JavaScript detection of LAN IP address

Question

I have been using the following code to detect the LAN IP address of a client running some proprietary software (please no \"you shouldn\'t do this\", I didn\'t write the code).

Answer 1

This is part of a new security standard, to prevent leakage of private IP addresses.

See also: https://tools.ietf.org/html/draft-ietf-rtcweb-mdns-ice-candidates-02

Summary:

As detailed in [IPHandling], exposing client private IP addresses by default maximizes the probability of successfully creating direct peer-to-peer connection between two clients, but creates a significant surface for user fingerprinting. [IPHandling] recognizes this issue, but also admits that there is no current solution to this problem; implementations that choose to use Mode 3 to address the privacy concerns often suffer from failing or suboptimal connections in WebRTC applications. This is particularly an issue on unmanaged networks, typically homes or small offices, where NAT loopback may not be supported.

This document proposes an overall solution to this problem by registering ephemeral mDNS names for each local private IP address, and then providing those names, rather than the IP addresses, to the web application when it gathers ICE candidates. WebRTC implementations resolve these names to IP addresses and perform ICE processing as usual, but the actual IP addresses are not exposed to the web application.