LGTM1 On Wed, Jul 16, 2025 at 8:18 AM Alex Russell <slightly...@chromium.org> wrote:
> Thanks. What's the story for non-Google browsers? > > On Monday, July 14, 2025 at 1:08:39 PM UTC-7 riz...@google.com wrote: > >> Thanks, Alex, I've updated the review bits in the tool. >> >> We are currently targeting this work for Chrome's Incognito mode only. >> Users will not be able to pick their proxy, but they will be able to turn >> off the feature. >> >> On Mon, Jul 14, 2025 at 2:18 PM Alex Russell <slightly...@chromium.org> >> wrote: >> >>> This is exciting work, and I'm inclined to LGTM. There are some reviews >>> that need to be kicked off within the tool for us to be able to move >>> forward; let us know if you need help. >>> >>> On the meat of the work, are you going to be launching this feature with >>> any other Chromium browsers, either with Google as a proxy or using the >>> same code paths with alternate proxies? And do you envision that users will >>> be able to pick their proxy? >>> >>> Best, >>> >>> Alex >>> >>> On Monday, July 14, 2025 at 8:54:50 AM UTC-7 riz...@google.com wrote: >>> >>>> Contact emailsmiketa...@chromium.org, jhbrad...@google.com, >>>> riz...@google.com >>>> >>>> Explainer >>>> https://github.com/GoogleChrome/ip-protection/blob/main/README.md >>>> >>>> Specification >>>> >>>> None. While Apple does ship a similar feature, we believe that we need >>>> the experience that comes with shipping before attempting standardization >>>> or alignment of architectures. See the relevant discussion in the TAG >>>> review >>>> <https://github.com/w3ctag/design-reviews/issues/1083#issuecomment-2891647225> >>>> . >>>> >>>> Summary >>>> >>>> IP Protection is a feature that limits availability of a user’s >>>> original IP address in third party contexts in Incognito mode, enhancing >>>> Incognito's protections against cross-site tracking when users choose to >>>> browse in this mode. >>>> >>>> IP addresses are essential to the basic functioning of the web, notably >>>> for routing traffic and to prevent fraud and spam. However, like >>>> third-party cookies, they can also be used for tracking. For Chrome users >>>> who choose to browse in Incognito mode, we wanted to provide additional >>>> control over their IP address, without breaking essential web >>>> functionality. >>>> >>>> To strike this balance between protection and usability, this proposal >>>> focuses on limiting the use of IP addresses in a third-party context in >>>> Incognito Mode. To that end, this proposal uses a list-based approach, >>>> where only domains on the Masked Domain List >>>> <https://github.com/GoogleChrome/ip-protection/blob/main/Masked-Domain-List.md> >>>> (MDL) >>>> in a third-party context will be impacted. >>>> >>>> 1% Experiment Summary >>>> >>>> Our 1% stable Incognito experiment did not show any statistically >>>> significant movement for Core Web Vitals or increase in crashes on both >>>> Desktop and Android platforms. >>>> >>>> As the feature is only enabled for a subset of traffic (domains on the >>>> Masked Domain List) for Incognito sessions, the sample size is smaller than >>>> we typically observe in a 1% experiment. We plan to carefully ramp the >>>> experiment to evaluate performance and stability impact before launching to >>>> Incognito 100%. >>>> >>>> >>>> Blink component >>>> >>>> Internals>Network>Proxy >>>> <https://issues.chromium.org/issues?q=customfield1222907:%22Internals%3ENetwork%3EProxy%22> >>>> >>>> >>>> TAG review >>>> >>>> https://github.com/w3ctag/design-reviews/issues/1083 >>>> >>>> >>>> TAG review status >>>> >>>> Closed (resolution: decline) >>>> >>>> >>>> Risks >>>> >>>> >>>> >>>> Interoperability and Compatibility >>>> >>>> There shouldn’t be any interop concerns, as we’re routing certain >>>> traffic through a series of proxies. >>>> >>>> >>>> In terms of compatibility, there are a few possible risks, namely >>>> assigning the incorrect geo >>>> <https://github.com/GoogleChrome/ip-protection/blob/main/Explainer-IP-Geolocation.md> >>>> on egress. However, this would be considered a bug in our services (to be >>>> fixed server side when discovered), not a consequence of the feature >>>> itself. Another risk might be that these IP ranges aren’t recognized and >>>> certain traffic is incorrectly blocked or a user loses access to a >>>> resource. We have published our geofeed >>>> <https://www.gstatic.com/ipprotection/geofeed> as one mitigation for >>>> this risk. >>>> >>>> >>>> Gecko: No signal >>>> >>>> >>>> WebKit: Shipped/Shipping Safari has a similar feature called iCloud >>>> Private Relay. >>>> >>>> >>>> Web developers: Mixed signals There are some different views in the >>>> various open and closed issues at >>>> https://github.com/GoogleChrome/ip-protection/issues. They range from >>>> neutral (questions about user choice, impact on anti-fraud/anti-abuse use >>>> cases, etc.) to negative (questions around the ability to trust the >>>> system). >>>> >>>> >>>> Other signals: >>>> >>>> >>>> WebView application risks >>>> >>>> Does this intent deprecate or change behavior of existing APIs, such >>>> that it has potentially high risk for Android WebView-based applications? >>>> >>>> None >>>> >>>> >>>> >>>> Debuggability >>>> >>>> We display which requests are proxied in the DevTools Network panel >>>> (when IP Protection is enabled). Proxied requests can also be debugged via >>>> netlogs. >>>> >>>> >>>> We also have chrome://flags/#ip-protection-proxy-opt-out which >>>> developers or users can use for testing suspected breakage. >>>> >>>> >>>> Will this feature be supported on all six Blink platforms (Windows, >>>> Mac, Linux, ChromeOS, Android, and Android WebView)? >>>> >>>> No >>>> >>>> We plan to launch this on all Blink platforms except WebView. >>>> >>>> >>>> Is this feature fully tested by web-platform-tests >>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>> ? >>>> >>>> No, and there isn’t any API to be tested. So we don’t plan to add any. >>>> >>>> >>>> Flag name on about://flags >>>> >>>> None >>>> >>>> >>>> Finch feature name >>>> >>>> EnableIpPrivacyProxy >>>> >>>> >>>> Rollout plan >>>> >>>> (RARE) Experiment users ramp up over time >>>> >>>> >>>> Requires code in //chrome? >>>> >>>> False >>>> >>>> >>>> Tracking bug >>>> >>>> https://issues.chromium.org/issues/370696608 >>>> >>>> >>>> Launch bug >>>> >>>> https://launch.corp.google.com/launch/4403761 >>>> >>>> >>>> Estimated milestones >>>> >>>> Shipping on desktop >>>> >>>> 140 >>>> >>>> Shipping on Android >>>> >>>> 140 >>>> >>>> >>>> Anticipated spec changes >>>> >>>> Open questions about a feature may be a source of future web compat or >>>> interop issues. Please list open issues (e.g. links to known github issues >>>> in the project for the feature specification) whose resolution may >>>> introduce web compat/interop risk (e.g., changing to naming or structure of >>>> the API in a non-backward-compatible way). >>>> >>>> None >>>> >>>> >>>> Link to entry on the Chrome Platform Status >>>> >>>> https://chromestatus.com/feature/6574194264899584 >>>> <https://chromestatus.com/feature/6574194264899584?gate=6525820887105536> >>>> >>>> >>>> Links to previous Intent discussions >>>> >>>> Intent to Experiment: >>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/9s8ojrooa_Q/m/I6Rj5UTZBgAJ >>>> >>>> >>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/gBL-Nce3g9c?e=48417069 >>>> >>>> >>>> >>>> >>>> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c3e9c4c4-7530-4c95-9749-24f646535024n%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c3e9c4c4-7530-4c95-9749-24f646535024n%40chromium.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw9q-aJe3W8Zzj_oGqrP9882m3WVsgBdPN7XyrifVDFcTQ%40mail.gmail.com.