8 votes

Chrome team tests "private prefetch proxy"

2 comments

  1. [2]
    skybrian
    (edited )
    Link
    This blog post is quite poorly written, but it seems they have a goal to do HTTP prefetching in a more private way: To test this, they ran an experiment in Chrome 86 on Android (two versions ago),...

    This blog post is quite poorly written, but it seems they have a goal to do HTTP prefetching in a more private way:

    [...] the challenge [...] is to find an approach which upholds the following privacy principle: “None of the parties involved can learn anything new about the user as a result of prefetching a website”

    To test this, they ran an experiment in Chrome 86 on Android (two versions ago), using a new Google-owned proxy server for prefetch requests. The scope of the experiment was limited to Google's own websites.

    At a high level, Chrome gives the name of a website to the CONNECT proxy which then creates a secure communication channel between Chrome and that website. By design, the proxy was operated for and by Google, and was restricted to navigations originating from Google owned surfaces, thereby ensuring that the proxy could only see information that’s already accessible such as the names of the websites prefetched from surfaces that we authored. The end-to-end encrypted communication channel provided by the CONNECT proxy means that the proxy is only able to relay further requests without being able to see the content of the communication. Furthermore, given that the content of the communication is encrypted end-to-end between Chrome and the destination site, it also means that intermediaries can’t see the prefetched domains, nor the content of the prefetched resources. Likewise, since the proxy is relaying the prefetching requests, the destination website only sees the IP address of the proxy, not the user’s IP address. Finally, prefetching was restricted to websites that had no cookies or other local state, thereby preventing the destination site from identifying a user via information previously stored on their device.

    So it seems like the prefetch proxy would only see the website's domain (or else it wouldn't know which server to connect to), but the user's IP address is hidden from website's owner. This seems sort of like VPN but more limited, and with less trust placed on the proxy than a VPN, since it's only used for encrypted traffic.

    In the early days of the web, there was more support for HTTP proxy servers but it was all unencrypted traffic. It seems like they're trying to bring it back again?

    Meanwhile, web sites can use services like Cloudfront to hide the real location of their server. So we've got multiple levels of proxying and the point is to exchange data while making sure nobody knows anyone else's IP address. It reminds me of onion routing.

    I guess in theory it could be extended to regular web browsing (not just prefetching) to make analytics entirely useless, but Google is unlikely to do anything radical like that.

    3 votes
    1. Wes
      Link Parent
      Glad it wasn't just me. I read this earlier and barely made sense of it on my first pass. Didn't find any discussion on HN or reddit, so I promptly forgot about it. Thanks for posting it here and...

      This blog post is quite poorly written

      Glad it wasn't just me. I read this earlier and barely made sense of it on my first pass. Didn't find any discussion on HN or reddit, so I promptly forgot about it. Thanks for posting it here and summarizing for the rest of us.

      3 votes