How can I reliably prevent my local IP address leaking in the web browsers?
Any site that I visit can see my local IP (e.g. 192.168.1.102). Is there any reliable way to block this behavior? (browser setting, OS setting, router setting, etc.) I am particularity interested in Google Chrome and Mozilla Firefox, but any modern open source browser will do. If it is a browser plugin, it should be open source with a solid user base.
By reliable I mean, that I do not need to check the leakage again after every software update.
More info / what I have read so far:
- There was a Chrome plugin that is not working anymore
- Local IP is obtained using JavaScript / WebRTC
Live Demo here: Demo
- Source code: https://github.com/diafygi/webrtc-ips
- Firefox developers is not going to fix the leak (bug is open from 2014): Bug 959893
In Private / Incognito mode does not prevent this leak. If you use static IPs, and have non typical local IP (e.g. 10.66.77.88 or 192.168.212.121), then there is no need for Browser fingerprinting . Your external IP + internal IP is perfect fingerprint.
Update 1: It is not duplicate of How to Disable WebRTC in Google Chrome - I want to prevent private / local IP leak, not disable all WebRTC.
Update 2: No, it is not related to header X-Forwarded-For (HTTP_X_FORWARDED_FOR), that is added when user/administrator chooses to do so. In my provided demo it is not your choice... It is Google's and Mozilla's choice to leak your private IP even when using private browsing mode.
Update 3: Ability to determine my local IP allows malicious JavaScript to quickly identify my local subnet and print on my local network printers from any website in the world without me doing anything. Cross-site printing This CSP Demo finds my LAN printers using JavaScript.
Update 4: It is not a good idea to reveal private IP to every website. By seeing your private IP, for example 192.168.88.101, I can guess with very high probability that you are using MikroTik router. Also, I can track particular user event if user uses different browsers because local and remote IP stays the same for some time (hours or even days).
google-chrome firefox browser ip webrtc
|
show 8 more comments
Any site that I visit can see my local IP (e.g. 192.168.1.102). Is there any reliable way to block this behavior? (browser setting, OS setting, router setting, etc.) I am particularity interested in Google Chrome and Mozilla Firefox, but any modern open source browser will do. If it is a browser plugin, it should be open source with a solid user base.
By reliable I mean, that I do not need to check the leakage again after every software update.
More info / what I have read so far:
- There was a Chrome plugin that is not working anymore
- Local IP is obtained using JavaScript / WebRTC
Live Demo here: Demo
- Source code: https://github.com/diafygi/webrtc-ips
- Firefox developers is not going to fix the leak (bug is open from 2014): Bug 959893
In Private / Incognito mode does not prevent this leak. If you use static IPs, and have non typical local IP (e.g. 10.66.77.88 or 192.168.212.121), then there is no need for Browser fingerprinting . Your external IP + internal IP is perfect fingerprint.
Update 1: It is not duplicate of How to Disable WebRTC in Google Chrome - I want to prevent private / local IP leak, not disable all WebRTC.
Update 2: No, it is not related to header X-Forwarded-For (HTTP_X_FORWARDED_FOR), that is added when user/administrator chooses to do so. In my provided demo it is not your choice... It is Google's and Mozilla's choice to leak your private IP even when using private browsing mode.
Update 3: Ability to determine my local IP allows malicious JavaScript to quickly identify my local subnet and print on my local network printers from any website in the world without me doing anything. Cross-site printing This CSP Demo finds my LAN printers using JavaScript.
Update 4: It is not a good idea to reveal private IP to every website. By seeing your private IP, for example 192.168.88.101, I can guess with very high probability that you are using MikroTik router. Also, I can track particular user event if user uses different browsers because local and remote IP stays the same for some time (hours or even days).
google-chrome firefox browser ip webrtc
1
The demo you linked shows all addresses as nothing for me, using edge.
– PulseJet
Feb 1 '17 at 15:31
@Ramhound, why not, if the local network is keeping logs?
– PulseJet
Feb 1 '17 at 15:33
1
@MarisB. - The demo you link to me also shows me nothing. I am currently using Chrome.
– Ramhound
Feb 1 '17 at 15:36
1
You can link a better demo in your question (HTTP_X_FORWARDED_FOR) whatsmyip.org/more-info-about-you
– PulseJet
Feb 1 '17 at 15:36
1
Possible duplicate of How to Disable WebRTC in Google Chrome
– Ƭᴇcʜιᴇ007
Feb 1 '17 at 18:13
|
show 8 more comments
Any site that I visit can see my local IP (e.g. 192.168.1.102). Is there any reliable way to block this behavior? (browser setting, OS setting, router setting, etc.) I am particularity interested in Google Chrome and Mozilla Firefox, but any modern open source browser will do. If it is a browser plugin, it should be open source with a solid user base.
By reliable I mean, that I do not need to check the leakage again after every software update.
More info / what I have read so far:
- There was a Chrome plugin that is not working anymore
- Local IP is obtained using JavaScript / WebRTC
Live Demo here: Demo
- Source code: https://github.com/diafygi/webrtc-ips
- Firefox developers is not going to fix the leak (bug is open from 2014): Bug 959893
In Private / Incognito mode does not prevent this leak. If you use static IPs, and have non typical local IP (e.g. 10.66.77.88 or 192.168.212.121), then there is no need for Browser fingerprinting . Your external IP + internal IP is perfect fingerprint.
Update 1: It is not duplicate of How to Disable WebRTC in Google Chrome - I want to prevent private / local IP leak, not disable all WebRTC.
Update 2: No, it is not related to header X-Forwarded-For (HTTP_X_FORWARDED_FOR), that is added when user/administrator chooses to do so. In my provided demo it is not your choice... It is Google's and Mozilla's choice to leak your private IP even when using private browsing mode.
Update 3: Ability to determine my local IP allows malicious JavaScript to quickly identify my local subnet and print on my local network printers from any website in the world without me doing anything. Cross-site printing This CSP Demo finds my LAN printers using JavaScript.
Update 4: It is not a good idea to reveal private IP to every website. By seeing your private IP, for example 192.168.88.101, I can guess with very high probability that you are using MikroTik router. Also, I can track particular user event if user uses different browsers because local and remote IP stays the same for some time (hours or even days).
google-chrome firefox browser ip webrtc
Any site that I visit can see my local IP (e.g. 192.168.1.102). Is there any reliable way to block this behavior? (browser setting, OS setting, router setting, etc.) I am particularity interested in Google Chrome and Mozilla Firefox, but any modern open source browser will do. If it is a browser plugin, it should be open source with a solid user base.
By reliable I mean, that I do not need to check the leakage again after every software update.
More info / what I have read so far:
- There was a Chrome plugin that is not working anymore
- Local IP is obtained using JavaScript / WebRTC
Live Demo here: Demo
- Source code: https://github.com/diafygi/webrtc-ips
- Firefox developers is not going to fix the leak (bug is open from 2014): Bug 959893
In Private / Incognito mode does not prevent this leak. If you use static IPs, and have non typical local IP (e.g. 10.66.77.88 or 192.168.212.121), then there is no need for Browser fingerprinting . Your external IP + internal IP is perfect fingerprint.
Update 1: It is not duplicate of How to Disable WebRTC in Google Chrome - I want to prevent private / local IP leak, not disable all WebRTC.
Update 2: No, it is not related to header X-Forwarded-For (HTTP_X_FORWARDED_FOR), that is added when user/administrator chooses to do so. In my provided demo it is not your choice... It is Google's and Mozilla's choice to leak your private IP even when using private browsing mode.
Update 3: Ability to determine my local IP allows malicious JavaScript to quickly identify my local subnet and print on my local network printers from any website in the world without me doing anything. Cross-site printing This CSP Demo finds my LAN printers using JavaScript.
Update 4: It is not a good idea to reveal private IP to every website. By seeing your private IP, for example 192.168.88.101, I can guess with very high probability that you are using MikroTik router. Also, I can track particular user event if user uses different browsers because local and remote IP stays the same for some time (hours or even days).
google-chrome firefox browser ip webrtc
google-chrome firefox browser ip webrtc
edited Mar 20 '17 at 10:17
Community♦
1
1
asked Feb 1 '17 at 15:29
Maris B.Maris B.
2711416
2711416
1
The demo you linked shows all addresses as nothing for me, using edge.
– PulseJet
Feb 1 '17 at 15:31
@Ramhound, why not, if the local network is keeping logs?
– PulseJet
Feb 1 '17 at 15:33
1
@MarisB. - The demo you link to me also shows me nothing. I am currently using Chrome.
– Ramhound
Feb 1 '17 at 15:36
1
You can link a better demo in your question (HTTP_X_FORWARDED_FOR) whatsmyip.org/more-info-about-you
– PulseJet
Feb 1 '17 at 15:36
1
Possible duplicate of How to Disable WebRTC in Google Chrome
– Ƭᴇcʜιᴇ007
Feb 1 '17 at 18:13
|
show 8 more comments
1
The demo you linked shows all addresses as nothing for me, using edge.
– PulseJet
Feb 1 '17 at 15:31
@Ramhound, why not, if the local network is keeping logs?
– PulseJet
Feb 1 '17 at 15:33
1
@MarisB. - The demo you link to me also shows me nothing. I am currently using Chrome.
– Ramhound
Feb 1 '17 at 15:36
1
You can link a better demo in your question (HTTP_X_FORWARDED_FOR) whatsmyip.org/more-info-about-you
– PulseJet
Feb 1 '17 at 15:36
1
Possible duplicate of How to Disable WebRTC in Google Chrome
– Ƭᴇcʜιᴇ007
Feb 1 '17 at 18:13
1
1
The demo you linked shows all addresses as nothing for me, using edge.
– PulseJet
Feb 1 '17 at 15:31
The demo you linked shows all addresses as nothing for me, using edge.
– PulseJet
Feb 1 '17 at 15:31
@Ramhound, why not, if the local network is keeping logs?
– PulseJet
Feb 1 '17 at 15:33
@Ramhound, why not, if the local network is keeping logs?
– PulseJet
Feb 1 '17 at 15:33
1
1
@MarisB. - The demo you link to me also shows me nothing. I am currently using Chrome.
– Ramhound
Feb 1 '17 at 15:36
@MarisB. - The demo you link to me also shows me nothing. I am currently using Chrome.
– Ramhound
Feb 1 '17 at 15:36
1
1
You can link a better demo in your question (HTTP_X_FORWARDED_FOR) whatsmyip.org/more-info-about-you
– PulseJet
Feb 1 '17 at 15:36
You can link a better demo in your question (HTTP_X_FORWARDED_FOR) whatsmyip.org/more-info-about-you
– PulseJet
Feb 1 '17 at 15:36
1
1
Possible duplicate of How to Disable WebRTC in Google Chrome
– Ƭᴇcʜιᴇ007
Feb 1 '17 at 18:13
Possible duplicate of How to Disable WebRTC in Google Chrome
– Ƭᴇcʜιᴇ007
Feb 1 '17 at 18:13
|
show 8 more comments
2 Answers
2
active
oldest
votes
Disable WebRTC with extensions:
In Firefox with addon Disable WebRTC or advanced users can use about:config
to set media.peerconnection.enabled
to false.
In Chrome with extension WebRTC Leak Prevent
1
In firefox you don't even need a extension, tweak about:config is enough.
– Sam
Feb 1 '17 at 15:39
2
same to chrome, just tweakingchrome://flags/
But using extensions is easier for a person who couldn't find these settings by himself.
– Ipor Sircer
Feb 1 '17 at 15:42
3
@IporSircer - You should provide that information, within the body of your answer, for those not able to use extensions. Saying it's possible in a comment, and not explaining which flag, means people not familar with the name of the flag have to spend time to researching it.
– Ramhound
Feb 1 '17 at 15:51
1
@IporSircer, you can't use chrome://flags/, source: superuser.com/questions/1055741/…
– PulseJet
Feb 1 '17 at 16:32
uBlock Origin is also able to prevent WebRTC leaking, if you guys already have it installed
– andromeda947
Feb 5 '17 at 17:26
add a comment |
On chrome, if I go into incognito browsing mode the WebRTC extensions meant to block your local IP address don't work. They only work if you are not in incognito mode. So you have to chose, logging to your browser history but no local IP leak or incognito mode with local IP leak.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1174019%2fhow-can-i-reliably-prevent-my-local-ip-address-leaking-in-the-web-browsers%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Disable WebRTC with extensions:
In Firefox with addon Disable WebRTC or advanced users can use about:config
to set media.peerconnection.enabled
to false.
In Chrome with extension WebRTC Leak Prevent
1
In firefox you don't even need a extension, tweak about:config is enough.
– Sam
Feb 1 '17 at 15:39
2
same to chrome, just tweakingchrome://flags/
But using extensions is easier for a person who couldn't find these settings by himself.
– Ipor Sircer
Feb 1 '17 at 15:42
3
@IporSircer - You should provide that information, within the body of your answer, for those not able to use extensions. Saying it's possible in a comment, and not explaining which flag, means people not familar with the name of the flag have to spend time to researching it.
– Ramhound
Feb 1 '17 at 15:51
1
@IporSircer, you can't use chrome://flags/, source: superuser.com/questions/1055741/…
– PulseJet
Feb 1 '17 at 16:32
uBlock Origin is also able to prevent WebRTC leaking, if you guys already have it installed
– andromeda947
Feb 5 '17 at 17:26
add a comment |
Disable WebRTC with extensions:
In Firefox with addon Disable WebRTC or advanced users can use about:config
to set media.peerconnection.enabled
to false.
In Chrome with extension WebRTC Leak Prevent
1
In firefox you don't even need a extension, tweak about:config is enough.
– Sam
Feb 1 '17 at 15:39
2
same to chrome, just tweakingchrome://flags/
But using extensions is easier for a person who couldn't find these settings by himself.
– Ipor Sircer
Feb 1 '17 at 15:42
3
@IporSircer - You should provide that information, within the body of your answer, for those not able to use extensions. Saying it's possible in a comment, and not explaining which flag, means people not familar with the name of the flag have to spend time to researching it.
– Ramhound
Feb 1 '17 at 15:51
1
@IporSircer, you can't use chrome://flags/, source: superuser.com/questions/1055741/…
– PulseJet
Feb 1 '17 at 16:32
uBlock Origin is also able to prevent WebRTC leaking, if you guys already have it installed
– andromeda947
Feb 5 '17 at 17:26
add a comment |
Disable WebRTC with extensions:
In Firefox with addon Disable WebRTC or advanced users can use about:config
to set media.peerconnection.enabled
to false.
In Chrome with extension WebRTC Leak Prevent
Disable WebRTC with extensions:
In Firefox with addon Disable WebRTC or advanced users can use about:config
to set media.peerconnection.enabled
to false.
In Chrome with extension WebRTC Leak Prevent
edited Feb 1 '17 at 16:40
PulseJet
1,8441830
1,8441830
answered Feb 1 '17 at 15:37
Ipor SircerIpor Sircer
3,43411014
3,43411014
1
In firefox you don't even need a extension, tweak about:config is enough.
– Sam
Feb 1 '17 at 15:39
2
same to chrome, just tweakingchrome://flags/
But using extensions is easier for a person who couldn't find these settings by himself.
– Ipor Sircer
Feb 1 '17 at 15:42
3
@IporSircer - You should provide that information, within the body of your answer, for those not able to use extensions. Saying it's possible in a comment, and not explaining which flag, means people not familar with the name of the flag have to spend time to researching it.
– Ramhound
Feb 1 '17 at 15:51
1
@IporSircer, you can't use chrome://flags/, source: superuser.com/questions/1055741/…
– PulseJet
Feb 1 '17 at 16:32
uBlock Origin is also able to prevent WebRTC leaking, if you guys already have it installed
– andromeda947
Feb 5 '17 at 17:26
add a comment |
1
In firefox you don't even need a extension, tweak about:config is enough.
– Sam
Feb 1 '17 at 15:39
2
same to chrome, just tweakingchrome://flags/
But using extensions is easier for a person who couldn't find these settings by himself.
– Ipor Sircer
Feb 1 '17 at 15:42
3
@IporSircer - You should provide that information, within the body of your answer, for those not able to use extensions. Saying it's possible in a comment, and not explaining which flag, means people not familar with the name of the flag have to spend time to researching it.
– Ramhound
Feb 1 '17 at 15:51
1
@IporSircer, you can't use chrome://flags/, source: superuser.com/questions/1055741/…
– PulseJet
Feb 1 '17 at 16:32
uBlock Origin is also able to prevent WebRTC leaking, if you guys already have it installed
– andromeda947
Feb 5 '17 at 17:26
1
1
In firefox you don't even need a extension, tweak about:config is enough.
– Sam
Feb 1 '17 at 15:39
In firefox you don't even need a extension, tweak about:config is enough.
– Sam
Feb 1 '17 at 15:39
2
2
same to chrome, just tweaking
chrome://flags/
But using extensions is easier for a person who couldn't find these settings by himself.– Ipor Sircer
Feb 1 '17 at 15:42
same to chrome, just tweaking
chrome://flags/
But using extensions is easier for a person who couldn't find these settings by himself.– Ipor Sircer
Feb 1 '17 at 15:42
3
3
@IporSircer - You should provide that information, within the body of your answer, for those not able to use extensions. Saying it's possible in a comment, and not explaining which flag, means people not familar with the name of the flag have to spend time to researching it.
– Ramhound
Feb 1 '17 at 15:51
@IporSircer - You should provide that information, within the body of your answer, for those not able to use extensions. Saying it's possible in a comment, and not explaining which flag, means people not familar with the name of the flag have to spend time to researching it.
– Ramhound
Feb 1 '17 at 15:51
1
1
@IporSircer, you can't use chrome://flags/, source: superuser.com/questions/1055741/…
– PulseJet
Feb 1 '17 at 16:32
@IporSircer, you can't use chrome://flags/, source: superuser.com/questions/1055741/…
– PulseJet
Feb 1 '17 at 16:32
uBlock Origin is also able to prevent WebRTC leaking, if you guys already have it installed
– andromeda947
Feb 5 '17 at 17:26
uBlock Origin is also able to prevent WebRTC leaking, if you guys already have it installed
– andromeda947
Feb 5 '17 at 17:26
add a comment |
On chrome, if I go into incognito browsing mode the WebRTC extensions meant to block your local IP address don't work. They only work if you are not in incognito mode. So you have to chose, logging to your browser history but no local IP leak or incognito mode with local IP leak.
add a comment |
On chrome, if I go into incognito browsing mode the WebRTC extensions meant to block your local IP address don't work. They only work if you are not in incognito mode. So you have to chose, logging to your browser history but no local IP leak or incognito mode with local IP leak.
add a comment |
On chrome, if I go into incognito browsing mode the WebRTC extensions meant to block your local IP address don't work. They only work if you are not in incognito mode. So you have to chose, logging to your browser history but no local IP leak or incognito mode with local IP leak.
On chrome, if I go into incognito browsing mode the WebRTC extensions meant to block your local IP address don't work. They only work if you are not in incognito mode. So you have to chose, logging to your browser history but no local IP leak or incognito mode with local IP leak.
answered Jan 13 at 15:49
PrivatePrivate
1
1
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1174019%2fhow-can-i-reliably-prevent-my-local-ip-address-leaking-in-the-web-browsers%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
The demo you linked shows all addresses as nothing for me, using edge.
– PulseJet
Feb 1 '17 at 15:31
@Ramhound, why not, if the local network is keeping logs?
– PulseJet
Feb 1 '17 at 15:33
1
@MarisB. - The demo you link to me also shows me nothing. I am currently using Chrome.
– Ramhound
Feb 1 '17 at 15:36
1
You can link a better demo in your question (HTTP_X_FORWARDED_FOR) whatsmyip.org/more-info-about-you
– PulseJet
Feb 1 '17 at 15:36
1
Possible duplicate of How to Disable WebRTC in Google Chrome
– Ƭᴇcʜιᴇ007
Feb 1 '17 at 18:13