A couple of days ago, I was invited by Google to enable a new mobile Chrome feature. Thinking that perhaps this was the new QUIC protocol, I went ahead and accepted. What I got instead was an offer to run all cleartext traffic through Google’s proxy servers.
Still in extremely limited, invitation-only beta, Google’s claims regarding improved performance are probably accurate. Being in the middle of the connection, the proxy certainly can compress traffic and convert images to a format better suited for a mobile device, particularly one with low screen resolution, reducing the amount of data to be downloaded and thus improving network performance, especially over slower connections. Exceptions would be made for HTTPS traffic any anything coming from an Incognito session.
But this is at a severe cost in privacy. Every single unencrypted connection in a normal browser session would run through Google’s servers, allowing not only possible interception of passwords and other sensitive data (remember that not all data is legally protected) but also the possibility of feeding otherwise hidden pages into Google’s index. Despite the potential (certainly not assured) speed advantages, I fear that Google will at least make this a prominent option for users to enable without understanding the risks. Most people will choose convenience (in this case speed) over security given the option.
This is one of those things that I’ve long warned against. I’m fine with home filters, but those are generally under the owner’s control. A proxy that you don’t control gives ultimate power to whomever does own the proxy. It could block the traffic for any (or no) reason and the information that the user gets back about the block may or may not be accurate.
It also makes for a central point of monitoring that any government would love to have the opportunity to use. Looking at things optimistically, I’m sure the FBI would love to tap it in criminal cases, but there are plenty of other countries (like India) that are trying to or have set up monitoring as a fact of life, and I doubt that those countries’ networks will be made exempt from this feature.
I can’t get excited over this at even the most basic level. Usually when I see a new Google feature, I see what they’re trying to do even if the implementation is a little iffy. However, in this case I really can’t see the net good to come from it.