What Are All the Different Ways Someone Can Find Your IP Address?

This question was sparked, because of videos on YouTube showcasing people find the IP address of other people on games or video call websites seemingly at ease. How can I protect myself from this?

Here is my rudimentary understanding, which I copied from information I found on the internet:

When connecting to a server, my understanding is that the process begins with a connection to a DNS server. This DNS server retrieves the IP address of the desired server. Following this, my computer initiates a connection to the server at the retrieved IP address using the HTTP or HTTPS protocol. Once the connection is established, my browser sends a request to the server for the data of the website, and the server responds by sending back the requested data, which my browser then uses to render the website on my screen. Throughout this process, my IP address is visible to both the DNS server and the server hosting the website, a necessary step for them to send the requested data back to my computer. However, other users on the network typically cannot see my IP address unless the server is specifically set up to share this information. This holds true regardless of the type of server, be it a VPN, a website server, or a direct connection to another person’s computer. I would appreciate any corrections or additions to my understanding of this process.

TL;DR (source): any link you click on will need to provide your IP address for the server at the other end to deliver the content provided by the link. Every time you visit a website, your IP address is collected and stored on a server. Anyone who owns that server can go and look it up. Hackers can set up a fake hotspot and view your IP address and personal information or even infect your device with malware. Be extra careful when using public Wi-Fi.

So, from this information I know that I need to avoid connecting to untrustworthy servers, which are those that are either deliberately or accidentally, via security flaws (what are these?), exposing this information to other users connected to this server or to servers outside of this one. I also need to avoid direct connections to other people’s computers. This begs the question, how can I tell whether or not I am directly connected to someone’s computer, such as on a Torrent website? It also begs the question, how can I identify if a website or game for example, has security flaws or is intentionally sharing my info with other users of the server? Those IP logger websites that make links which you can send to people to try and get them to click are obvious to some non-IT trained users like me, but others may not be.

Does making comments on sites such as YouTube, Facebook or Reddit reveal my IP to moderators or are these only available to Facebook themselves?

I also heard some people talking about Wireshark, network debugging tools, tracers and other scaring sounding stuff, do these bear relevance here? Illegal methods weren’t mentioned.

Just to begin with I’m going to work with the premise that hiding your IP is good and that an IP is personally identifying information. This is not entirely true but I’ll cover that at the end of this post.

yup (technically, DNS is about converting a domain name into an IP but anyway)

Technically not just HTTP but close enough

yup

Well, in this case the server is the VPN server and the connection to the webserver is from the VPN server to the webserver

Also to note is that routing hardware that transports your packets will also have some visibility of where the traffic is going but it’s not super helpful especially with all the cloud hosting and many different things being hosted on a particular server

Sure

They can see your local IP that the fake hotspot assigns you via DHCP which is not super useful, and your MAC address that should be randomised on most modern computers/phones which is also not super useful. And I guess redirect your DNS to point to a malicious DNS server if you don’t manually set your own DNS.

Only if you’re sending it over HTTP or some other unencrypted protocol for some reason

What Nord is saying is… not 100% accurate lol

If there’s a vuln in the network stack of your device that enables remote arbitrary code execution with enough privileges sure. But such “magic packets” are kinda rare outside bluetooth (fuck bluetooth).

In the context of protecting your IP, you don’t really need to know specifics but just assume that if a server is compromised then yes malicious actors can see your IP, sure

Torrenting (bittorrent protocol) is P2P by design, so you are always connecting directly to a number of people’s computers

seeing a post online about the game or website doing that /j

generally, if something employs peer to peer connections alongside a central server (e.g., some online games, or Skype, or a website that shows a ticker of IPs of users connecting for whatever reason) then other users can probably see your IP too. [favourite search engine] is probably going to be your friend here though.

and technically you could check a particular website or IP on shodan for (some) security flaws but that’s outside the scope of “does it leak my IP?”

This is how malicious actors typically get IPs, social engineering someone to click the link in an online chat and guessing that the right person’s IP has just come into their logs

No, but on some platforms (e.g., Discord), user bans are per IP and not just per user account (which doesn’t reveal the IP itself but can show you if two trolls are using the same connection I guess?)

it’s not actually that scary, Wireshark for example is just for capturing packets and analysing them, which you can do to your own traffic (or any traffic you’ve intercepted)

Anyway, as I said at the start, this all suggests that your IP is something super dangerous and very identifying. For most people, you do not have a static IP and simply turning your router/modem off for a couple minutes then turning it back on will pull down another brand new IP. In some places, the IP will provide decent geolocation, but usually it’s just going to tell you a wide area that is often only accurate for country and state/province (geolocation on my home IP says I’m in the middle of the ocean when obviously I am Not). The only people who can dox you based on an IP are people who already have a lot of other data they can correlate to your IP OR law enforcement who can just subpoena your ISP and ask who had that IP at the time they’re interested in.

Also. Just use a VPN if you really are that worried about IPs, because then you’re shifting trust from your ISP to the VPN provider and hiding your “true” IP from any webservers you connect to.

Windows is shifting my IPv6 address on a daily basis. Rebooting the ISP router would typically shift my IPv4 address. These addresses will yield my geographical location accurate to the tens of miles/kilometers. If this is intolerable, I would need to use a VPN, mainly to shift my geographical location. This comes at a disadvantage of cost, performance, complexity (if something is not working, is it the VPN interfering?), geo-restriction (the website might not like the geolocation of the VPN server), VPN-restriction, etc.

It is also noted that certain financial institutions dislike customers with shifting IP addresses from certain geographical locations, and VPN in general (because they are afraid that the customer may be evading their geo-restriction). These customers may get their account locked out “suddenly.”

Because of the issues above, using VPN selectively may be attractive for certain activities, but it’s easy to miss not using the VPN for those certain activities some of the time, and being “exposed” once maybe more than enough for some people.

VPN may improve privacy, but definitely at a cost.

Right, forgot to mention that there’s zero point to using a VPN to access online banking or government websites where you log in because the site already knows who you are and the IP isn’t going to give them more information than they already have. As is noted on the VPN page on this very website

Thanks for all the clarifications!

So there is no technical way of achieving this?

So, even if I am connected to any public network, they still can not see the details of what I am doing on websites or the server I am connecting to via HTTPS, because these details are encrypted by someone that isn’t them. Am I correct in saying this? Can they see anything else with Wireshark or something?

Not sure what you mean by this exactly, sorry.

Not sure what you mean here exactly, my bad, I assume what you mean is that these servers have overwhelming amounts of traffic, i.e., info about where users are planning on going, so it would be unfeasible to focus on one person because of this.

I was definitely taking what Nord was saying with a grain of salt, because half of the stuff they said wasn’t backed up by any logic, they just kinda said stuff. So basically they can do F all, and since I am using a manual DNS server they can literally do F all. Maybe this security benefit of manual DNS should be detailed on the knowledge base.

Haha this is too advanced to me so I will take your word for it!

Lmao, I did this one time to one of my old high school friends, as a joke to tell them I knew where they were on a holiday.

Thanks for all the info fellas!

Yeah, the most they get is what IP you connect to, and what the domain name associated with that is. Actual content is encrypted as part of HTTPS and malicious hotspot providers can’t intercept and decrypt that in any practical way

I mean that due to cloud hosting, multiple sites can be hosted from the same IP so it’s not as useful to be like “aha, user A is accessing site B therefore they are up to no good!” as it once was. The other thing is that yeah there is also just way too much traffic to practically and effectively packet capture for a particular user.

it’s not really a security benefit per se, the real security comes from encrypting the traffic but really you shouldn’t be using malicious networks to begin with if you can avoid it and manual DNS kinda helps mitigate one attack from malicious networks

For Government and Banking websites, it depend. Always ask the question : will they learn anything new from my IP? If you’re at home no, but if you are somewhere else, they might