Google Chrome Plans to Implement User IP Address Hiding Mode
Google has started developing a new feature for the Chrome browser called IP Protection, designed to hide users’ IP addresses from website owners. This new capability can serve as a built-in anonymizer, primarily aimed at preventing tracking of user movements, but it can also help bypass restrictions imposed by websites or internet service providers.
How IP Protection Works
Technically, the proposed feature works by routing traffic through a proxy server instead of sending it directly. The proxy forwards the request to the target server, which only sees the proxy’s IP address—similar to how a VPN operates. For added anonymity, requests can be relayed through multiple proxies in sequence. In this setup, only the first proxy knows the client’s IP address, while the second proxy only sees the address of the first proxy.
Testing and Rollout Plans
Google plans to test the IP Protection mode with a small percentage of users in upcoming Chrome releases (versions 119 to 125). In the initial phase, only one Google-owned proxy server will be used, and IP hiding will be enabled only for Google domains and ad networks. This phase will be available to systems with U.S. IP addresses and will cover no more than 33% of users in experimental Chrome builds.
In the second phase, a two-level proxy configuration will be introduced: first, the browser connects through an encrypted tunnel to a Google-owned proxy, then the request is sent to a second proxy owned by a company not affiliated with Google. The tunneling ensures that the first proxy, which sees the user’s IP address, cannot view the request parameters or determine the target host. The second proxy can see the target host but not the user’s IP address. This separation prevents any single proxy from linking the user to the requested site.
Technical Details and Security Measures
Traffic will be routed to the proxy using the CONNECT and CONNECT-UDP methods, creating a tunnel based on the TLS protocol for end-to-end encryption. To prevent abuse, access to the first (Google-controlled) proxy will require a cryptographic token generated by Google’s authentication server when Chrome connects to a user’s Google account (proxy access will be blocked without Chrome authentication). The token will also include traffic limits to make it harder to use the proxy for malicious purposes.
Availability and Limitations
The IP hiding mode will be disabled by default and can be enabled by users if desired. IP hiding will not apply to all websites, but only to a specific list of domains known for tracking user movements. This approach helps avoid unwanted changes that could disrupt site behavior, cause issues with location detection, user segmentation, or traffic accounting (for example, a site ban could affect all users routed through the proxy).
To address location-based requirements—such as compliance with local laws or localization settings—the second-level proxy is planned to be located in the same country or even city as the user. Eventually, Google aims to deploy a broad network of second-level proxies in partnership with various providers and content delivery networks.
Similar Developments in Other Browsers
WebKit developers are working on a similar feature for Safari called Intelligent Tracking Protection. Currently, it is limited to experiments with a single proxy, but there are plans to move to a two-level independent proxy model in the future.