Probably isn't a good time to being doing this and revoking third party cookies while under antitrust investigations.
Apart from the all the QUIC vpn / proxy work Cloudflare et al (standardising Private Relay) are involved in , the OHAI working group  is closing in on its reviews too.
Interestingly, there is an active IETF draft for how such private proxies could be built: https://datatracker.ietf.org/doc/draft-iab-privacy-partition...
To be honest, I still don't understand the use case for that when there's already MASQUE, which seems like a more flexible and elegant solution to the same or at least a very similar problem.
Do you know what OHAI does in detail and what its advantages over MASQUE would be?
See section 3.1 for a brief comparison between the two: https://datatracker.ietf.org/doc/html/draft-schinazi-masque-...
MASQUE is more about tunneling TLS flows (i.e. TCP or TCP-ish connections such as QUIC/HTTP 3) than about the IP layer, is my understanding, but I suppose that's what you mean by IPsec take 2?
MASQUE has now evolved to the point one can potentially build VPNs with it: https://datatracker.ietf.org/doc/draft-ietf-masque-connect-i...
see also apnic's post on ohttp & masque: https://blog.apnic.net/2023/03/23/hiding-behind-masques/
Wow, so we've gone full circle :D Hopefully this will only be used using the QUIC Datagram – IP-over-TCP isn't fun. But I can see it making sense in certain scenarios/as a last resort.
I'm aware of the great apnic post, but it seems to predate OHAI. Hopefully somebody will write an explainer on that as well.
How does this protect user privacy, overall?
A proxy (i.e. the same approach Apple uses for iCloud Private Relay) would be much better, though since their VPN seems to be using a single, fairly static IPv6 address per user and connection, which allows trivial cross-site tracking of a given user.
I think it would be more useful if Google contributed nodes to Tor rather than creating their own (confusingly) centralised, decentralised alternative.
- If Tor was 'easier' for the end-user or better supported by the centralised pillars of the Internet (such as Google), maybe "spam or worse" traffic would be made a much smaller percentage and improve Tor's reputation
- Does this mean different scales of anonymity/privacy? Tor for the "spam or worse", and this solution of Google's for the casual, not-quite-as-paranoid, private individual?
P.S. You're absolutely right in your paranoia regarding "I don’t want to be associated with". I've had a member of law enforcement accuse me of, basically, being worthy of suspicion (up to and including legal violation of my rights), because I've "got tor on my computer" (yes, that's their level of understanding). They also said that running Virtual Machines and downloading things from Mega will also get you put on a list.
I'd rather Google assist to improve Tor (and it's associated reputation) than "create my own amusement park with blackjack and hookers". In this case, I think one big pool is better than numerous small ones.
P.S. Mega seems to host a number of Android ROMs, which is my primary, and possibly singular, use case.
Perhaps there's a business use for this?
There was an Android-only data saver mode, but it was discontinued .
MASQUE (which iCloud Private Relay already uses, and Google could use too) can do significantly better.
Of course, having a choice of more MASQUE providers than just Apple and Google is important.
Authenticated, but not identified, by the end-provider.
iCloud Private Relay offers pretty much the same functionality, and in some ways, this is better than many single-hop commercial VPNs, where the VPN operator can trivially correlate ingress and egress data (if not account payment data as well).
I'll not comment on the irony of Google launching this particular proxy feature.
1. Cloudflare (which is proxying traffic for this feature) is unable to maintain its contact neutral status as governments force it to implement censorship to comply with local laws.
2. Governments force browsers to ship a block list of domains, with tampering the browser binaries being prevented by attestation (which has already been proposed in France.)
The roles of the "proxy exit node" network and regional ISPs seem very similar, at least.
And couldn't 2. happen completely independently of this effort? Or is your point that this type of proxying would circumvent existing ISP-level blocking without 1.?
"In order to access the proxy a user must be logged in to Chrome. To prevent abuse a Google run authentication server will grant access tokens to the Google run proxy based on a per-user quota."
In order to prevent abuse... we have to give you a tracking token, to use the "Anonymizing" network. One that tracks down to the browser level, across IP switches! Way cool!
Nice try Google... we've seen tracking tokens from you enough times. :)
"It takes 20 years to build a reputation and five minutes to ruin it." - Warren Buffet
I used to trust Google. They really didn't act that scummy, etc. Now-a-days, I 'm not so sure.
Leave the VPN to the VPN providers, IMHO.
I'm as skeptical about Google's privacy efforts as the next person, but I think most existing commercial VPNs are even worse.
They gain ISP-level insights into your traffic, and history has shown that at least some of them aren't really more trustworthy than the worst ISPs out there (in that they've also been caught selling or at least collecting customer traffic flows, despite all the promises to not keep any logs).
MASQUE is a much better take on browsing privacy. I really do hope that today's VPN providers will be tomorrow's MASQUE proxy providers.
Yes, I know OpenVPN, etc. But 'cmon, we know people would fall for the above :).
There's not much you can mine. Most traffic nowadays is encrypted so all you get is the domain. For most people this basically translates to what apps you use (eg. facebook or reddit) and possibly what company you work for (eg. if you connect to your company's mail server).
That can be still quite interesting for advertisers, and if you think about home ISPs rather than public Wi-Fi networks, you could easily imagine your ISP also supplying your demographic range and rough location to advertisers.
Even from purely public IP geolocation information alone, I'm able to pinpoint my IPv4 and IPv6 to my ZIP code (which spans only a couple of blocks). IPv6 allows tracking individual devices on a network persistently as well, i.e. distinguishing between people in a household.
2. If you're at a location that the attacker controls, there's a much more straightforward attack that doesn't even need wifi: recording your keystrokes with hidden cameras
Access to www.apple.com (with "www", so it is a browser)? Maybe I can push you an AD for iPhone 15 protective case.
And the solution is to route all traffic through Google - an advertising company quite literally renowned for its data mining habits and abilities.
I'm much less concerned about coffeeshops and airports (where I spend only a few hours per year, and modern OSes use MAC address randomization) than I am about my home and mobile ISPs.
> Traffic will be directed to use these proxies based on a third party list of domains.
Given the feature is another of the attempts at reducing cross-site tracking surface, it seems like a good guess that what the idea is to apply this specifically for domains used for that.
MASQUE lacking a feedback channel for websites to report spam/abuse was explicitly given as a motivation there, as far as I remember.
I'm still skeptical of WEI as a whole until we know more, though.
Unless they share the information with each other, which is guaranteed to be impossible... how exactly?
Proxy 1 knows your source IP, its own IP, and the destination IP (proxy 2). Proxy 2 knows the incoming source IP (proxy 1), its own IP, and the destination IP (the website you're accessing). Neither proxy knows both your IP and your destination IP.
Presumably they have to have a contract anyway to agree to tunnel the traffic using this protocol.
this is the interesting bit to me. what is the third-party list of domains? is google going to start masking IPs for traffic to some known-sketchy list of sites?
Maybe IPs deserve more privacy than people.
HTTPS will keep specifics about your browsing private but MAC address, list of IPs connected to, and request sizes probably reveals a lot more than people would expect.
Also, most devices implement MAC randomization these days, so tracking based on that is also moot.
Your mac address never reaches the internet. It's stripped off the moment it leaves your LAN.