to the proxies.

          I am quite sure that they won't introduce so much privacy as to break existing features in Google Analytics or keyword buying.

          Google Analytics runs on the server end (the server of the site you're visiting). The proxy scheme will prevent Google Analytics from using your source IP to do analysis, but nothing else would change. And I can't see how this could have any impact on keyword buying for Google's search engine at all.

          Color me skeptical that this will not increase their control over data on browsing habits, no matter what the technical implementation is.

          I understand the skepticism, but I think it's misplaced, pa

        • by SirSlud ( 67381 )

          Google doesn't need your IP (or headers for that matter) for browsing habits. All their tracking is on server side, tracked via cookies. You can turn them off, and Googles fine with that. A bazillion people don't. They don't need fallbacks.

          Anybody who is using IP for tracking is shifty by definition. Not Google/ReputableBusiness shifty, but shifty shifty. These are endpoints that say, "okay, so you're denying cookies? too bad, we've got your IP, we're still going to track you, very much against your wishes

          • by SirSlud ( 67381 )

            (Obviously the cookies are client side, I just mean the destinations, both publisher sites and google search, are doing all the tracking /w google .. with the cookie identifying the end user)

      • by GlennC ( 96879 )

        Assuming the two proxies don't collude.

        Somehow this strikes me as a rather bold assumption.

        • Assuming the two proxies don't collude.

          Somehow this strikes me as a rather bold assumption.

          It's one that's easy to prevent, and it's easy to audit the prevention.

      • Bottom line, no one can track you by looking at your traffic. Assuming the two proxies don't collude.

        Given that this is Google we're talking about, I don't think you can assume the lack of collusion.

        Google would have lots of plausibly-deniable ways to monetize that information without revealing where they got it.

        Apple, not so much, which is why I would trust their proxying system over one from Google.

        • Bottom line, no one can track you by looking at your traffic. Assuming the two proxies don't collude.

          Given that this is Google we're talking about, I don't think you can assume the lack of collusion.

          I don't think this is true, but your perception is certainly a common one. I expect Google to employ third-party auditing to prove that no collusion is possible.

          • Re:Oh yes! (Score:5, Insightful)

            by beuges ( 613130 ) on Monday October 23, 2023 @02:32PM (#63946731)

            Why isn't Google operating the second proxy instead? Because by operating the first one, they are already in control of the browser, and they can track all of the connections coming in to the proxy. They have to know the destination by definition, (so they can tell the second proxy where to terminate the connection). So *they* will know which sites *you* are visiting... and you can safely assume that they are going to mine the fuck out of that data.

            So Facebook can't correlate IP addresses to users any more because they're anonymized, but Google still knows that *you* are visiting Facebook, and they will slurp that up and store it forever.

            Given that this is Google we're talking about, you can absolutely guarantee that this new change is designed 100% for Google's benefit, minimally for the end-user's benefit, and 100% for the detriment of their competition. They don't have to collude with anyone because they have set it up so they see everything anyways. Collusion only benefits the destination website, so Google has no interest in colluding because doing so dilutes Google's monopoly over your browsing data.

            *Every* feature that Google introduces or change that Google has proposed to any standard, has all been driven by Google's desire to own the entire internet, just so they can shove ads down your throat. A Google-less internet would be infinitely better for everyone.

            • This is how Google will get around the restrictions on third party cookies that browsers are adding. We all knew that Google had a way round it planned when they announced it for Chrome and at the same time said it wouldnt have an effect on their advertising model.

            • by AmiMoJo ( 196126 )

              The first proxy doesn't need to know the URL at all. It just has to pass an encrypted request to the second proxy. Only the second proxy can decrypt the URL in order to fetch it, but can only see the first proxy's IP address.

              • This whole conversation is surreal - we are talking about doing this *in chrome*. Google doesn't need the proxy, it's their browser.
                • by beuges ( 613130 )

                  The point is that Google is making this out to be a great privacy feature for end-users, when Google still can track you just fine - it's a smokescreen.

                  The reason Google is doing this is because it hurts their competitors, makes it harder for their competitors to track and profile users, and therefore makes Google's profiles much more attractive, so they can make their ads more expensive.

                  In isolation, Google is not necessarily any better off for doing this, but their competitors are now worse off, which is

                • by AmiMoJo ( 196126 )

                  How would the browser hide its IP address from the CDN?

            • If Google actually knew anything, they would know that I do not buy things because an advertisement was shoved in my face. Almost everything that is advertised is about things I do not need.

              It seems clear that advertising drives consumer spending; however, you would think that it would be recognized that I am not a consumer. I don't need any of the lifestyles they offer.

              So why constantly harass me?

      • by dskoll ( 99328 )

        neither of the proxies see any of the traffic content

        Therein lies the problem. Google controls Chrome. What's to stop it from inserting a root certificate in Chrome that lets its proxy MITM all your web browsing traffic?

        Basically, the security of this scheme, whether from Google or from Apple, comes from "Trust us."

        If Google were serious about privacy, they'd add (optional) support for TOR directly in Chrome. TOR already exists and is not controlled by Google or Apple.

        • Because someone would find out, like they did with Bluecoat in 2006, only more quickly, and with less effort because all certificates are now publicly indexed upon signing.

          This is why, when you have LetsEncrypt sign a certificate, you instantly get probed from around the globe. Hint: always harden your systems and test them using privately signed certificates internally (or with restrictive access lists) before exposing them to the entire internet.

          • by dskoll ( 99328 )

            How would they find out? Based on what the Chrome UI reports as the certificate in use?

            No way Google could manipulate that...

            You're right in that eventually someone would find out. And the ensuing outrage would reduce the usage of Chrome by about 0%.

      • You should read the article.

        The scheme is modeled on a similar one that Apple deployed a couple of years ago. It uses two proxies, operated by different companies (though I think Apple operates both in their scheme). The idea is pretty simple. It uses two proxies in sequence. The first sees your origin IP, but doesn't see your destination, the second one sees your destination but not your origin. And of course the destination site also doesn't see your origin, and neither of the proxies see any of the traffic content, since it's TLS-encrypted.

        "We are *CONSIDERING using 2 hops for improved privacy. A second proxy would be run by an external CDN, while Google runs the first hop."

        https://github.com/GoogleChrom... [github.com]

        * Emphasis added. Firefox said they would ask first before they went ahead with their DoH scheme. Turns out the asking first was a dark pattern dialogue followed by removing the notification entirely on new installs once media attention died down.

        Here we don't even have a commitment it's a we'll THINK ABOUT IT and get back to you.

    • Thankfully, TFA notes it's Opt-In.

    • by xeoron ( 639412 )
      Doesn't Opera do this for their VPN?
  • Sounds like... (Score:4, Insightful)

    by ThePawArmy ( 952965 ) on Monday October 23, 2023 @12:24PM (#63946193)
    Don't let those evil bastards on the internet track you! Let our evil bastards track you instead.
    • by dskoll ( 99328 )

      I opened an issue on Github. Please read, upvote and comment on it. [github.com]

    • by AmiMoJo ( 196126 )

      It's sad that people hate Google so much that they will dismiss a useful privacy enhancement as some kind of illegal conspiracy.

      They even made it an open source, you can do your own build to compare to their binary.

      • by HiThere ( 15173 )

        That's not based on hate, its' based on lack of trust. And why should people trust Google?
        Making it open source is a good answer, but not a complete answer. That means that you can verify that it does what they claim it does, but it doesn't mean that what they claim it does enhances security. I don't trust my expertise enough in either area to say that it enhances security, but most of the criticism is along the lines of "I assume that it does what they say, but I also assume that their approach lets the

      • It's sad that people hate Google so much that they will dismiss a useful privacy enhancement as some kind of illegal conspiracy.

        Hard to take seriously the notion centralizing information improves privacy for anyone. This is just more of the same like Firefox's harebrained DoH scheme in which everyones browsing history is routed thru one large company without asking and trying to pass it off as a a privacy feature.

        They even made it an open source, you can do your own build to compare to their binary.

        Is the Chrome browser now open source? If so this would be news to me.

        • by AmiMoJo ( 196126 )

          So you didn't even bother to find it what it is, you just assumed it centralises information.

          Chrome is open source. That's why there are so many chrome based browsers.

          • So you didn't even bother to find it what it is, you just assumed it centralises information.

            I read the following URL:
            https://github.com/GoogleChrom... [github.com]

            Is there additional information I'm missing? Is there a more authoritative source of information? To me reads like an open ended document describing things they MAY choose to do. I've read nothing that gives me confidence this isn't just yet another data collection scheme.

            Chrome is open source. That's why there are so many chrome based browsers.

            Chrome is NOT open source. Chrome based browsers are based on Chromium not Chrome. The source code for Chrome is unavailable.

            • by AmiMoJo ( 196126 )

              So did you simply not understand the meaning of

              We are considering using 2 hops for improved privacy. A second proxy would be run by an external CDN, while Google runs the first hop. This ensures that neither proxy can see both the client IP address and the destination. CONNECT & CONNECT-UDP support chaining of proxies.

              Because that directly contradicts your claim about it being centralized. It's designed from the ground up to prevent the proxies becoming centralized points that can collect your data.

              The

              • Because that directly contradicts your claim about it being centralized.

                You are not normally this stupid. Did you hit another blind spot for yourself? How does adding a second proxy decentralize anything? EVERYTHING is still going through the first proxy.

                • by AmiMoJo ( 196126 )

                  If you bothered to actually read the proposal you would see that it's not "a proxy", it's a variety of proxies operated by many different organizations. In other words, decentralized. You can run your own if you like.

                  And since each proxy in the chain can't see the encrypted data for the other proxy, what little information they can gather is worthless.

                  • If you bothered to actually read the proposal you would see that it's not "a proxy", it's a variety of proxies operated by many different organizations. In other words, decentralized. You can run your own if you like.

                    You are misinformed.

                    In all cases this is a proxy where traffic is routed thru Google. *SHOULD* Google decide to chain their proxy server with servers in other administrative domains it will still be true that all traffic is still centrally routed thru Google. What changes is instead of the traffic exiting to the Internet from Google it exits from a different administrative domain.

                    In no scenario is traffic not centralized thru Google.

                    And since each proxy in the chain can't see the encrypted data for the other proxy, what little information they can gather is worthless.

                    When browsing public sites the ability to determine exact URLs visited ca

                    • by AmiMoJo ( 196126 )

                      Incorrect. The first proxy in the chain can be provided by anyone. Google will initially provide them for the first test of the feature, but the plan is for it to be more like public DNS, where you have a choice of multiple providers and there is network discoverability.

                      Who actually provides the first proxy doesn't really matter though, because all it can do is pass encrypted traffic on to a CDN. It can't be used to gather any useful information about the user, by design.

                      If your paranoid delusions were corr

                    • Incorrect. The first proxy in the chain can be provided by anyone. Google will initially provide them for the first test of the feature, but the plan is for it to be more like public DNS, where you have a choice of multiple providers and there is network discoverability.

                      What plan? Where is this coming from? Cite your source. None of this is stated in any of the references or IP-Protection document. Is this being worked within the framework of a standards organization to build industry consensus or is this just Google going it alone?

                      If the ability to choose or disable centralized control and collection works anything like Firefox's Cloudflare DoH scheme then the real world implication will be traffic silently routed through "Google" "for your own good" and the technical

              • So did you simply not understand the meaning of
                Because that directly contradicts your claim about it being centralized.

                Enough of your gaslighting I can fucking read. If you have a substantive objection state specifically what that is you are asserting with supporting evidence. Don't repeat the same text and claim I don't understand what the paragraph means.

                "while Google runs the first hop" fits the definition of centralization. Traffic of billions? routed through one ASN **IS** centralization and there is no way around it. You can argue the sky is green with orange Polka dots all day long, it doesn't make it so.

                "We are

      • by dskoll ( 99328 )

        This privacy-enhancement already exists. It's called Tor [wikipedia.org]. If Google really cared about privacy, it'd make Chrome natively support Tor and give you the option to enable use of Tor.

        But Google didn't do that. They want you to go through a proxy Google controls.

        • by AmiMoJo ( 196126 )

          Tor doesn't scale well, that's the problem. Adding hundreds of millions of new users overnight would break it. Plus, there is purposefully no way to vet the endpoint operators. If you take your tinfoil hat off for a moment, you will realize that carefully choosing proxy operators is quite important.

          • by dskoll ( 99328 )

            My tinfoil hat stays snugly on my head where Google is concerned.

            Google could take the budget it plans to spend on its proxy servers, donate 75% of it to Tor to improve its infrastructure, and everyone would be better off.

  • hmm (Score:5, Insightful)

    by hawk ( 1151 ) <hawk@eyry.org> on Monday October 23, 2023 @12:24PM (#63946195) Journal

    now let's think.

    What is the #1 company I want to not be tracking me?

    hmm.

    Yeah, let's route my traffic through it . . .

    hawk

  • by Frobnicator ( 565869 ) on Monday October 23, 2023 @12:28PM (#63946219) Journal

    Initially, IP Protection will be an opt-in feature

    The word "initially" there scares me.

    Proxies and relays used voluntarily are wonderful and can do many amazing things. They can also be used to hide and obscure many terrible things. Relaying information through a third party comes with quite a long list of benefits and drawbacks, and for some situations they can be amazing.

    Proxies and relays used involuntarily are unacceptable. The potential for abuse and misuse is too great. They create a MITM vulnerability, and anything other than a specific, intentional, revocable opt in is not okay. Creating a MITM vulnerability should not be opt out.

    • Great an extended and long list of items to go through before making an connection, does not remind me a pac file at all. Honesly if makes the address bar backround orange when chooses this path, I am fine with it. 95% of the traffic will be xvideo anyways.
    • and will mess up sites with ip based security lockout

      • Now we will all need 3 factor sign on security and acceptable use sign off on tracking cookies to get a weather report. Honestly it makes googles position marginally more profitable. Could be zscaler or google as the internet overlord, do not really care at this point.
    • They create a MITM vulnerability

      This is incorrect.

      Proxies cannot create a MITM vulnerability. Proxies could exploit a MITM vulnerability if one existed, but in the case under discussion all of the traffic would be TLS-encrypted, end to end. There is no vulnerability to exploit, so the proxies can't exploit it.

      Note that this is often not the case in the corporate world. In that world, IT often sets things up so that the TLS connection from the browser terminates at the proxy server. To make that work, the proxy server needs to be able

      • > Proxies cannot create a MITM vulnerability. Proxies could exploit a MITM vulnerability if one existed, but in the case under discussion all of the traffic would be TLS-encrypted, end to end. There is no vulnerability to exploit, so the proxies can't exploit it. Yes, but they wouldn't need a vulnerability. They'd just abuse a root cert they ship with their browser.
        • Proxies cannot create a MITM vulnerability. Proxies could exploit a MITM vulnerability if one existed, but in the case under discussion all of the traffic would be TLS-encrypted, end to end. There is no vulnerability to exploit, so the proxies can't exploit it.

          Yes, but they wouldn't need a vulnerability. They'd just abuse a root cert they ship with their browser.

          Which would be instantly detected by people all over the world. That sort of thing is super obvious.

      • by Pieroxy ( 222434 )

        Proxies cannot create a MITM vulnerability.

        In this case, Google owns both the browser and the proxy. They don't need MITM anything, they already have all the unencrypted data from the browser.

        Google also owns a certification authority. Nothing prevent the proxy to decrypt the https packets and re-encrypt it with their own cert chain, valid to the browser.

        When you own the browser, you can do literally anything.

        • Proxies cannot create a MITM vulnerability.

          In this case, Google owns both the browser and the proxy. They don't need MITM anything, they already have all the unencrypted data from the browser.

          Google also owns a certification authority. Nothing prevent the proxy to decrypt the https packets and re-encrypt it with their own cert chain, valid to the browser.

          That would be trivially-detectable, and would be immediately noticed by lots of people.

          When you own the browser, you can do literally anything.

          Yes, absolutely, if Google is willing to modify the browser and have it send all the user's data directly to them, they can do that without any of this proxy business. Of course, it would also be detected that the browser was sending a bunch of additional, unexplained, data to Google, but it would be hard to tell exactly what.

      • by lsllll ( 830002 )

        But in Google's scheme (as in the similar one deployed by Apple a couple years ago), the TLS connection is end to end, between browser and destination server, and the proxies just pass encrypted messages that, by definition, they can't read.

        Yeah, until Google inserts a root certificate in its browser that its proxy server can use to decrypt the data and do a handshake with the destination on your behalf, just like Bluecat in the corporate world. Hell, the root cert it inserts doesn't even have to show up in the list of certificates. It can be hard-coded right into the code.

        • But in Google's scheme (as in the similar one deployed by Apple a couple years ago), the TLS connection is end to end, between browser and destination server, and the proxies just pass encrypted messages that, by definition, they can't read.

          Yeah, until Google inserts a root certificate in its browser that its proxy server can use to decrypt the data and do a handshake with the destination on your behalf, just like Bluecat in the corporate world. Hell, the root cert it inserts doesn't even have to show up in the list of certificates. It can be hard-coded right into the code.

          That would be trivially detectable, and many people around the world would notice and raise a stink.

    • by wakeboarder ( 2695839 ) on Monday October 23, 2023 @03:03PM (#63946849)
      There is always firefox
      • by AmiMoJo ( 196126 )

        Mozilla will probably have to release something similar once Google does. People who understand what this feature does are going to want it. Firefox does a lot to prevent tracking, but has no defence against IP based attacks.

        • I'm fine with mozilla having a feature like this, they don't have a monopoly on digtial advertising.
        • Mozilla will probably have to release something similar once Google does. People who understand what this feature does are going to want it.

          What year is this? Anyone who cares about concealing their IP already has a VPN or uses an overlay network. This harebrained scheme would not even prevent sites from obtaining IP data by other means (e.g. WebRTC)

          Firefox does a lot to prevent tracking, but has no defence against IP based attacks.

          Firefox does more than Chrome. Third party tracking stopped being a thing by default with Firefox years ago while Chrome stumbles about in a drunken stupor mumbling incoherently about sandboxes.

          • by AmiMoJo ( 196126 )

            A VPN hides your IP address from your ISP. The website sees a shared IP address, but that is already common thanks to CGNAT. The website can still use that IP address to track you, along with other metrics.

            Google's system of using two proxies means that the IP address you use to access a website will be constantly changing.

  • No. (Score:4, Insightful)

    by Fly Swatter ( 30498 ) on Monday October 23, 2023 @12:33PM (#63946251) Homepage
    This breaks the idea of a 'free and open' internet. Why do I want a third party seeing all my traffic that has no fucking business seeing it at all?

    If this is on by default, Monopoly Abuse teams at the government should be getting out the boom stick.
    • Why do I want a third party seeing all my traffic that has no fucking business seeing it at all?

      The whole point of this scheme is that no one will see your traffic (because TLS), and with the dual-layer proxies no one can connect your source IP and your destination.

      Right now, the way it works is something like:

      • * Your browser knows it's own IP and the destination IP, and has access to plaintext of the request and response.
        * Your ISP sees your IP and your destination IP, but not the content of request and response (because TLS).
        * Other hops along the way see the same things as your ISP.
        * The dest
      • First, if Google owns all the proxies, they have all the information about all the traffic, even if there are multiple hops in the path. Second, this proxy will likely be trusted by Chrome, therefore Google could easily implement MITM decrypting the web traffic flowing through it, for some "technical optimization reasons", such as load balancing or QoS - I'm sure they could come up with a good story for that.

        However, even without decrypting the traffic, having all of your traffic allows them to know exac
    • by SirSlud ( 67381 )

      Slashdot, a place for people who don't understand how the internet works

      • by mssymrvn ( 15684 )

        Oh, how I wish I had mod points for parent.

        Who cares about seeing your traffic? Google /owns the browser/. They see all of your history and activity. All this scheme does is prevent parties /other than Google/ from seeing your traffic.

    • by AmiMoJo ( 196126 )

      Modded +1 Didn't Read TFA But It's A Rant About Google.

  • Curious... (Score:5, Insightful)

    by TwistedGreen ( 80055 ) on Monday October 23, 2023 @12:34PM (#63946259)

    I'm increasingly of the opinion that the entirety of Google's push for "privacy" is actually to safeguard its own market position and ensure no other players are able to threaten it...

    • That's a rather charitable opinion of their behavior.

      Personally I feel as though they're under contract with at least one government to provide web data on citizens.

      • That's a rather charitable opinion of their behavior.

        Personally I feel as though they're under contract with at least one government to provide web data on citizens.

        I enjoy the conspiracy theories out there about Google's early days. There's some really thorough run-throughs of how the US essentially funded the start-up, with the explicit instruction to gather as much data as possible, and keeping that data in easily read formats. While I usually ascribe this type of nonsense to cray-cray fringers, over the years the Google start-up stories are starting to sound kinda plausible. Not to say they're true, but it wouldn't be some "OMG" moment if you were to find out there

      • by HiThere ( 15173 )

        On what basis do yo limit that to "citizens"? Numerous governments have "persons of interest" that are not citizens of those governments.

    • by taustin ( 171655 )

      You just figured that out?

    • I'm increasingly of the opinion that the entirety of Google's push for "privacy" is actually to safeguard its own market position and ensure no other players are able to threaten it...

      How do you think this proxy scheme does that? The dual proxy setup prevents Google from getting any additional information about web traffic.

      • by HiThere ( 15173 )

        That's a very good question. I can't answer it, but I also suspect that it's an enabler...possibly by making Google the exclusive source for the information. This is purely based on distrust of Google based on their actions over the last couple of decades, and has nothing to do with this particular action.

    • by Tyr07 ( 8900565 )

      It's the same thing Apple does with all their 'privacy'. It's the lock the data and safeguard their own market position.

    • I'm increasingly of the opinion that the entirety of Google's push for "privacy" is actually to safeguard its own market position and ensure no other players are able to threaten it...

      This became semi-obvious back in 2008. It is a guarantee now.

  • by oldgraybeard ( 2939809 ) on Monday October 23, 2023 @12:35PM (#63946267)
    in the Hen House!
  • "New hires at Google starting 2025 will be microchipped by our experienced experts* to ensure their safety from co-ercion and kidnapping whilst working from home. As the minds behind previous similar security initiatives senior management are highly confident the most enthusiastic and career minded Googlers will be eager to be that bit closer to the company. Google would like to thank the hard working staff for their continued efforts in reducing adblock usage, and we recognise a 0.15 drop across immediate

  • Will this use a SSL certificate that claims to be the destination server, decrypt the HTTPS traffic and re-encrypt it, and send it on to the destination? Will they log all traffic?

    This reads like a law enforcement wet dream... send a subpoena (or not!) and get everyone's traffic.
  • My company forbids me from running Brave because "Brave have internal VPN that can be activated and bypass enterprise policies."

    I doubt they will allow Chrome if this is activated and they cannot deactivate it using group policies or registry keys.

    • I'm positive it will be something you can disable in the enterprise.

      • We have been enforcing it via multiple clients in the name of security and proxy pac files for dozens of years in the enterprise. None of thousands of customers cared one bit until it broke. If one wants to personally outsource to a free proxy for certain sites, you have given away your privacy and client access records, just be aware and google should be 100% transparent. Turning the address bar background orange is the customization I will make to chrome when going via a proxy.
    • IT can force Edge on if you'd like.

    • My company forbids me from running Brave because "Brave have internal VPN that can be activated and bypass enterprise policies."

      I doubt they will allow Chrome if this is activated and they cannot deactivate it using group policies or registry keys.

      They give enterprises the key to the data their scraping so they can scold employees for internet misuse on the company dime. It's a control freak's wet dream come true!

    • There is still Firefox. Although it can have Mozilla VPN, it's not just a switch, but an extension, and depending on the country you live, it's not even available.

  • I think it's so great all the other ad trackers out there will have difficulty competing with google now.

    All hail our google overlords!

  • I fully trust the wolf to protect me from the sheep.

  • Firefox FFS (Score:4, Insightful)

    by brickhouse98 ( 4677765 ) on Monday October 23, 2023 @02:33PM (#63946735)
    If all the crap Google is pulling still hasn't convinced you to just use Firefox, I'm not sure what will.
  • This isn't just to allow Google to slurp up more data (although it's definitely doing that as well). This is to make it so that no one other than Google knows who's visiting your site. I wonder if some of this data will be available to companies if they use Google Analytics.
  • by wakeboarder ( 2695839 ) on Monday October 23, 2023 @03:04PM (#63946853)
    does google get to obfuscate the user, they are the only ones that can track them. This would be huge for google.
  • Carefully watch your root certs. This is the perfect place to install some "for the children" labeled MITM attack.
  • by rlwinm ( 6158720 ) on Monday October 23, 2023 @04:10PM (#63947087)
    One more thing to turn of periodically when I use Chrome. I already turn off DNS-over-HTTP, QUIC, and HTTP/2. I wonder if Chromium builds have all this Google nonsense. Google and Apple are some of the companies I trust the least! I think that's true for many, many people. Yet they act as if they are the trustworthy entities in peoples' lives.

    I certainly don't want the government to get involved in regulating big tech -- that just makes it harder for little guys to innovate and the big tech companies will find workaround anyhow. The better solution is for people to stop using big tech as much as possible. The Internet is looking more and more like the 1970s phone network. And that's exactly where we don't want to be!
    • by AmiMoJo ( 196126 )

      Why do you disable privacy and security enhancements like DoH and HTTP/2? Do you like being tracked more easily?

      HTTP/2 in particular makes it much harder for your ISP and any other man-in-the-middle to see which websites you are connecting to. Without it, the initial request to the server doesn't encrypt the domain name.

      • Why do you disable privacy and security enhancements like DoH and HTTP/2? Do you like being tracked more easily?

        Or asked in a slightly different way.. Why don't you want a single large corporation to know all of your browsing history? What's wrong with you?

        HTTP/2 in particular makes it much harder for your ISP and any other man-in-the-middle to see which websites you are connecting to. Without it, the initial request to the server doesn't encrypt the domain name.

        You are either misinformed or have inadvertently confused HTTP/2 with HTTP/3.

        • by AmiMoJo ( 196126 )

          Or asked in a slightly different way.. Why don't you want a single large corporation to know all of your browsing history?

          What does that have to do with this story? Nothing. In fact the whole point of it is to prevent any single corporation knowing your browsing history.

          • What does that have to do with this story? Nothing. In fact the whole point of it is to prevent any single corporation knowing your browsing history.

            I was merely responding to YOUR statement "Why do you disable privacy and security enhancements like DoH and HTTP/2? Do you like being tracked more easily?".

            I simply rephrased YOUR question to be more accurate and less misleading clarifying your assertions regarding HTTP/2 are factually incorrect. If you now believe that your own question is now irrelevant then I'm not going to argue that point.

            For me the relevance of DoH is establishing a history of corporations inventing new excuses for centralized data

  • by rlwinm ( 6158720 ) on Monday October 23, 2023 @04:21PM (#63947123)
    Other than catering to fear for the goal of giving Google even more control over users - what is the issue with an IP address being out there? Other than people who get their knowledge about the Internet from TV and movies - what's the big deal? Ooh, so you got my IP address. Big deal. What can you do with it? Most IPs are dynamic. And even if it is somewhat consistent, with NAT it doesn't uniquely identify a user nor is it something you can translate to a physical address (without a court order).

    For those who fear something like a court order (there are legitimate cases for this) then use Tor and do whatever you are doing from some public place that offers WiFi and choose random MAC addresses periodically. Otherwise this means nothing. Oh and be sure to run the browser from a container or VM and wipe that periodically.

    But Google's offer of privacy is completely useless.
  • by Opportunist ( 166417 ) on Monday October 23, 2023 @04:36PM (#63947173)

    Rejoice! No webpages can track you anymore!

    We now do that centralized from our proxies. Instead of every webpage knowing that you visit them, we now know all the webpages you visit. That's way better!

    Huh? No, not for you, but for us.

  • by Mononymous ( 6156676 ) on Monday October 23, 2023 @04:57PM (#63947255)

    It doesn't come preinstalled on any OS (except Chrome OS, and the crippled mobile version on Android).
    And aren't the people who know how to install a browser the same people who know what's wrong with Chrome?
    So how are there so many millions of Chrome users?

  • It runs faster and it doesn't block Youtube adblockers. Pass it on.

Kiss your keyboard goodbye!

Working...