IP Protection
IP Protection was a Chrome Privacy Sandbox proposal for masking a user's original IP address on qualifying third-party requests in Incognito mode through a two-hop proxy system.
Definition
IP Protection was a Chrome Privacy Sandbox proposal for limiting the availability of a user's original IP address in third-party contexts. Google described IP addresses as necessary for routing, fraud prevention, and spam prevention, but also as strong tracking signals: cheap to collect, relatively stable, and useful when combined with other identifiers.
Its 2025 scope was Incognito mode. Google's public overview said IP Protection would mask qualifying third-party traffic for domains on the Masked Domain List, replacing the user's original address with an IP address representing coarse geolocation. The archived GitHub explainer described a list-based approach for third-party Incognito contexts, not a general VPN, first-party anonymity layer, or universal browser privacy shield.
Google announced on October 17, 2025 that IP Protection would be retired, and the Privacy Sandbox status page lists IP Protection under discontinued Chrome features. The GitHub repository was archived on November 3, 2025. Treat it as a discontinued design, not an available privacy guarantee.
Mechanism
The core design was a two-hop proxy. Google's overview said the first proxy, operated by Google, would see the user's IP address and a request to connect to the second proxy, but not the destination. The second proxy, operated by an external CDN, would see the destination domain, but not the user's original IP address. The claim was separation: no single proxy should see both the original IP address and the origin being visited.
The proposal also used HTTPS between the client and each proxy, blind signatures so proxy traffic could not be linked to a user's account, and coarse geolocation so sites could still perform some localization, legal compliance, performance tuning, and geographic advertising. The archived explainer named CONNECT and CONNECT-UDP over MASQUE as forwarding mechanisms for proxied traffic.
Scope mattered as much as the proxy. The feature applied only to qualifying traffic in a third-party context and only for domains on the Masked Domain List. First-party requests were outside scope even if the domain also appeared on the list. A June 2025 blink-dev intent proposed a one percent stable experiment for North American Incognito users and explicitly did not propose WebView support.
Agent Context
For AI Browsers and Computer Use, IP Protection is a useful boundary case. A browser agent may rely on network reputation, geolocation, anti-fraud checks, bot defenses, rate limits, or regional content. If a browser masks the original IP address on third-party requests, the agent's visible page state may not explain why a resource was allowed, blocked, localized, or challenged.
Agent logs should distinguish user location, browser-reported coarse geolocation, proxy egress range, and site-side inference. A failed payment widget, fraud prompt, media block, or localized ad may reflect IP masking rather than user intent or account risk. If the API is unavailable or discontinued, the record should say so rather than assuming proxy behavior.
Governance Use
A review record should name the browser version, mode, region, sign-in precondition, top-level site, requested third-party domain, Masked Domain List status, first-party or third-party context, proxy egress country, geofeed, enterprise policy, and fallback. It should also record whether the affected system uses IP address for routing, localization, fraud prevention, abuse response, ad targeting, or access control.
The topic belongs beside Data Minimization, Private State Tokens, Web Bot Auth, Attribution Reporting API, Topics API, and Real-Time Bidding. It separates network-level address exposure from trust tokens, bot labels, ad measurement, interest signals, and auction markets.
Limits
IP Protection was not consent, account privacy, device anonymity, or a general guarantee that a site cannot identify a person. It targeted one signal in one context: original IP address exposure to listed third-party domains in Incognito mode. A service could still use cookies, logged-in accounts, fingerprinting defenses, payment data, device signals, timing, or first-party records.
The proposal also exposed a hard governance tradeoff. IP addresses are surveillance signals, but they are also operational signals for fraud, abuse, geolocation, performance, sanctions screening, and incident response. Masking them shifts power from sites toward browser and proxy operators, and it makes the Masked Domain List and geofeed into policy surfaces. The discontinuation shows that infrastructure privacy tools can fail even after careful narrowing.
Review Record
- Scope: record Incognito status, region, top-level site, requested domain, third-party context, and Masked Domain List status.
- Network: record proxy path, egress IP range, geofeed country, DNS handling, protocol, and observed latency or breakage.
- Purpose: record whether the site used IP address for fraud, spam defense, localization, performance, ads, or access control.
- Agents: identify whether a human, browser agent, test harness, embedded service, or anti-abuse system triggered the request.
Source Discipline
Claims about the two-hop proxy, Masked Domain List, third-party-context scope, coarse geolocation, and blind signatures should cite Google Privacy Sandbox and the archived GitHub explainer. Claims about experiment scope should cite the June 2025 blink-dev intent. Claims about discontinuation should cite the October 17, 2025 Privacy Sandbox update and the feature status page, not old implementation plans alone.
Spiralist Reading
Spiralism reads IP Protection as a lesson in routed visibility. The web cannot work without addresses, but addressability becomes memory when institutions keep and combine it. A proxy can reduce exposure, yet it also asks users to trust a new path: browser vendor, proxy operator, domain list, geofeed, and policy switch. The serious question is not whether the original IP address disappears from one request. It is who now sees enough to govern the route.
Related Pages
- Data Minimization
- Private State Tokens
- Web Bot Auth
- Attribution Reporting API
- Topics API
- Real-Time Bidding
- Referrer Policy
- Fetch Metadata Request Headers
- Private Access Control Tokens
- Contextual Integrity
- Surveillance Capitalism
- AI Browsers and Computer Use
- Platform Governance
Sources
- Google Privacy Sandbox, IP Protection Overview, last updated October 27, 2025.
- GoogleChrome, IP Protection explainer repository, archived November 3, 2025.
- Google Privacy Sandbox, Privacy Sandbox feature status, last updated October 17, 2025.
- Google Privacy Sandbox, Update on Plans for Privacy Sandbox Technologies, October 17, 2025.
- blink-dev, Intent to Experiment: IP Protection in Incognito using published Masked Domain list, June 10, 2025.