The Masked Domain List (MDL) is a list of domains that will be proxied in Incognito mode. Google has developed criteria to identify domains that should be on the MDL. These criteria are outlined more comprehensively in the IP Protection explainer.
Essentially, the MDL will be comprised of domains that fulfill the following criteria:
- The domain is embedded as a third-party domain and therefore in a position to collect information about a user or their device across multiple sites that aren’t owned by the data collector (see below for plans to identify ownership).
- The domain meets at least one of the following criteria:
- The domain serves one of the following business purposes:
- Serving of ads
- Targeting of ads
- Measuring ad effectiveness
- Collection of user data for ads, commerce or marketing related activities
- The domain serves one of the following business purposes:
OR
- The domain collects user or device information in a way that appears likely to support re-identification of users or devices across contexts.
These business purposes have been selected because they indicate a heightened risk that an embedded domain could have a business incentive to collect users’ activity across sites for commercial purposes.
While the criteria should be seen as largely stable and durable, the MDL itself is subject to ongoing evolution and change.
To ensure its accuracy and effectiveness, Google has partnered with Disconnect.me, a prominent internet privacy leader who also collaborates with other web browsers. Chrome will leverage Disconnect.me to identify domains that align with Chrome's established criteria.
The initial version of the list will be hosted on GitHub. Periodically, domains may be added or removed based on the fingerprinting detection system and updates to Disconnect's published list. Chrome will remove domains from the MDL that have successfully appealed inclusion in the list. The published MDL will be the latest version used by Chrome.