Mozilla “sold their soul to Google”? What did I miss?

There’s no reason your clients can’t have public, world routeable IPs as well as security.

There are a lot of valid reasons, other than security, for why you wouldn’t want that though. You don’t necessarily want to allow any client’s activity to be traceable on an individual level, nor do you want to allow people to do things like count the number of clients at a particular location. Information like that is just unnecessary to expose, even if hiding it doesn’t make anything more secure per se.

Please explain how Google would get my location if I don’t run a phone with Google location services and / or don’t allow Google services and apps to access my location. Sure, they may know where you are roughly based on your IP, but that’s just within a very broad region, and can easily be obfuscated by a VPN. Google siphons a shitton of information from everywhere they can, but it’s not like they’ve secretly implanted everyone with a tracking chip either… And neither can they get around any device’s OS-level location permission system.

Vast majority of people do, and on iOS and Android these days turning it “off” really just keeps it from connecting to peripherals. It’s still scanning even when “off”.

Google literally has an official list of IP ranges for their crawlers, complete with an API that returns the current IP ranges that you can use to automate a check. Hardly a moving target, and even if it is, it doesn’t matter if you know exactly where the target is at all times.