Kind of as long as they can track you, it's good if others cannot.
Xunjin 29 days ago [-]
That was my thought, why not allow this feature without the need to login in a Google account?
gruez 29 days ago [-]
It's answered in the document:
>IP Protection will use client authentication to limit the ability of bad actors to leverage the proxies to amplify attacks on services on the Masked Domain List. Therefore, IP Protection will only be available to users that have been authenticated using the Google account they're signed in with in the Chrome browser prior to opening a new Incognito window.
reaperducer 29 days ago [-]
Does Apple's IP hiding feature work without an iCloud login? I'm not at my computer, so I can't check.
spacebanana7 29 days ago [-]
It requires an active iCloud+ subscription so I don’t see how that’d be possible.
However they say that Apple can’t see the final destination of your traffic.
Because your use of a proxy is governed by certain terms, and you agreed to them by signing up to a Google account and signing into Chrome?
lcnPylGDnU4H9OF 29 days ago [-]
Perhaps the parent commenter knew that and was curious what technical reason, if any, Google is using to justify the decision.
Xunjin 29 days ago [-]
Yes I'm curious about the technical reasons, my mistake in thinking my comment would make that implicit clear to the dear reader.
orphea 29 days ago [-]
Exactly. It doesn't seem it has anything to do with user privacy. Google just tries to keep tracking data for themselves only.
Xunjin 29 days ago [-]
Doesn't that fall in the category of monopolization, which can trigger Antitrust laws?
spacebanana7 29 days ago [-]
It’s a tricky trade off.
Most privacy changes have the effect of advantaging the position of big tech. To some extent this is unavoidable because users will actively consent to share data with Google etc but not AdTech startups.
For example, Apple’s ATT rules for app tracking made their own App Store search ads more competitive to Facebook. And the removal of third party cookies benefits Google’s banner ad business over rivals.
pluc 29 days ago [-]
Because Google is an American corporation and as such will never do something that solely benefits its users and not also itself.
jisnsm 29 days ago [-]
Unlike corporations in other countries which gladly give away money and labour to their clients. Or something.
kobalsky 29 days ago [-]
because it's not realistic to provide a proxy service without ensuring that the users are legitimate due to abuse, it would be like running a tor exit node.
there's no ethical way for Google to provide this service, they just shouldn't.
imglorp 29 days ago [-]
Yes. This is merely another stab at competition while increasing their own user activity profile corpus.
It's so transparent and ludicrous, at first I thought it was an Onion or April Fools post.
lordofgibbons 29 days ago [-]
> when users are signed into their Google account in the Chrome browser before starting an Incognito session
Sounds like this is just another attempt by Google to gather the data for itself but make it harder for other advertisement companies.
gruez 29 days ago [-]
What's the data that google is gathering? It doesn't even get what site you're visiting because the traffic is proxied to a CDN partner.
lordofgibbons 29 days ago [-]
By using this, It gets your IP because you have to sign into Google. But other advert platforms don't get your IP
gruez 29 days ago [-]
>By using this, It gets your IP because you have to sign into Google
If you're already signed into google then they already have your IP. If you're not signed into google they continue to not get your IP or proxied traffic. What's the issue?
>But other advert platforms don't get your IP
No good deed goes unpunished. Google gets flak for making chrome privacy better, but they also get flak for making chrome privacy worse (see comments about fingerprinting in this thread).
everdrive 29 days ago [-]
How many websites really track by IP? Specifically when using Chrome? My understanding is that whether intentional or not, Google has done just about everything possible to make Chrome easier to fingerprint and track. I cannot imagine a new IP privacy tool doing anything to increase privacy for users, not merely increase website’s reliance on the other tracking methods built into Chrome.
crazygringo 29 days ago [-]
> My understanding is that whether intentional or not, Google has done just about everything possible to make Chrome easier to fingerprint and track.
Can you provide any evidence about this in incognito mode though, specifically?
I'm not aware of a single thing Google has done to make incognito mode tracking easier.
People aren't doing most of their browsing in incognito, so it's not going to be something Google cares much about tracking you in.
Or to be more blunt -- your porn preferences aren't a valuable signal to know what clothing or car ads to show you.
everdrive 29 days ago [-]
There’s an entire class of browser fingerprinting methods which does not rely on cookies or IP addresses whatsoever; this would be hashes of various browser functions such as webrtc, webgl, as well as other information provided by the client.
These technologies are increasingly relied on because privacy efforts have chipped away at how useful cookie or IP-based tracking can be. Google’s efforts to “improve privacy” when it comes to cookies or IP addresses benefit Google directly; the other tracking methods, which are built into Chrome and enabled by default slowly become the only viable method for tracking, and blocking cookie or IP address information becomes less and less relevant with regard to privacy.
crazygringo 29 days ago [-]
Defeating fingerprinting is a really hard problem to solve. So hard that literally nobody has solved it, because exposing all those capabilities are necessary for a lot of sites and webapps to function.
You say that hiding IP addresses somehow benefits Google -- all I see is them doing something they can do that consumers want. It's not benefiting Google strategically in some way.
My point is, I don't see how anyone can possibly complain about this effort from a privacy point of view. Sure it's not solving fingerprinting, but nobody knows how to do that.
dboreham 29 days ago [-]
There's definitely some of it. Even on a subnet level. I know this because formerly I ran a small ISP where several of my neighbors were using our service, and hence were assigned IP addresses in the same small subnet. There were several cases of advert bleed over between homes (person in home A buys thing X and hey presto ads are served for thing X in home B).
windward 29 days ago [-]
Having the same IP is a pretty good indicator of shared context!
Y_Y 29 days ago [-]
Probably that context is "these people use the same VPN and must be punished with endless image labelling"
ed_elliott_asc 29 days ago [-]
IP’s with x users will be excluded (over 100 people with the same up? Definitely isn’t a household)
windward 29 days ago [-]
Doesn't matter, anyone knowledgable enough to buy a VPN has reduced their marketing entropy.
Aachen 29 days ago [-]
> This protection applies [...] when users are signed into their Google account in the Chrome browser
Interesting scope. Wouldn't the people who don't log in with a Google account be the ones who care most about this feature?
rasengan 29 days ago [-]
> No single proxy can see the origins that clients interact with and the clients' original IP address.
Wait, double hop is privacy theater in this case. If you control all the proxy gateways it doesn’t matter if you hop around them.
Even Apple’s privacy is technically more so than this although that’s not saying much. There are two entities in their mix — but a simple collusion between the two entities ends that privacy too.
topranks 29 days ago [-]
They say they are outsourcing the second-hop proxy to a third party.
zarzavat 29 days ago [-]
A third party that is paid by the first party is not much different from a first party.
It does seem like privacy theatre, anonymity protocols like Tor are carefully designed to make malicious cooperation difficult.
brookst 29 days ago [-]
> A third party that is paid by the first party is not much different from a first party.
This is true from a technical trust perspective, but less true from a legal liability perspective.
If company A sells a product to users with the promise “it will be delivered by company B and we have no knowledge of what you do with it”, and then it turns out there the two companies had an agreement to share data and void that promise, company A is in for a world of hurt when the truth comes out.
Given the small number of people who are aware of and care about this stuff, it would be so much less expensive and less risky to just skip the lies in the first place.
What’s the upside of an elaborate architecture that is all window dressing, which creates a ton of liability, and which fraud likely to be discovered because it’s all written down in code and contracts?
29 days ago [-]
xrisk 29 days ago [-]
Quite amusing to see Google’s own tracking domains in the initial list [1] of domains they’re going to apply this to.
It's a great idea (from Google's POV) because then they can claim "Look, we also hide users IP from our own service!" which sounds great in marketing material, and not many will realize that it doesn't matter since the user is logged in with their Google account in Chrome so Google already have the data, this is just about hiding the data from companies that aren't Google.
lozenge 29 days ago [-]
Google wouldn't have any data from an Incognito window though?
diggan 29 days ago [-]
Why not? They literally are the ones building the closed-source parts for the very browser that the incognito window is opened by.
molticrystal 29 days ago [-]
Chrome improves IP privacy like they improved ad blocking and tracking with manifest v3. I'll stick to a chromium fork or librewolf and handle any IP privacy needs on my own, thank you.
drawfloat 29 days ago [-]
I assume it's the same catch as cookies – Google doesn't need it, their competitors do.
ddtaylor 29 days ago [-]
Bootleg K-mart version of Tor that Google thinks is private enough.
ripped_britches 29 days ago [-]
Unless you’re a criminal, Tor is overkill for normal browsing and definitely painful to use. So probably an unfair comparison.
wutwutwat 29 days ago [-]
Don't dirty the good name of k-mart's bluelight internet by lumping it in with this nonsense
zombot 28 days ago [-]
"Chrome" and "privacy" in the same sentence unironically is a great joke.
29 days ago [-]
1vuio0pswjnm7 29 days ago [-]
Big Tech implements and advocates a strange concept of "privacy" where the sender's data unnecessarily going through Big Tech and/or selected CDNs (collectively, third parties) instead of directly to the intended recipient does not violate privacy... and, according to the Silicon Valley spin, this somehow "increases" privacy.
The concept of privacy from Big Tech and partner CDNs exists. But for these companies, generally computer users are not the customers. They are commercial surveillance and ad targets.
It is purely a coincidence, no doubt, that these companies providing "privacy" services are in fact far the world's greatest threats to and violators (or potential violators) of computer user privacy. As always, it is assumed the computer user will be too naive to notice the absurdity of this arrangement.
Google has already been caught fraudulently promoting "Incognito" as "private" and chose to settle with plaintiffs rather than prove they not misleading computer users. Why would anyone trust Google a second time.
I want to like this, but I cannot possibly trust anything privacy related added to Chrome as long as Chrome is developed by the same company whose core business is to collect as much data about me as possible.
kyboren 28 days ago [-]
> Chrome is developed by the same company whose core business is to collect as much data about me as possible.
Let's be more precise: Google's core business is pimping you out to any John who wants to mindfuck you, and selling a fantastically sophisticated matchmaking service on top, to which all that data is instrumental.
An alternative headline might be, "Hoes grow wary of pimpmobile's 'privacy' mode -- Pimp adds Military Grade Encryption(tm) to reassure bitches that 'nah baby, I really love you'"
29 days ago [-]
maineagetter 29 days ago [-]
[dead]
delfinom 29 days ago [-]
Google automatically MITM proxying incognito mode users surely won't end in tracking abuse by Google.
Surely.
westmeal 29 days ago [-]
Hey the Google guy said something about not being evil. You think people would just lie?
29 days ago [-]
Xunjin 29 days ago [-]
I really don't understand why you were being downvoted, I do understand the snarky remark you did, but it ain't far from the truth.
gruez 29 days ago [-]
"MITM proxying incognito mode" is so far from the truth. Google doesn't get the plaintext contents, unlike typical MITM. They don't even know what site you're connecting to because your traffic is sent encrypted to a CDN partner.
Xunjin 29 days ago [-]
That's the snarky remark I was referring to. However, you deserve my upvote for being precise on that, thank you.
Yet, it's already known and established over the years that Google keeps trying to monopolize data and has taken actions to reduce their user's privacy.
casey2 29 days ago [-]
What exactly is the point in browsing the internet when you can generate any content you need to access locally? There are ripples to anything you do online, if you want better privacy, logoff.
- It's only a proposal
- It only applies to domains in what they call the Masked Domain List (MDL), see [1]
- The masked IP will be in the same country and same "coarse location" as your actual IP
- It applies "when users are signed into their Google account in the Chrome browser before starting an Incognito session."
1. https://github.com/GoogleChrome/ip-protection?tab=readme-ov-...
>IP Protection will use client authentication to limit the ability of bad actors to leverage the proxies to amplify attacks on services on the Masked Domain List. Therefore, IP Protection will only be available to users that have been authenticated using the Google account they're signed in with in the Chrome browser prior to opening a new Incognito window.
However they say that Apple can’t see the final destination of your traffic.
https://support.apple.com/en-euro/102602
Most privacy changes have the effect of advantaging the position of big tech. To some extent this is unavoidable because users will actively consent to share data with Google etc but not AdTech startups.
For example, Apple’s ATT rules for app tracking made their own App Store search ads more competitive to Facebook. And the removal of third party cookies benefits Google’s banner ad business over rivals.
there's no ethical way for Google to provide this service, they just shouldn't.
It's so transparent and ludicrous, at first I thought it was an Onion or April Fools post.
Sounds like this is just another attempt by Google to gather the data for itself but make it harder for other advertisement companies.
If you're already signed into google then they already have your IP. If you're not signed into google they continue to not get your IP or proxied traffic. What's the issue?
>But other advert platforms don't get your IP
No good deed goes unpunished. Google gets flak for making chrome privacy better, but they also get flak for making chrome privacy worse (see comments about fingerprinting in this thread).
Can you provide any evidence about this in incognito mode though, specifically?
I'm not aware of a single thing Google has done to make incognito mode tracking easier.
People aren't doing most of their browsing in incognito, so it's not going to be something Google cares much about tracking you in.
Or to be more blunt -- your porn preferences aren't a valuable signal to know what clothing or car ads to show you.
These technologies are increasingly relied on because privacy efforts have chipped away at how useful cookie or IP-based tracking can be. Google’s efforts to “improve privacy” when it comes to cookies or IP addresses benefit Google directly; the other tracking methods, which are built into Chrome and enabled by default slowly become the only viable method for tracking, and blocking cookie or IP address information becomes less and less relevant with regard to privacy.
You say that hiding IP addresses somehow benefits Google -- all I see is them doing something they can do that consumers want. It's not benefiting Google strategically in some way.
My point is, I don't see how anyone can possibly complain about this effort from a privacy point of view. Sure it's not solving fingerprinting, but nobody knows how to do that.
Interesting scope. Wouldn't the people who don't log in with a Google account be the ones who care most about this feature?
Wait, double hop is privacy theater in this case. If you control all the proxy gateways it doesn’t matter if you hop around them.
Even Apple’s privacy is technically more so than this although that’s not saying much. There are two entities in their mix — but a simple collusion between the two entities ends that privacy too.
It does seem like privacy theatre, anonymity protocols like Tor are carefully designed to make malicious cooperation difficult.
This is true from a technical trust perspective, but less true from a legal liability perspective.
If company A sells a product to users with the promise “it will be delivered by company B and we have no knowledge of what you do with it”, and then it turns out there the two companies had an agreement to share data and void that promise, company A is in for a world of hurt when the truth comes out.
Given the small number of people who are aware of and care about this stuff, it would be so much less expensive and less risky to just skip the lies in the first place.
What’s the upside of an elaborate architecture that is all window dressing, which creates a ton of liability, and which fraud likely to be discovered because it’s all written down in code and contracts?
[1]: https://github.com/GoogleChrome/ip-protection/blob/master/Ma...
The concept of privacy from Big Tech and partner CDNs exists. But for these companies, generally computer users are not the customers. They are commercial surveillance and ad targets.
It is purely a coincidence, no doubt, that these companies providing "privacy" services are in fact far the world's greatest threats to and violators (or potential violators) of computer user privacy. As always, it is assumed the computer user will be too naive to notice the absurdity of this arrangement.
Google has already been caught fraudulently promoting "Incognito" as "private" and chose to settle with plaintiffs rather than prove they not misleading computer users. Why would anyone trust Google a second time.
https://s3.documentcloud.org/documents/24527110/google-unopp...
Let's be more precise: Google's core business is pimping you out to any John who wants to mindfuck you, and selling a fantastically sophisticated matchmaking service on top, to which all that data is instrumental.
An alternative headline might be, "Hoes grow wary of pimpmobile's 'privacy' mode -- Pimp adds Military Grade Encryption(tm) to reassure bitches that 'nah baby, I really love you'"
Surely.
Yet, it's already known and established over the years that Google keeps trying to monopolize data and has taken actions to reduce their user's privacy.