Last month, Google launched a new feature for Chrome called IP Protection that makes it easier for the company to spy on you. No surprise, since this is Google’s business model. But what’s concerning is that Google is marketing this as a privacy feature.
More and more, Google is using privacy washing, a form of false advertising designed to trick people into thinking their products are private.
Before IP Protection, there was “enhanced ad privacy(new window)”, another Chrome feature designed to trap you inside Google’s surveillance network to the exclusion of other companies.
The idea behind IP Protection is much the same. It shields your computer’s IP address from other websites while passing all your web traffic through a server owned by Google. This gives Google a God’s-eye view of every website you visit at all times while using Chrome, whether you are logged in to your Google Account or not. There is zero privacy benefit to IP Protection in its current form, and we strongly recommend people do not enable it.
Other privacy advocates are also raising the alarm. Developers reviewing the codebase have strongly criticized Google(new window).
“This doesn’t have anything to do with security,” one developer wrote. “This is all about control, harvesting data, and ensuring Google’s position as the advertising leader on the internet.”
Why is Google doing this?
Google’s competitive advantage is its highly targeted advertising, with 80% of its $224 billion in revenue(new window) coming from ads. These ads are only valuable so long as Google knows all about your interests from your searches and browsing activity.
As the world’s most popular web browser, Chrome is Google’s window on billions of people, particularly when combined with other data sources, such as Google Search or Google Maps. If you’re logged into your Google Account, for example to access your Gmail, the company can then associate all your searches with your account. The company has ways to track you even if you’re using Incognito Mode(new window).
This is why IP Protection is a sham. In its initial stage of development, Google Chrome is using its own proxy server to generate a temporary IP address to conceal your real IP address from a list of specific websites that Google owns. To enable IP Protection at this stage, you must opt in.
In future stages, Google says it may add a second proxy server operated by another company. The “second hop”, as they call it, would only see the temporary IP address from the first server and the website you plan to visit. This other company is supposedly independent, but Google would presumably choose the provider and define its policies.
The two-hop system may look like a privacy benefit — except that Google already has numerous other ways to track you. Google sees your search history, Google Analytics, your Chrome history, cookies in its ad network, mobile location, inbox, calendar, and on and on. What’s the point of a second privacy layer when Google can monitor your activity in so many other ways?
IP Protection is about two things: privacy washing and building a moat.
Google wants to convince you its service is private while simultaneously collecting your intimate data and preventing competitors from doing the same. IP Protection walls off your data from the rest of the internet while sealing Google’s surveillance apparatus on your side of the wall.
What can you do instead of IP Protection?
It’s easy to start building a privacy wall with Google on the outside
You can protect your browsing activity and accomplish what IP Protection claims to by simply using a privacy-protecting browser and a VPN. One of Google’s objectives for IP Protection might actually be to stop users from using independent VPN services, particularly since the better VPN services have ad and tracker blocking technologies built in (such as NetShield in Proton VPN).
Use a private browser
Google Chrome is terrible for privacy. But there are alternatives that respect your privacy(new window). While Chrome gathers data about what you do online, browsers like Firefox don’t. If you’re someone who cares about privacy improvements in Google, you should just stop using Google(new window).
Use a real VPN
While Google will monitor your browsing activity through IP Protection, a trustworthy VPN(new window) will never do that. A VPN creates an encrypted tunnel between your device and the rest of the internet, hiding your browsing data from your local network while shielding your IP address from the websites you visit.
Proton VPN has a strict no-logs policy(new window) which has been independently audited. Google can also be compelled to log user activity under US law. But because Proton is based in Switzerland, you are legally protected from logging orders by Swiss law.
In addition to protecting your IP address, Proton VPN also protects you from ads, trackers, and malware thanks to NetShield Ad-blocker(new window), which is something else Google won’t ever do.
Most importantly, Proton’s business model is based on providing privacy-first services to customers who pay for subscriptions. So Proton’s financial incentives are to protect people from online surveillance, while Google is incentivized to do the opposite.
You can learn more about Proton VPN’s privacy features here.
Google doesn’t want you to use a real VPN or switch to truly private services, instead hoping you’ll accept IP Protection, “enhanced ad privacy”, and its other privacy washing features. Don’t take the bait. A better internet is possible if you choose — in fact, you can deGoogle your life(new window) now for just $1.