LGTM3 On Wed, Jul 16, 2025 at 5:29 PM Alex Russell <slightly...@chromium.org> wrote:
> Mike Taylor was kind enough to answer all my questions regarding > non-Google browsers in today's API OWNERS meeting. LGTM2. > > On Wednesday, July 16, 2025 at 8:28:24 AM UTC-7 Chris Harrelson wrote: > >> LGTM1 >> >> On Wed, Jul 16, 2025 at 8:18 AM Alex Russell <slightly...@chromium.org> >> wrote: >> >>> Thanks. What's the story for non-Google browsers? >>> >>> On Monday, July 14, 2025 at 1:08:39 PM UTC-7 riz...@google.com wrote: >>> >>>> Thanks, Alex, I've updated the review bits in the tool. >>>> >>>> We are currently targeting this work for Chrome's Incognito mode only. >>>> Users will not be able to pick their proxy, but they will be able to turn >>>> off the feature. >>>> >>>> On Mon, Jul 14, 2025 at 2:18 PM Alex Russell <slightly...@chromium.org> >>>> wrote: >>>> >>>>> This is exciting work, and I'm inclined to LGTM. There are some >>>>> reviews that need to be kicked off within the tool for us to be able to >>>>> move forward; let us know if you need help. >>>>> >>>>> On the meat of the work, are you going to be launching this feature >>>>> with any other Chromium browsers, either with Google as a proxy or using >>>>> the same code paths with alternate proxies? And do you envision that users >>>>> will be able to pick their proxy? >>>>> >>>>> Best, >>>>> >>>>> Alex >>>>> >>>>> On Monday, July 14, 2025 at 8:54:50 AM UTC-7 riz...@google.com wrote: >>>>> >>>>>> Contact emailsmiketa...@chromium.org, jhbrad...@google.com, >>>>>> riz...@google.com >>>>>> >>>>>> Explainer >>>>>> https://github.com/GoogleChrome/ip-protection/blob/main/README.md >>>>>> >>>>>> Specification >>>>>> >>>>>> None. While Apple does ship a similar feature, we believe that we >>>>>> need the experience that comes with shipping before attempting >>>>>> standardization or alignment of architectures. See the relevant >>>>>> discussion in the TAG review >>>>>> <https://github.com/w3ctag/design-reviews/issues/1083#issuecomment-2891647225> >>>>>> . >>>>>> >>>>>> Summary >>>>>> >>>>>> IP Protection is a feature that limits availability of a user’s >>>>>> original IP address in third party contexts in Incognito mode, enhancing >>>>>> Incognito's protections against cross-site tracking when users choose to >>>>>> browse in this mode. >>>>>> >>>>>> IP addresses are essential to the basic functioning of the web, >>>>>> notably for routing traffic and to prevent fraud and spam. However, like >>>>>> third-party cookies, they can also be used for tracking. For Chrome users >>>>>> who choose to browse in Incognito mode, we wanted to provide additional >>>>>> control over their IP address, without breaking essential web >>>>>> functionality. >>>>>> >>>>>> To strike this balance between protection and usability, this >>>>>> proposal focuses on limiting the use of IP addresses in a third-party >>>>>> context in Incognito Mode. To that end, this proposal uses a list-based >>>>>> approach, where only domains on the Masked Domain List >>>>>> <https://github.com/GoogleChrome/ip-protection/blob/main/Masked-Domain-List.md> >>>>>> (MDL) >>>>>> in a third-party context will be impacted. >>>>>> >>>>>> 1% Experiment Summary >>>>>> >>>>>> Our 1% stable Incognito experiment did not show any statistically >>>>>> significant movement for Core Web Vitals or increase in crashes on both >>>>>> Desktop and Android platforms. >>>>>> >>>>>> As the feature is only enabled for a subset of traffic (domains on >>>>>> the Masked Domain List) for Incognito sessions, the sample size is >>>>>> smaller >>>>>> than we typically observe in a 1% experiment. We plan to carefully ramp >>>>>> the >>>>>> experiment to evaluate performance and stability impact before launching >>>>>> to >>>>>> Incognito 100%. >>>>>> >>>>>> >>>>>> Blink component >>>>>> >>>>>> Internals>Network>Proxy >>>>>> <https://issues.chromium.org/issues?q=customfield1222907:%22Internals%3ENetwork%3EProxy%22> >>>>>> >>>>>> >>>>>> TAG review >>>>>> >>>>>> https://github.com/w3ctag/design-reviews/issues/1083 >>>>>> >>>>>> >>>>>> TAG review status >>>>>> >>>>>> Closed (resolution: decline) >>>>>> >>>>>> >>>>>> Risks >>>>>> >>>>>> >>>>>> >>>>>> Interoperability and Compatibility >>>>>> >>>>>> There shouldn’t be any interop concerns, as we’re routing certain >>>>>> traffic through a series of proxies. >>>>>> >>>>>> >>>>>> In terms of compatibility, there are a few possible risks, namely >>>>>> assigning the incorrect geo >>>>>> <https://github.com/GoogleChrome/ip-protection/blob/main/Explainer-IP-Geolocation.md> >>>>>> on egress. However, this would be considered a bug in our services (to be >>>>>> fixed server side when discovered), not a consequence of the feature >>>>>> itself. Another risk might be that these IP ranges aren’t recognized and >>>>>> certain traffic is incorrectly blocked or a user loses access to a >>>>>> resource. We have published our geofeed >>>>>> <https://www.gstatic.com/ipprotection/geofeed> as one mitigation for >>>>>> this risk. >>>>>> >>>>>> >>>>>> Gecko: No signal >>>>>> >>>>>> >>>>>> WebKit: Shipped/Shipping Safari has a similar feature called iCloud >>>>>> Private Relay. >>>>>> >>>>>> >>>>>> Web developers: Mixed signals There are some different views in the >>>>>> various open and closed issues at >>>>>> https://github.com/GoogleChrome/ip-protection/issues. They range >>>>>> from neutral (questions about user choice, impact on >>>>>> anti-fraud/anti-abuse >>>>>> use cases, etc.) to negative (questions around the ability to trust the >>>>>> system). >>>>>> >>>>>> >>>>>> Other signals: >>>>>> >>>>>> >>>>>> WebView application risks >>>>>> >>>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>>> that it has potentially high risk for Android WebView-based applications? >>>>>> >>>>>> None >>>>>> >>>>>> >>>>>> >>>>>> Debuggability >>>>>> >>>>>> We display which requests are proxied in the DevTools Network panel >>>>>> (when IP Protection is enabled). Proxied requests can also be debugged >>>>>> via >>>>>> netlogs. >>>>>> >>>>>> >>>>>> We also have chrome://flags/#ip-protection-proxy-opt-out which >>>>>> developers or users can use for testing suspected breakage. >>>>>> >>>>>> >>>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>>> Mac, Linux, ChromeOS, Android, and Android WebView)? >>>>>> >>>>>> No >>>>>> >>>>>> We plan to launch this on all Blink platforms except WebView. >>>>>> >>>>>> >>>>>> Is this feature fully tested by web-platform-tests >>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>> ? >>>>>> >>>>>> No, and there isn’t any API to be tested. So we don’t plan to add any. >>>>>> >>>>>> >>>>>> Flag name on about://flags >>>>>> >>>>>> None >>>>>> >>>>>> >>>>>> Finch feature name >>>>>> >>>>>> EnableIpPrivacyProxy >>>>>> >>>>>> >>>>>> Rollout plan >>>>>> >>>>>> (RARE) Experiment users ramp up over time >>>>>> >>>>>> >>>>>> Requires code in //chrome? >>>>>> >>>>>> False >>>>>> >>>>>> >>>>>> Tracking bug >>>>>> >>>>>> https://issues.chromium.org/issues/370696608 >>>>>> >>>>>> >>>>>> Launch bug >>>>>> >>>>>> https://launch.corp.google.com/launch/4403761 >>>>>> >>>>>> >>>>>> Estimated milestones >>>>>> >>>>>> Shipping on desktop >>>>>> >>>>>> 140 >>>>>> >>>>>> Shipping on Android >>>>>> >>>>>> 140 >>>>>> >>>>>> >>>>>> Anticipated spec changes >>>>>> >>>>>> Open questions about a feature may be a source of future web compat >>>>>> or interop issues. Please list open issues (e.g. links to known github >>>>>> issues in the project for the feature specification) whose resolution may >>>>>> introduce web compat/interop risk (e.g., changing to naming or structure >>>>>> of >>>>>> the API in a non-backward-compatible way). >>>>>> >>>>>> None >>>>>> >>>>>> >>>>>> Link to entry on the Chrome Platform Status >>>>>> >>>>>> https://chromestatus.com/feature/6574194264899584 >>>>>> <https://chromestatus.com/feature/6574194264899584?gate=6525820887105536> >>>>>> >>>>>> >>>>>> Links to previous Intent discussions >>>>>> >>>>>> Intent to Experiment: >>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/9s8ojrooa_Q/m/I6Rj5UTZBgAJ >>>>>> >>>>>> >>>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/gBL-Nce3g9c?e=48417069 >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c3e9c4c4-7530-4c95-9749-24f646535024n%40chromium.org >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c3e9c4c4-7530-4c95-9749-24f646535024n%40chromium.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/f0bc64f7-27d8-44ac-930d-ccc18524cc85n%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/f0bc64f7-27d8-44ac-930d-ccc18524cc85n%40chromium.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAARdPYdcdvdX3YE-Z9ch_FJFR%3DkN7nb9Y6QiKEBgd28v%2BzR-Cw%40mail.gmail.com.
