Mike Taylor was kind enough to answer all my questions regarding non-Google browsers in today's API OWNERS meeting. LGTM2.
On Wednesday, July 16, 2025 at 8:28:24 AM UTC-7 Chris Harrelson wrote: > LGTM1 > > On Wed, Jul 16, 2025 at 8:18 AM Alex Russell <slightly...@chromium.org> > wrote: > >> Thanks. What's the story for non-Google browsers? >> >> On Monday, July 14, 2025 at 1:08:39 PM UTC-7 riz...@google.com wrote: >> >>> Thanks, Alex, I've updated the review bits in the tool. >>> >>> We are currently targeting this work for Chrome's Incognito mode only. >>> Users will not be able to pick their proxy, but they will be able to turn >>> off the feature. >>> >>> On Mon, Jul 14, 2025 at 2:18 PM Alex Russell <slightly...@chromium.org> >>> wrote: >>> >>>> This is exciting work, and I'm inclined to LGTM. There are some reviews >>>> that need to be kicked off within the tool for us to be able to move >>>> forward; let us know if you need help. >>>> >>>> On the meat of the work, are you going to be launching this feature >>>> with any other Chromium browsers, either with Google as a proxy or using >>>> the same code paths with alternate proxies? And do you envision that users >>>> will be able to pick their proxy? >>>> >>>> Best, >>>> >>>> Alex >>>> >>>> On Monday, July 14, 2025 at 8:54:50 AM UTC-7 riz...@google.com wrote: >>>> >>>>> Contact emailsmiketa...@chromium.org, jhbrad...@google.com, >>>>> riz...@google.com >>>>> >>>>> Explainer >>>>> https://github.com/GoogleChrome/ip-protection/blob/main/README.md >>>>> >>>>> Specification >>>>> >>>>> None. While Apple does ship a similar feature, we believe that we need >>>>> the experience that comes with shipping before attempting standardization >>>>> or alignment of architectures. See the relevant discussion in the TAG >>>>> review >>>>> <https://github.com/w3ctag/design-reviews/issues/1083#issuecomment-2891647225> >>>>> . >>>>> >>>>> Summary >>>>> >>>>> IP Protection is a feature that limits availability of a user’s >>>>> original IP address in third party contexts in Incognito mode, enhancing >>>>> Incognito's protections against cross-site tracking when users choose to >>>>> browse in this mode. >>>>> >>>>> IP addresses are essential to the basic functioning of the web, >>>>> notably for routing traffic and to prevent fraud and spam. However, like >>>>> third-party cookies, they can also be used for tracking. For Chrome users >>>>> who choose to browse in Incognito mode, we wanted to provide additional >>>>> control over their IP address, without breaking essential web >>>>> functionality. >>>>> >>>>> To strike this balance between protection and usability, this proposal >>>>> focuses on limiting the use of IP addresses in a third-party context in >>>>> Incognito Mode. To that end, this proposal uses a list-based approach, >>>>> where only domains on the Masked Domain List >>>>> <https://github.com/GoogleChrome/ip-protection/blob/main/Masked-Domain-List.md> >>>>> (MDL) >>>>> in a third-party context will be impacted. >>>>> >>>>> 1% Experiment Summary >>>>> >>>>> Our 1% stable Incognito experiment did not show any statistically >>>>> significant movement for Core Web Vitals or increase in crashes on both >>>>> Desktop and Android platforms. >>>>> >>>>> As the feature is only enabled for a subset of traffic (domains on the >>>>> Masked Domain List) for Incognito sessions, the sample size is smaller >>>>> than >>>>> we typically observe in a 1% experiment. We plan to carefully ramp the >>>>> experiment to evaluate performance and stability impact before launching >>>>> to >>>>> Incognito 100%. >>>>> >>>>> >>>>> Blink component >>>>> >>>>> Internals>Network>Proxy >>>>> <https://issues.chromium.org/issues?q=customfield1222907:%22Internals%3ENetwork%3EProxy%22> >>>>> >>>>> >>>>> TAG review >>>>> >>>>> https://github.com/w3ctag/design-reviews/issues/1083 >>>>> >>>>> >>>>> TAG review status >>>>> >>>>> Closed (resolution: decline) >>>>> >>>>> >>>>> Risks >>>>> >>>>> >>>>> >>>>> Interoperability and Compatibility >>>>> >>>>> There shouldn’t be any interop concerns, as we’re routing certain >>>>> traffic through a series of proxies. >>>>> >>>>> >>>>> In terms of compatibility, there are a few possible risks, namely >>>>> assigning the incorrect geo >>>>> <https://github.com/GoogleChrome/ip-protection/blob/main/Explainer-IP-Geolocation.md> >>>>> >>>>> on egress. However, this would be considered a bug in our services (to be >>>>> fixed server side when discovered), not a consequence of the feature >>>>> itself. Another risk might be that these IP ranges aren’t recognized and >>>>> certain traffic is incorrectly blocked or a user loses access to a >>>>> resource. We have published our geofeed >>>>> <https://www.gstatic.com/ipprotection/geofeed> as one mitigation for >>>>> this risk. >>>>> >>>>> >>>>> Gecko: No signal >>>>> >>>>> >>>>> WebKit: Shipped/Shipping Safari has a similar feature called iCloud >>>>> Private Relay. >>>>> >>>>> >>>>> Web developers: Mixed signals There are some different views in the >>>>> various open and closed issues at >>>>> https://github.com/GoogleChrome/ip-protection/issues. They range from >>>>> neutral (questions about user choice, impact on anti-fraud/anti-abuse use >>>>> cases, etc.) to negative (questions around the ability to trust the >>>>> system). >>>>> >>>>> >>>>> Other signals: >>>>> >>>>> >>>>> WebView application risks >>>>> >>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>> that it has potentially high risk for Android WebView-based applications? >>>>> >>>>> None >>>>> >>>>> >>>>> >>>>> Debuggability >>>>> >>>>> We display which requests are proxied in the DevTools Network panel >>>>> (when IP Protection is enabled). Proxied requests can also be debugged >>>>> via >>>>> netlogs. >>>>> >>>>> >>>>> We also have chrome://flags/#ip-protection-proxy-opt-out which >>>>> developers or users can use for testing suspected breakage. >>>>> >>>>> >>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>> Mac, Linux, ChromeOS, Android, and Android WebView)? >>>>> >>>>> No >>>>> >>>>> We plan to launch this on all Blink platforms except WebView. >>>>> >>>>> >>>>> Is this feature fully tested by web-platform-tests >>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>> ? >>>>> >>>>> No, and there isn’t any API to be tested. So we don’t plan to add any. >>>>> >>>>> >>>>> Flag name on about://flags >>>>> >>>>> None >>>>> >>>>> >>>>> Finch feature name >>>>> >>>>> EnableIpPrivacyProxy >>>>> >>>>> >>>>> Rollout plan >>>>> >>>>> (RARE) Experiment users ramp up over time >>>>> >>>>> >>>>> Requires code in //chrome? >>>>> >>>>> False >>>>> >>>>> >>>>> Tracking bug >>>>> >>>>> https://issues.chromium.org/issues/370696608 >>>>> >>>>> >>>>> Launch bug >>>>> >>>>> https://launch.corp.google.com/launch/4403761 >>>>> >>>>> >>>>> Estimated milestones >>>>> >>>>> Shipping on desktop >>>>> >>>>> 140 >>>>> >>>>> Shipping on Android >>>>> >>>>> 140 >>>>> >>>>> >>>>> Anticipated spec changes >>>>> >>>>> Open questions about a feature may be a source of future web compat or >>>>> interop issues. Please list open issues (e.g. links to known github >>>>> issues >>>>> in the project for the feature specification) whose resolution may >>>>> introduce web compat/interop risk (e.g., changing to naming or structure >>>>> of >>>>> the API in a non-backward-compatible way). >>>>> >>>>> None >>>>> >>>>> >>>>> Link to entry on the Chrome Platform Status >>>>> >>>>> https://chromestatus.com/feature/6574194264899584 >>>>> <https://chromestatus.com/feature/6574194264899584?gate=6525820887105536> >>>>> >>>>> >>>>> Links to previous Intent discussions >>>>> >>>>> Intent to Experiment: >>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/9s8ojrooa_Q/m/I6Rj5UTZBgAJ >>>>> >>>>> >>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/gBL-Nce3g9c?e=48417069 >>>>> >>>>> >>>>> >>>>> >>>>> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c3e9c4c4-7530-4c95-9749-24f646535024n%40chromium.org >> >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c3e9c4c4-7530-4c95-9749-24f646535024n%40chromium.org?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/f0bc64f7-27d8-44ac-930d-ccc18524cc85n%40chromium.org.
