We need 100% clarification on what traffic will go through the proxy

[humbertoby8212]

Having read the majority of issues/posts in this repo, I understand the following to be true:

1. All first party traffic will not go through the proxy
   a. i.e. If you visit www.companyurl.com, all of the below example files would receive the originator IP address and not a proxy IP
   i. www.companyurl.com/image1.png
   ii. www.companyurl.com/file.js
   iii. www.companyurl.com/styles.css
2. All third party traffic that is not listed by Google as a cross-site tracking script/tool will not go through the proxy
   a. i.e. If www.companyurl.com loads a JS file from a third party (www.thirdparty.com/calc.js) that is not listed by Google as a cross-site tracking domain, the third party (www.thirdparty.com) will receive the originator IP address and not a proxy IP
3. Only domains listed by Google will go through the proxy
   a. There is no plan to send everything through the proxy

Please could you confirm or correct each of the points above so that we are 100% clear.

Please could you also answer the following questions:

1. Is it just cross-site tracking domains that Google plans to send through the proxy?
2. Do Google plan to send other website analytics domains through the proxy that don't partake in cross-site tracking?
3. Do Google have a proposed list of domains that will be added to the proxy list that you can share with us?

I really appreciate you taking the time to clarify my understanding and answer my questions.
Thank you

[kostajh]

@humbertoby8212 that is my understanding, but would be nice for someone from Google to definitively answer this. From what I can see, there is a fair amount of fear/uncertainty/doubt because of the lack of clarity on this. See also #13.

[jbradl11]

Hi @humbertoby8212

You are correct on the first three points (see below for more details).

Chrome’s IP Protection uses a list-based approach to identify which third-party traffic goes through the proxies. Origins that are on the list but are accessed in a first-party context will not be proxied through this service for those connections.

For example, if an analytics company is on the list of domains and a user navigates directly to the site, that site will still be able to observe the user’s IP address instead of the proxied IP address. However, if that domain on the list makes a network request in a third-party context, the connection will be proxied and the user's original IP address will not be visible to the site.

Our ultimate goal is to prevent cross-site tracking of users across the web. We are working through some details before sharing more information about which third-party domains we plan to focus on initially.