Google is testing ‘IP Protection’, a feature for Chrome that sends third-party traffic for a set of domains through proxies to mask their IP addresses, thereby boosting privacy by fighting IP-based covert tracking.
IP Addresses
An IP address can be explained as being like a home address for your computer or device on a network. It’s a unique numerical identifier that helps in sending and receiving information correctly over the internet or local networks. Each device on a network has a unique IP address, which helps in identifying it among all the other devices. For example, just as the post office needs a physical address to deliver your post to the right house, computers use IP addresses to send and receive information to and from the right devices. Typically, your IP address is the one given to your router and is given by your ISP and although not permanently assigned, it tends to stay the same until you disconnect or turn the router off.
What’s The Problem With IP Addresses?
As useful as an IP address can be in acting as your identifier on the network, it can also be misused when used as an identifier for anyone who wants to covertly track you across multiple websites. For example, because your IP address is unique to your internet connection at that moment, when you visit a website, it sees your IP address and can remember it. If you go to another website, that site can also see your IP address. If both websites share data (like through ads or tracking services), they can ‘connect the dots’ and realise that the same person visited both sites.
User Profile Built Over Time
Over time, as you visit more and more websites, a ‘persistent user profile’ gets built up and although those tracking may not know your name, they know what the barcode equivalent of you is – your IP address. By looking at the websites you visit, trackers can figure out your interests, habits, and maybe even your location and by combining this information with other semi-permanent information from your browser, a fairly accurate ‘fingerprint’ of you can be built up.
Who?
Advertisers and marketers may use cookies, pixels, and other tracking technologies embedded in websites to track IP address to understand user behaviour, preferences, and demographics for targeted advertising and personalised content.
Other trackers of IP address may include websites and online services (e.g. to analyse traffic, understand user engagement, and improve the user experience) and Internet Service Providers (ISPs) for network management, troubleshooting, to ensure the security and integrity of their network, plus (perhaps) for law enforcement purposes. Other tracking entities can include government and law enforcement, cybersecurity professionals (monitoring for and respond to security threats), content providers and streaming services, and research and analytics companies tracking IP addresses.
It’s also important to remember that cyber criminals track IP addresses to find vulnerable devices or networks.
No Direct Way To Evade Tracking
The key point is that although IP addresses are necessary and useful for routing traffic, preventing fraud and abuse, and for performing other important functions for network operators and domains, they can pose privacy concerns but, unlike third-party cookies, users currently don’t have a direct way to avoid being covertly tracked. An effective solution, which Google believes could be its IP Protection, needs to strike the right balance between retaining user privacy and not having too much of a negative impact on the normal running of the Internet and the online economy.
VPNs, Proxy Servers, and Secure Browsers
Many people must resort to use a proxy server or a VPN to hide their IP address, both of which mask a user’s IP address with one of their own. There are also many private browsers available which use third-party ad blockers, onion routing, and other security features. These include Brave, DuckDuckGo, and the Tor Browser, among others.
Google’s IP Protection
Google’s IP Protection feature, which it is currently testing with a view to rolling it out in multiple phases, sends third-party traffic for a set of domains through proxies, thereby protecting the user by masking their IP address from those domains.
Test
The first testing phase is reported to be to ensure that the feature will work without impacting third-party companies, e.g. Google’s own Ad Services. Google says this test will involve a single Google-owned proxy, will only proxy requests to domains owned by Google, and will allow to test its infrastructure while preventing impact to other companies, and gives it more time to refine the list of domains that will be proxied.
Google says that IP Protection changes how stable a client’s IP address is but “does not otherwise cause a breaking change for existing sites.”
Opt-In
Google says that IP Protection will be opt-in initially to make sure there is “user control over privacy decisions” and that Google can monitor behaviours at lower volumes.
List Based Approach
It’s understood that a list based approach is to be used by Google and only domains on the list in a third-party context will be impacted, and the focus will be on scripts and domains that are considered to be tracking users so as not to disrupt legitimate use of IP tracking.
What Does This Mean For Your Business?
IP addresses play a vital and legitimate role in the functioning of the web and its economy.
However, user privacy is important and despite browser vendors trying to give users additional privacy, covert cross-site IP tracking enabled by IP addresses is a problem and is a threat to privacy. Most web users aren’t happy with the idea that their web activities can be secretly tracked and a profile of them compiled which is stored and used by faceless companies to target them with ads and offers – it feels like an invasion of privacy and a risk to user security.
Until now, users haven’t had a direct way to avoid being covertly tracked and have needed to proactively opt for measures like using VPNs and proxy servers. Google IP Protection (opt-in at first) could therefore provide a much more direct and effective background privacy-protection solution for users that could, along with ecosystem changes, expand over time to be effective at protecting users’ privacy from cross-site tracking. For companies, organisations, marketers, and advertisers that use IP tracking, however, this could represent a real threat to their operations. Indeed, it could represent a threat to Google’s own domains and ad operation if it doesn’t work properly (hence the testing). IP Protection, therefore, looks promising and the hope is that it will be able to strike the right balance between user privacy and the safety and protecting functionality of the web.
