Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log level/retention #34

Open
iSaluki opened this issue Nov 22, 2023 · 3 comments
Open

Log level/retention #34

iSaluki opened this issue Nov 22, 2023 · 3 comments

Comments

@iSaluki
Copy link

iSaluki commented Nov 22, 2023
edited
Loading

So this proposal raises a few key questions, most of which have clearly been addressed or are being addressed already.

However, currently I'm unclear about how much data is logged and for how long that data is retained.

As this feature brands itself as a proxy, I am assuming that no additional encryption is applied to traffic. This does mean that Google could use this to store information on who has visited what sites.

So, what data is logged, and for how long are those logs stored? What can those logs be used for? And how can we verify this?

And how can we trust Google to provide a feature like this? Your track record is not amazing and I appreciate that this will likely be an uphill struggle to justify, but I want to hear how you can protect users not only from third-parties but from yourselves.

Thank you for taking the time to run this as a proposal openly, and accepting feedback. Doing things this way is a lot more transparent and I do truly appreciate the opportunity to make my voice heard.
@DavidSchinazi
Copy link
Collaborator

Hi, connections through the proxies are encrypted multiple times to prevent Google from being able to access browsing data. In particular, the connection client-website is end-to-end encrypted, and so are the client-proxyA and client-proxyB connections. Because of this, the proxyA (operated by Google) will only be able to see the client IP address but won't be able to know which website is visited. The proxyB (operated by a partner) will be able to see the hostname of the website, but it won't know which client IP is accessing it. Neither proxy can see the URL nor the data due to the end-to-end encryption. With this design, no one - not even Google - can see who visited what website. Regarding log retention for the very limited information that we do have, let me confirm things internally and circle back.

@iSaluki
Copy link
Author

iSaluki commented Dec 7, 2023
edited
Loading

Thanks for the response.

I'll wait for more information on log retention from the internal team.

This network structure does raise 2 notable questions for me.

  • What kind of performance impact will this have? No proxy is always going to be faster than 1, but 2 proxies is introducing significant room for latency and bandwidth bottlenecks.

  • Who is operating the second relays? If Google always operates Relay 1, then why would a third-party operate Relay 2, what's in it for them? I understand the potential impact of data breaches are limited here, but it's important to understand who is going to be involved and almost more importantly why.

Thanks again.

@hben2
Copy link

hben2 commented May 9, 2024

Hi,

Any update on this? In particular, is the client IP retained by Proxy A logs?

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DavidSchinazi @iSaluki @hben2