Contact emails sau...@google.com, las...@google.com, nick...@google.com, erictrou...@chromium.org, ryanka...@google.com, ayk...@google.com
Explainer https://github.com/GoogleChrome/ip-protection/blob/main/prt_explainer.md Specification None Summary To ensure that businesses can continue to estimate the amount of fraud on their systems, train models to defend against fraud, and analyze emerging fraudulent behavior while still mitigating the ability to track users at scale using IP addresses, we propose to introduce a delayed IP sampling mechanism called Probabilistic Reveal Tokens (PRTs) alongside IP Protection for use in protected traffic. PRTs will be included on proxied requests in a new HTTP header added by the browser for domains that indicate they want to receive them via a signup process. Each PRT will contain a ciphertext, generated by an Issuer and re-randomized for unlinkability by the browser prior to the request, that the recipient can decrypt after a delay. Google will be the issuer for Chrome's implementation. A minority of the decrypted PRTs contain the client's pre-proxy IP address (i.e. non-masked, and as observed by the token issuer), while the remaining PRTs provide no information about the client's original IP address. This results in only a small percent of PRTs containing and revealing the user's IP. Blink component Privacy>Fingerprinting>IPProtection <https://issues.chromium.org/issues?q=customfield1222907:%22Privacy%3EFingerprinting%3EIPProtection%22> TAG review None TAG review status Pending Risks Interoperability and Compatibility None Gecko: No signal WebKit: No signal Web developers: No signals Other signals: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None Goals for experimentation With this dev trial, developers can configure their local Chrome instance to fetch PRTs from the Google issuer and attach them to all network requests to specific domains. Use of the IP proxy is not required. Going forward, key publication will proceed as normal. Developers can thus store both issued and sent tokens, for later decryption when keys are published. In a future state, developers will need to sign up their origins to receive PRTs on proxied requests. No sign-up is necessary to perform the local testing outlined here. This is intended to allow interested developers to test PRTs and begin considering how they might integrate PRTs into their workflows. Ongoing technical constraints None Debuggability None Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)? No Supported where IP Protection is supported. Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ? No DevTrial instructions https://github.com/explainers-by-googlers/prtoken-reference/blob/main/prt_dev_testing.md Flag name on about://flags None Finch feature name EnableProbabilisticRevealTokens - Note that there are many subtleties to enabling this feature, please see developer guide. Requires code in //chrome? False Launch bug https://launch.corp.google.com/launch/4367692 Estimated milestones DevTrial on desktop 138 DevTrial on Android 138 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/4914046966693888 -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CA%2B0Xr79K0HK1o7bghjpJmkZaRLaYdTCfrdLxG6P8kXReDGc2zw%40mail.gmail.com.
