Obtaining Client IP Address using *JavaScript ONLY* (was: So TOR is NOT really anonoymous!)

//crossposted to: comp.lang.javascript, alt.comp.lang.javascript in an
effort to get factual answers from JavaScript experts//

Simply put; Is it possible to obtain the real (actual) IP address of
someone (client) that visits a web site through an anonymous proxy if
this person ONLY has JavaScript enabled in their browser?

//crossposted to: comp.lang.javascript, alt.comp.lang.javascript in an
effort to get factual answers from JavaScript experts//

Simply put; Is it possible to obtain the real (actual) IP address of
someone (client) that visits a web site through an anonymous proxy if
this person ONLY has JavaScript enabled in their browser? This is NOT
a question about PHP, perl, VBScript, Java(.class), or ActiveX. Let us
_only_ deal with JavaScript for the sake of this post. Can someone
provide us (we, non-coders) with a definitive answer to this
perplexing question?
No.

Let's define 'JavaScript' as Netscape's implementation of ECMAScript
Language, 'JScript' is Microsoft's implementation of it. VBScript and
ActiveX are Microsoft proprietary programming environments that have
nothing to do with ECMAScript and work only in IE on Windows.

Java is yet another technology that can be used within a browser. It
has nothing to do with JavaScript.

There has been a lot of speculation, assumption and good-intentioned
misinformation over the last 7 or 8 years in the privacy groups
concerning the (mis)use of JavaScript in obtaining the real IP address
of a user visiting a web page through an anonymous proxy.

As an example, most are aware Hotmail, Yahoo mail, Google 'gmail' -
all require JavaScript enabled in order to sign up for a free email
account. It has been the general consensus of many over the years that
the providers of these free email accounts are able to obtain the true
IP of the person applying, through the use of JavaScript.
It is possible in Mozilla based browsers using extensions to ECMAScript.
Try the following in Firefox (you may have to copy and paste the URL
into the address bar):

<URL:javascript:alert('Your IP address is: '
+java.net.InetAddress.getLocalHost().getHostAddres s());>

That has been possible since 1996 and Netscape 2.

If it is indeed possible to obtain one's real IP through JavaScript
only, could someone PLEASE post a link to a web site that
unequivocally demonstrates this? The only site that I've ever found
that even comes close is:

http://www.stilllistener.com/checkpoint1/Java/
That site uses Java applets (i.e. not JavaScript). It does not get the
client IP address, nor does it work if you use an anonymous proxy.
Compare the results of the following link to those from the one above:

<URL:http://anonymouse.org/cgi-bin/anon-www.cgi/http://www.stilllistener.com/checkpoint1/index.shtml>

Try here:

<URL:http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html#myIpAddress>

Which states: "Below the text you have JavaScript, VBScript and JAVA
based graphic applications. If you are able to see any results of
these tests on this page, your real IP could be seen, regardless of
the use of an anonymous proxy as shown on the table below."
The IP address assigned to an individual PC is of little use to anyone
outside your network.

Which, in my opinion, is misleading as hell because if you (through a
true anonymous proxy or Tor) load that page with both Java &
JavaScript disabled and review the revealed information, and then ONLY
enable JavaScript and reload the page, you will see more detailed
information this time, BUT STILL NOT YOUR TRUE IP ADDRESS!

Anyone care to put this JavaScript argument to rest once and for all?

Privacy Advocate wrote: <snip dialogue>
The bigger question is what use is your 'real' IP address to anyone?
Probably less use than your name, address and phone number from a phone
book.

Your 'real' IP address is probably replicated thousands of times (most
are in the range 192.168.x.x or 10.1.x.x). If you use DNS on your local
network, then your 'real' IP address probably changes every time you
connect to the network (i.e. turn your PC on). Your IP address at your
ISP changes each time you connect with your modem - dialup, ADSL or other.

So what use is an address that is only valid for some random time from a
few minutes to a few days an is likely not unique?

It is possible in Mozilla based browsers using extensions to ECMAScript.
Try the following in Firefox (you may have to copy and paste the URL
into the address bar):

<URL:javascript:alert('Your IP address is: '
+java.net.InetAddress.getLocalHost().getHostAddres s());>
Tremendous ! that's work with my NC4.5 (and not with FF)

Of course I get my UC's IP (192.168.x.y)
which is certainly not the IP send by my FAI as explained further bellow
That has been possible since 1996 and Netscape 2.
Compare the results of the following link to those from the one above:

<URL:http://anonymouse.org/cgi-bin/anon-www.cgi/http://www.stilllistener.com/checkpoint1/index.shtml>
no result ... FF works in loop
to remember :
Your 'real' IP address is probably replicated thousands of times (most
are in the range 192.168.x.x or 10.1.x.x). If you use DNS on your local
network, then your 'real' IP address probably changes every time you
connect to the network (i.e. turn your PC on). Your IP address at your
ISP changes each time you connect with your modem - dialup, ADSL or other.

So what use is an address that is only valid for some random time from a
few minutes to a few days an is likely not unique?

Privacy Advocate wrote:
[snip]
The bigger question is what use is your 'real' IP address to anyone?
Probably less use than your name, address and phone number from a phone
book.

Your 'real' IP address is probably replicated thousands of times (most
are in the range 192.168.x.x or 10.1.x.x). If you use DNS on your local
network, then your 'real' IP address probably changes every time you
connect to the network (i.e. turn your PC on). Your IP address at your
ISP changes each time you connect with your modem - dialup, ADSL or other.

So what use is an address that is only valid for some random time from a
few minutes to a few days an is likely not unique?

//crossposted to: comp.lang.javascript, alt.comp.lang.javascript in an
effort to get factual answers from JavaScript experts//

Simply put; Is it possible to obtain the real (actual) IP address of
someone (client) that visits a web site through an anonymous proxy if
this person ONLY has JavaScript enabled in their browser? This is NOT
a question about PHP, perl, VBScript, Java(.class), or ActiveX. Let us
_only_ deal with JavaScript for the sake of this post. Can someone
provide us (we, non-coders) with a definitive answer to this
perplexing question?
none of the above alone are capable of determining the real world IP of the
client... to do that (and be guaranteed success) you'd need to run traceroute
or similar on their machine.
As an example, most are aware Hotmail, Yahoo mail, Google 'gmail' -
all require JavaScript enabled in order to sign up for a free email
account. It has been the general consensus of many over the years that
the providers of these free email accounts are able to obtain the true
IP of the person applying, through the use of JavaScript.
I can access my yahoo mail using links (with ssl enabled) links doesn't do
javascipt.
If it is indeed possible to obtain one's real IP through JavaScript
only,

In article <43***********************@authen.white.readfreene ws.net>,
Privacy Advocate wrote:

//crossposted to: comp.lang.javascript, alt.comp.lang.javascript in an
effort to get factual answers from JavaScript experts//

Simply put; Is it possible to obtain the real (actual) IP address of
someone (client) that visits a web site through an anonymous proxy if
this person ONLY has JavaScript enabled in their browser?