Open iSaluki opened 10 months ago
Hi, connections through the proxies are encrypted multiple times to prevent Google from being able to access browsing data. In particular, the connection client-website is end-to-end encrypted, and so are the client-proxyA and client-proxyB connections. Because of this, the proxyA (operated by Google) will only be able to see the client IP address but won't be able to know which website is visited. The proxyB (operated by a partner) will be able to see the hostname of the website, but it won't know which client IP is accessing it. Neither proxy can see the URL nor the data due to the end-to-end encryption. With this design, no one - not even Google - can see who visited what website. Regarding log retention for the very limited information that we do have, let me confirm things internally and circle back.
Thanks for the response.
I'll wait for more information on log retention from the internal team.
This network structure does raise 2 notable questions for me.
What kind of performance impact will this have? No proxy is always going to be faster than 1, but 2 proxies is introducing significant room for latency and bandwidth bottlenecks.
Who is operating the second relays? If Google always operates Relay 1, then why would a third-party operate Relay 2, what's in it for them? I understand the potential impact of data breaches are limited here, but it's important to understand who is going to be involved and almost more importantly why.
Thanks again.
Hi,
Any update on this? In particular, is the client IP retained by Proxy A logs?
Thanks.
So this proposal raises a few key questions, most of which have clearly been addressed or are being addressed already.
However, currently I'm unclear about how much data is logged and for how long that data is retained.
As this feature brands itself as a proxy, I am assuming that no additional encryption is applied to traffic. This does mean that Google could use this to store information on who has visited what sites.
So, what data is logged, and for how long are those logs stored? What can those logs be used for? And how can we verify this?
And how can we trust Google to provide a feature like this? Your track record is not amazing and I appreciate that this will likely be an uphill struggle to justify, but I want to hear how you can protect users not only from third-parties but from yourselves.
Thank you for taking the time to run this as a proposal openly, and accepting feedback. Doing things this way is a lot more transparent and I do truly appreciate the opportunity to make my voice heard.