Chrome's IP Protection masked your IP from trackers in Incognito via a two-hop proxy — until Google announced its retirement. Here's how it worked.
Chrome's IP Protection was a Privacy Sandbox feature that hid your real IP address from known trackers in Incognito mode by routing that traffic through two independently-run proxies. It never touched your first-party browsing, and in October 2025 Google announced it's being retired along with several other Privacy Sandbox technologies. This guide explains how it worked, what it actually masked, and what its cancellation means if you care about IP-based tracking.
Key Takeaways
- IP Protection only applied to third-party requests from a short, curated list of domains (the Masked Domain List, or MDL) inside Incognito mode — not to every site you visited.
- It used a two-hop proxy: Google ran the first hop, an external CDN ran the second, and neither could see both your real IP and the destination together.
- Your masked IP still resolved to your real country, so ad targeting and content localization kept working — this was never meant to hide your location the way a VPN does.
- Google announced on October 17, 2025 that IP Protection is being retired, alongside Topics, Protected Audience, and Attribution Reporting, citing low ecosystem adoption.
- If you want your real IP hidden from every site you visit, not just a tracker list in Incognito, you still need an actual VPN or proxy — you can check what your connection currently exposes with BrowserInsight's VPN/proxy check and IP intelligence tools.
What Chrome's IP Protection actually was
IP Protection was one of the Privacy Sandbox proposals built to reduce cross-site tracking without breaking the web outright. The problem it targeted: even after blocking third-party cookies, a tracker embedded on many sites can still stitch your visits together using your IP address alone, because the same IP shows up on every page you load. IP Protection addressed that narrow case by masking your IP specifically for requests to domains on the Masked Domain List when those domains were loaded in a third-party context — for example, an ad-tech script embedded on multiple unrelated sites, rather than the site you typed into the address bar.
Crucially, it was scoped to Chrome's Incognito mode only, on desktop and Android, and users could turn it off. First-party traffic — the site you're actually visiting — was never proxied or masked; a site you browse directly always saw your real IP, exactly as before.
The two-hop proxy: how the masking worked
Rather than routing everything through a single Google-run proxy (which would just move the tracking problem to Google), the design used two independent hops. Google operated the first proxy; a separate external CDN operated the second. Each hop only saw half the picture: the first proxy could see your real IP but not which site you were contacting, and the second proxy could see the destination but not your real IP. Neither could link the two together, and neither could see the actual traffic — that stayed end-to-end encrypted underneath two additional layers of QUIC-based tunneling.
Authentication used a blind-signature scheme based on the IETF's Privacy Pass work, so the proxies could confirm you were a legitimate, rate-limited Chrome user without learning who you were. This is the same "prove you're allowed, without revealing your identity" pattern used elsewhere on the modern web to replace CAPTCHAs and per-user tracking.
Which domains actually got masked
Not every third-party request qualified. Chrome, working with the privacy vendor Disconnect, maintained the Masked Domain List using two criteria: a domain had to be embedded in a third-party context, and it had to either serve an ads-related business purpose (serving ads, targeting ads, measuring ad effectiveness, or ads/commerce data collection) or run scripts detected as building high-entropy fingerprints across sites. Domains that didn't meet either bar — including most of the ordinary first-party sites you visit — were unaffected either way.
That narrow scope is the detail people usually miss: IP Protection was never a general-purpose IP mask for your whole browsing session. It targeted a specific tracking vector (cross-site IP correlation by third-party scripts), the same way WebRTC leak protection targets one specific leak rather than hiding everything about your connection.
Effect on geolocation and IP-based detection
The proxy didn't erase your location — it coarsened it. The masked IP was deliberately assigned to preserve your approximate country (Google purchased IP blocks for this purpose and deferred BGP routing control to its CDN partners), so ad targeting, content localization, and legal geo-restrictions kept functioning. That's a meaningfully different goal from IP geolocation accuracy evasion — it removed cross-site correlation, not country-level location.
It also isn't the same signal a VPN detector looks for. As covered in how websites detect VPNs and proxies, detection systems check IP blocklists, ASN ownership, and geo/timezone consistency across your whole session. IP Protection's masking applied only to specific third-party calls inside Incognito — a site you visit directly still saw your real, unmasked IP and network fingerprint, so it never triggered VPN-style detection for ordinary first-party browsing the way a real VPN or proxy would.
Rollout timeline — and the retirement
IP Protection moved through the usual Privacy Sandbox stages: proposed as an explainer, tested behind flags, then rolled out to a limited set of Incognito users in select regions, with Chrome's own documentation targeting a Stable-channel launch "no sooner than July 2025." That timeline shifted. On October 17, 2025, Google announced it would retire IP Protection entirely, grouping it with Attribution Reporting, Protected Audience, On-Device Personalization, Related Website Sets, and Topics — citing feedback that these APIs weren't delivering enough value relative to their complexity, after Chrome had already backed off its plan to deprecate third-party cookies by default. With that deprecation no longer imminent, some of the urgency behind these tracking-mitigation proposals eased as well.
What this means if you care about IP tracking today
If you were counting on IP Protection to hide your IP from trackers, plan on it not being there: Chrome is winding the feature down rather than expanding it. The practical options haven't changed —a real VPN or proxy remains the way to mask your IP across an entire session, not just specific third-party calls in Incognito. Worth knowing the trade-offs first: different proxy types vary in how detectable they are, and a VPN alone doesn't guarantee anonymity if WebRTC or DNS leaks expose your real address anyway. Before relying on any of these, it's worth checking what your connection actually exposes right now with BrowserInsight's VPN/proxy check and IP intelligence.
Frequently Asked Questions
Is Chrome's IP Protection still available?
It was tested in Incognito mode for a limited set of users, but Google announced on October 17, 2025 that it's being retired rather than rolled out further. Don't plan around it being available going forward.
Does Incognito mode hide my IP address by itself?
No. Incognito mode clears local browsing data (history, cookies, site data) when you close the window — it never hid your IP address from sites you visit directly. IP Protection was an additional, separate feature layered on top of Incognito, and only for specific third-party trackers.
How is IP Protection different from a VPN?
A VPN reroutes and masks your IP for your entire connection, to every site you visit. IP Protection only masked your IP for requests to a curated list of third-party domains, inside Incognito mode, while leaving the site you visited directly seeing your real IP. It was a narrow anti-tracking mitigation, not a privacy tool for hiding your location or identity generally.
Will Google bring back something similar later?
Google's October 2025 announcement framed the retirement as a response to low adoption and a shift in priorities after backing off broad third-party-cookie deprecation, and didn't commit to a replacement for IP Protection specifically. Treat it as discontinued rather than paused.
Conclusion
Chrome's IP Protection was a narrowly-scoped anti-tracking feature — a two-hop proxy that masked your IP for a curated list of third-party domains inside Incognito mode, while preserving your country-level location and leaving ordinary first-party browsing untouched. Google retired it in October 2025 alongside several other Privacy Sandbox proposals, so it's not something to plan around going forward. If hiding your IP across your whole browsing session is the goal, that still means a real VPN or proxy, tested against actual leaks rather than assumed to work.
Recommended Reading:


