

Obtaining local IP addresses via WebRTC STUN requests - m4r71n
https://diafygi.github.io/webrtc-ips/

======
marios
Any software implementing STUN will do this. Listing all IPs is also done when
using ICE, another method for NAT traversal. In my opinion, it's not really
news; just a reminder that browsers have become monstrous pieces of software
that include just about anything and the kitchen sink.

This can be disabled, in firefox go to about:config and change the
media.peerconnection.enabled key to false.

------
nl
Previous discussion:
[https://news.ycombinator.com/item?id=8949953](https://news.ycombinator.com/item?id=8949953)

------
markild
I've not looked into the technical side of this type of request, and it
probably makes sense, but it's of interest to not that this also produces my
local IP addresses when accessing the site over an ssh-ed SOCKS-proxy.

------
AlyssaRowan
A potential issue for browser fingerprinting and another thing for Tor Browser
to disable (if it isn't already, and I'd be surprised if it isn't).

Local ones aren't very interesting though, and almost useless for connection.
Can we perhaps close this without losing functionality?

------
wolfwyrd
This _can_ be blocked in Chrome with a Plug-In[1]

[1][https://chrome.google.com/webstore/detail/webrtc-
block/nphkk...](https://chrome.google.com/webstore/detail/webrtc-
block/nphkkbaidamjmhfanlpblblcadhfbkdm?hl=en)

------
andrelaszlo
Funny, it lists my LAN IP as "public IP" and my Docker interface as "local
IP". My actual public IP, since I'm behind a corporate firewall is not listed
at all. This is on Chrome 39.0.2171.99.

------
pjc50
So you discover that my LAN address is 192.168.1.2. What can you actually do
with that information? Can it be leveraged into making the browser probe its
local network?

