this post was submitted on 23 Oct 2023
122 points (85.1% liked)

Technology

59381 readers
2894 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Google will soon start testing a new ‘IP protection’ feature for Chrome users, offering them greater control over their privacy. The tech giant the upcoming feature prevents websites from tracking users by hiding their IP address using proxy servers owned by Google.

To give you a quick recap, IP address is a unique numerical identifier that can be used to track a user’s geographical location and is used by advertisers to track a user’s browsing habits, see which websites they visit and provide personalized ads.

According to Google, the IP protection feature will be rolled out in multiple stages, with Phase 0 redirecting domains owned by Google (like Gmail) to a single proxy server. The company says the first phase will allow them to test its infrastructure and only a handful of users residing in the US will be enrolled.

Google also said that the upcoming IP protection feature will be available for users who have logged in to Chrome. To prevent misuse the tech giant will be implementing an authentication server that will set a quota for every user.

In the following phases, Google will start using a 2-hop proxy system, which essentially redirects a website’s request to a Google server that will again be redirected to an external CDN like Cloudflare.

While the IP protection feature might enhance user privacy, the tech giant has clarified that it is not a foolproof system. If a hacker is able to gain access to Google’s proxy server, they will be able to analyse all traffic passing through the network and even redirect users to malicious websites.

Since most of Google’s revenue comes from tracking users across the internet and offering them personalized ads, it will be interesting to see how the company strikes a balance between user privacy and revenue generation.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 8 points 1 year ago* (last edited 1 year ago) (1 children)

You can't MITM HTTPS with a VPN unless the browser accepts an insecure certificate. And that can't be done without being detected; and the security community would raise seven shades of hell.

Google has actually helped build the infrastructure that (in a public, provable way that Google can't subvert) makes it impossible to get away with MITM in this manner. It's called Certificate Transparency.

Put another way: Google wants other big companies and governments to use Chrome and Android. If Google started MITMing traffic like you suggest, no corporation or government would ever touch their products again. So they've built infra that lets them prove they don't.

They could use this to get more accurate figures about the popularity of different sites or services by IP and port. But they don't need to; they have search.

[–] [email protected] 5 points 1 year ago (1 children)

You can't MITM HTTPS with a VPN unless the browser accepts an insecure certificate.

Yes, but the browser is Chrome and this is a feature built into Chrome.

[–] [email protected] 4 points 1 year ago (1 children)
[–] [email protected] 2 points 1 year ago (1 children)

I tend to agree with the trust argument. Google wants people to rely on Web technology and Google products and allowing MITM - or failing to prevent - goes against Google's interest.

I don't buy the technical argument at all. Google could terminate the TLS connection at the proxy and communicate with the browser on a proprietary encrypted channel. Chrome could easily show a green padlock item and certificate details as seen by the proxy. The whole thing could be open source and transparent. A minority of users will disable the feature; many will accept it. Corporates can be bought by allowing to opt out for 'sensitive' servers.

[–] [email protected] 7 points 1 year ago

They could just rewrite Chrome to send all your passwords in clear text to Mountain View too ... but not without security people noticing. That's my point. The behavior of browsers is not secret.