Google’s plan to stop marketers from tracking Chrome users across websites by anonymizing IP addresses is being surprisingly challenged by a marketing advocacy group.
The Movement for an Open Web (MOW), an organization that campaigns against Google’s Privacy Sandbox initiative because it harms competing internet advertising companies, has filed a complaint with the UK Competition and Markets Authority (CMA) regarding the protection of intellectual property rights of Google assets.
IP Protection, formerly known as “ip-blindness” or “Gnatcatcher”, is a proxy system similar to Apple’s Privacy Relay. It is designed to run Chrome browser login through two proxies, one operated by Google and one operated by a third party (e.g. Cloudflare), so that the user’s actual public IP address is disturbance, thus hindering further efforts. The web uses this address.
IP Protection is expected to appear in a future version of Chrome, perhaps as early as January 2024 with the launch of Chrome 122. Google-operated proxies can see users’ IP addresses but not visited websites, and third-party proxies can see visited web servers but not visitors’ IP addresses access.
By separating a user’s IP address from the user’s destination through Google services, websites and intermediaries cannot (without additional information) link people’s IP addresses to their habits. Browse their website to create a marketing profile.
Initially, IP protection will be optional, but Google plans to make it the default setting for the Chrome browser.
MOW objected to the plan as a breach of Google’s commitments to the CMA, a series of promises the advertising industry made to the UK competition watchdog to gain approval for the cookie replacement plan third parties using Privacy Sandbox technology.
“Google’s IP Protection means ISPs will no longer have visibility of data via an IP address whist leaving Google with the ability to monitor and process data at all times,” says a letter from MOW’s London-based legal representative Preiskel & Co LLP to the CMA and to UK telecom regulator Ofcom, which was provided to The Register.
“This will make the provision of child protection services more difficult for ISPs.”
The CMA did not immediately respond to a request for comment and subsequently acknowledged receipt of MOW’s complaint.
The need to protect children has become a common justification for efforts to weaken encryption in Europe, the UK and the US.
And marketers, like law enforcement, fear that privacy technologies will leave them in the dark and without the lucrative data they depend on. Such concerns appeared in the IP Protection GitHub repository.
For example, a pseudonymous person who claims to help advertisers optimize their Google AdWords campaigns claims that IP addresses play an important role in preventing fraud.
“By monitoring individual IP address activity for each campaign and those IP addresses clicking on keywords 10+ times per day, we have been able to exclude these IP addresses,” the purported marketer wrote in early August.
“The result is that we have maintained the performance of each campaign but significantly reduced the monthly spend for our clients. If we do not have access to granular IP addresses, we will no longer be able to help our clients save money, this will lead to reduced campaign performance and will no doubt lead to us turning off a number of campaigns as the economics will no longer work.”
For MOW, the concern is that Google would still have data denied to rivals.
“This is a blatant and egregious breach of the commitments made by Google to the CMA to prevent it acting in an anti-competitive fashion,” said Tim Cowen, co-founder of MOW, in a statement provided to The Register. “They have started to roll out a clearly self-preferencing technology as part of Privacy Sandbox without adequate notice or testing.
“As with all aspects of the Sandbox, IP Protection is an anti-competitive technology that Google is attempting to impose upon the web under the veil of privacy. It removes an important piece of data from Google’s competitors whilst they can continue to make use of it.”
MOW’s letter to the CMA cites specific objections as to why IP Protection contravenes Google’s promises to the agency. IP Protection, it’s claimed, makes it more difficult for VPN operators to compete; restricts access to data that Google’s ad systems rely on; lacks the testing Google promised to do; and removes functionality without proof of its effectiveness.
The missive also notes that Google has not sought a design review from the W3C’s Technical Architecture Group (TAG). According to MOW, the likely reason is to avoid criticism “for the feature’s anticompetitive impact and its blatant attempt to privatize the Open Web.”