LGTM1

On Wed, Jul 16, 2025 at 8:18 AM Alex Russell <slightly...@chromium.org>
wrote:

> Thanks. What's the story for non-Google browsers?
>
> On Monday, July 14, 2025 at 1:08:39 PM UTC-7 riz...@google.com wrote:
>
>> Thanks, Alex, I've updated the review bits in the tool.
>>
>> We are currently targeting this work for Chrome's Incognito mode only.
>> Users will not be able to pick their proxy, but they will be able to turn
>> off the feature.
>>
>> On Mon, Jul 14, 2025 at 2:18 PM Alex Russell <slightly...@chromium.org>
>> wrote:
>>
>>> This is exciting work, and I'm inclined to LGTM. There are some reviews
>>> that need to be kicked off within the tool for us to be able to move
>>> forward; let us know if you need help.
>>>
>>> On the meat of the work, are you going to be launching this feature with
>>> any other Chromium browsers, either with Google as a proxy or using the
>>> same code paths with alternate proxies? And do you envision that users will
>>> be able to pick their proxy?
>>>
>>> Best,
>>>
>>> Alex
>>>
>>> On Monday, July 14, 2025 at 8:54:50 AM UTC-7 riz...@google.com wrote:
>>>
>>>> Contact emailsmiketa...@chromium.org, jhbrad...@google.com,
>>>> riz...@google.com
>>>>
>>>> Explainer
>>>> https://github.com/GoogleChrome/ip-protection/blob/main/README.md
>>>>
>>>> Specification
>>>>
>>>> None. While Apple does ship a similar feature, we believe that we need
>>>> the experience that comes with shipping before attempting standardization
>>>> or alignment of architectures. See the relevant discussion in the TAG
>>>> review
>>>> <https://github.com/w3ctag/design-reviews/issues/1083#issuecomment-2891647225>
>>>> .
>>>>
>>>> Summary
>>>>
>>>> IP Protection is a feature that limits availability of a user’s
>>>> original IP address in third party contexts in Incognito mode, enhancing
>>>> Incognito's protections against cross-site tracking when users choose to
>>>> browse in this mode.
>>>>
>>>> IP addresses are essential to the basic functioning of the web, notably
>>>> for routing traffic and to prevent fraud and spam. However, like
>>>> third-party cookies, they can also be used for tracking. For Chrome users
>>>> who choose to browse in Incognito mode, we wanted to provide additional
>>>> control over their IP address, without breaking essential web 
>>>> functionality.
>>>>
>>>> To strike this balance between protection and usability, this proposal
>>>> focuses on limiting the use of IP addresses in a third-party context in
>>>> Incognito Mode. To that end, this proposal uses a list-based approach,
>>>> where only domains on the Masked Domain List
>>>> <https://github.com/GoogleChrome/ip-protection/blob/main/Masked-Domain-List.md>
>>>>  (MDL)
>>>> in a third-party context will be impacted.
>>>>
>>>> 1% Experiment Summary
>>>>
>>>> Our 1% stable Incognito experiment did not show any statistically
>>>> significant movement for Core Web Vitals or increase in crashes on both
>>>> Desktop and Android platforms.
>>>>
>>>> As the feature is only enabled for a subset of traffic (domains on the
>>>> Masked Domain List) for Incognito sessions, the sample size is smaller than
>>>> we typically observe in a 1% experiment. We plan to carefully ramp the
>>>> experiment to evaluate performance and stability impact before launching to
>>>> Incognito 100%.
>>>>
>>>>
>>>> Blink component
>>>>
>>>> Internals>Network>Proxy
>>>> <https://issues.chromium.org/issues?q=customfield1222907:%22Internals%3ENetwork%3EProxy%22>
>>>>
>>>>
>>>> TAG review
>>>>
>>>> https://github.com/w3ctag/design-reviews/issues/1083
>>>>
>>>>
>>>> TAG review status
>>>>
>>>> Closed (resolution: decline)
>>>>
>>>>
>>>> Risks
>>>>
>>>>
>>>>
>>>> Interoperability and Compatibility
>>>>
>>>> There shouldn’t be any interop concerns, as we’re routing certain
>>>> traffic through a series of proxies.
>>>>
>>>>
>>>> In terms of compatibility, there are a few possible risks, namely
>>>> assigning the incorrect geo
>>>> <https://github.com/GoogleChrome/ip-protection/blob/main/Explainer-IP-Geolocation.md>
>>>> on egress. However, this would be considered a bug in our services (to be
>>>> fixed server side when discovered), not a consequence of the feature
>>>> itself. Another risk might be that these IP ranges aren’t recognized and
>>>> certain traffic is incorrectly blocked or a user loses access to a
>>>> resource. We have published our geofeed
>>>> <https://www.gstatic.com/ipprotection/geofeed> as one mitigation for
>>>> this risk.
>>>>
>>>>
>>>> Gecko: No signal
>>>>
>>>>
>>>> WebKit: Shipped/Shipping Safari has a similar feature called iCloud
>>>> Private Relay.
>>>>
>>>>
>>>> Web developers: Mixed signals There are some different views in the
>>>> various open and closed issues at
>>>> https://github.com/GoogleChrome/ip-protection/issues. They range from
>>>> neutral (questions about user choice, impact on anti-fraud/anti-abuse use
>>>> cases, etc.) to negative (questions around the ability to trust the 
>>>> system).
>>>>
>>>>
>>>> Other signals:
>>>>
>>>>
>>>> WebView application risks
>>>>
>>>> Does this intent deprecate or change behavior of existing APIs, such
>>>> that it has potentially high risk for Android WebView-based applications?
>>>>
>>>> None
>>>>
>>>>
>>>>
>>>> Debuggability
>>>>
>>>> We display which requests are proxied in the DevTools Network panel
>>>> (when IP Protection is enabled). Proxied requests can also be debugged via
>>>> netlogs.
>>>>
>>>>
>>>> We also have chrome://flags/#ip-protection-proxy-opt-out which
>>>> developers or users can use for testing suspected breakage.
>>>>
>>>>
>>>> Will this feature be supported on all six Blink platforms (Windows,
>>>> Mac, Linux, ChromeOS, Android, and Android WebView)?
>>>>
>>>> No
>>>>
>>>> We plan to launch this on all Blink platforms except WebView.
>>>>
>>>>
>>>> Is this feature fully tested by web-platform-tests
>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>
>>>> ?
>>>>
>>>> No, and there isn’t any API to be tested. So we don’t plan to add any.
>>>>
>>>>
>>>> Flag name on about://flags
>>>>
>>>> None
>>>>
>>>>
>>>> Finch feature name
>>>>
>>>> EnableIpPrivacyProxy
>>>>
>>>>
>>>> Rollout plan
>>>>
>>>> (RARE) Experiment users ramp up over time
>>>>
>>>>
>>>> Requires code in //chrome?
>>>>
>>>> False
>>>>
>>>>
>>>> Tracking bug
>>>>
>>>> https://issues.chromium.org/issues/370696608
>>>>
>>>>
>>>> Launch bug
>>>>
>>>> https://launch.corp.google.com/launch/4403761
>>>>
>>>>
>>>> Estimated milestones
>>>>
>>>> Shipping on desktop
>>>>
>>>> 140
>>>>
>>>> Shipping on Android
>>>>
>>>> 140
>>>>
>>>>
>>>> Anticipated spec changes
>>>>
>>>> Open questions about a feature may be a source of future web compat or
>>>> interop issues. Please list open issues (e.g. links to known github issues
>>>> in the project for the feature specification) whose resolution may
>>>> introduce web compat/interop risk (e.g., changing to naming or structure of
>>>> the API in a non-backward-compatible way).
>>>>
>>>> None
>>>>
>>>>
>>>> Link to entry on the Chrome Platform Status
>>>>
>>>> https://chromestatus.com/feature/6574194264899584
>>>> <https://chromestatus.com/feature/6574194264899584?gate=6525820887105536>
>>>>
>>>>
>>>> Links to previous Intent discussions
>>>>
>>>> Intent to Experiment:
>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/9s8ojrooa_Q/m/I6Rj5UTZBgAJ
>>>>
>>>>
>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/gBL-Nce3g9c?e=48417069
>>>>
>>>>
>>>>
>>>>
>>>> --
> You received this message because you are subscribed to the Google Groups
> "blink-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to blink-dev+unsubscr...@chromium.org.
> To view this discussion visit
> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c3e9c4c4-7530-4c95-9749-24f646535024n%40chromium.org
> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c3e9c4c4-7530-4c95-9749-24f646535024n%40chromium.org?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw9q-aJe3W8Zzj_oGqrP9882m3WVsgBdPN7XyrifVDFcTQ%40mail.gmail.com.

Reply via email to