Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Just want to point anyone looking to test their own VPN to https://ipleak.net/. That's been my go-to, and it seems more comprehensive than the linked service.


Or try https://www.doileak.com . (Shameless plug of of a project of mine)


> WebRTC IP Leak: Your local IP: 10.41.41.2 .

> Your browser supports WebRTC! Your real IP address is visible to every website you visit.

>

> Web Real-Time Communication (WebRTC) is enabled by default in Firefox, Opera and Google Chrome, and enables video chat, voice calling and P2P sharing from within your browser.

> A neat trick, but it allows any website to instantly see your true IP address. The only way to avoid sharing your IP address this way is to disable WebRTC completely.

Nope, that's not my "real" IP address


Nope, that's not my "real" IP address

Reminds me a bit of this old story: http://sirkan.iit.bme.hu/~kapolnai/fun/bitchecker.html


FWIW, the link did not work for me, but archive.org has a copy. It was hysterical!!! :)


Seems my setup has me covered: https://www.doileak.com/?cb=liq1xtjsp37zvit5

Actual location is Kuala Lumpur, which was caught by the time zone... So need to look into fixing that.

For those wondering, my setup is:

ProtonVPN via the ProtonVPN Mac Beta (before I used Tunnelblick - which actually was more reliable - the ProtonVPN Mac Beta disconnects often)

AdGuard Pro, with DNSCrypt using the Adguard Family servers: https://gist.github.com/balupton/48057270a67d70e2ac984fdfa47...

Safari. With Camera, Microphone, Location, and Notifications all set as deny by default.


Nice project - but that name.... Sounds like a bad medical condition!


To me it sounds like a LibGen/Sci-Hub type website, playing off the idea of leaking papers with DOI numbers: https://www.doi.org/


> Timezone Difference: The time zone of your browser is while your request IP location timezone is Europe/Paris.

Looks like there is a word missing.


You can test WebRTC IP address (and media device id) leakage using https://browserleaks.com/webrtc.

To disable WebRTC in Firefox, set the about:config prefs "media.peerconnection.enabled" and "media.navigator.enabled" to false.


More like this:

    media.peerconnection.turn.disable = true
    media.peerconnection.use_document_iceservers = false
    media.peerconnection.video.enabled = false
    media.peerconnection.video.vp9_enabled = false
    media.peerconnection.video.h264_enabled = false
    media.peerconnection.identity.enabled = false
    media.peerconnection.identity.timeout = 1


I need to find a way to automate the patching of Firefox's about:config when installing a new OS etc, quite a few telemetry/storage/WebRTC tweaks to date now.

There is an extension [1] that'll at least disable the IP address gathering (it doesn't look to disable all of the above settings but may have a similar effect if browser.privacy.network.peerConnectionEnabled disables everything):

[1] https://github.com/ChrisAntaki/disable-webrtc-firefox


The simplest level would to add what settings you want to Prefs.js file. http://kb.mozillazine.org/Prefs.js_file

If you want the preferences locked the application level and not be overridden or be unchangeable at profile level. Mainly important if you are managing a lot systems. http://kb.mozillazine.org/Locking_preferences


Look into vendor.js for patching about:config. I know Arch has one for sure in their package.


> To detect data from your torrent client we provide a magnet link to a fake file. The magnet contains an http url of a controlled by us tracker which archives the information coming from the torrent client.

That’s pretty clever. Alternatively they could have a unique file of garbage and have some seeders for it and then when someone connects it would also be the same person. But the tracker solution is less work and probably almost entirely as good.


And it needlessly requires Javascript to do things other services don't need Javascript to do. That's not a good plan.

One's IP address should be detectable to at least some degree with data from the packets making the request for the webpage. Some of this is remedied with what appears to be duplicative information further down the page.

DNS Address detection is done better by https://dnsleaktest.com/.

Geolocation detection is likely done by looking up what geolocation is paired with one's IP (and sometimes this data is wrong), so there's no real need for Javascript here either. It's not as if the requesting computer should supply this information, else it becomes even more easily spoofed. Some of this is remedied with what appears to be duplicative information further down the page.

Torrent detection is also needlessly JS-driven, and done better at http://dev.cbcdn.com/ipmagnet/.

There are also some grammar errors confusing singular and plural in the text at the bottom of the page.


FWIW, I show that Opera's free VPN does not leak the client's IP address.

https://www.opera.com/computer/features/free-vpn


Operas VPN is not even a VPN tho. Check their phrasing they call it 'Web vpn' or something like this and already committed in the past that the naming scheme for their proxy was just a marketing trick.

Written from Opera tho. So not saying it sucks :)




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: