DavidSchinazi
commented
10 months ago Hi, connections through the proxies are encrypted multiple times to prevent Google from being able to access browsing data. In particular, the connection client-website is end-to-end encrypted, and so are the client-proxyA and client-proxyB connections. Because of this, the proxyA (operated by Google) will only be able to see the client IP address but won't be able to know which website is visited. The proxyB (operated by a partner) will be able to see the hostname of the website, but it won't know which client IP is accessing it. Neither proxy can see the URL nor the data due to the end-to-end encryption. With this design, no one - not even Google - can see who visited what website. Regarding log retention for the very limited information that we do have, let me confirm things internally and circle back.
iSaluki
hben2
So this proposal raises a few key questions, most of which have clearly been addressed or are being addressed already.
However, currently I'm unclear about how much data is logged and for how long that data is retained.
As this feature brands itself as a proxy, I am assuming that no additional encryption is applied to traffic. This does mean that Google could use this to store information on who has visited what sites.
So, what data is logged, and for how long are those logs stored? What can those logs be used for? And how can we verify this?
And how can we trust Google to provide a feature like this? Your track record is not amazing and I appreciate that this will likely be an uphill struggle to justify, but I want to hear how you can protect users not only from third-parties but from yourselves.
Thank you for taking the time to run this as a proposal openly, and accepting feedback. Doing things this way is a lot more transparent and I do truly appreciate the opportunity to make my voice heard.