8 comments

[ 2.7 ms ] story [ 31.4 ms ] thread
Any software implementing STUN will do this. Listing all IPs is also done when using ICE, another method for NAT traversal. In my opinion, it's not really news; just a reminder that browsers have become monstrous pieces of software that include just about anything and the kitchen sink.

This can be disabled, in firefox go to about:config and change the media.peerconnection.enabled key to false.

Why does this matter? Don't tell people to disable it. That advice is as bad as disabling javascript.
A potential issue for browser fingerprinting and another thing for Tor Browser to disable (if it isn't already, and I'd be surprised if it isn't).

Local ones aren't very interesting though, and almost useless for connection. Can we perhaps close this without losing functionality?

Funny, it lists my LAN IP as "public IP" and my Docker interface as "local IP". My actual public IP, since I'm behind a corporate firewall is not listed at all. This is on Chrome 39.0.2171.99.
I've not looked into the technical side of this type of request, and it probably makes sense, but it's of interest to not that this also produces my local IP addresses when accessing the site over an ssh-ed SOCKS-proxy.
So you discover that my LAN address is 192.168.1.2. What can you actually do with that information? Can it be leveraged into making the browser probe its local network?