Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I thought gmail doesn't disclose sender's IP address? Or I was wrong? This is not good for privacy.

Also, for fingerprinting you can obtain a GPU model via WebGL (helps in detecting a VM), and probably can scan for known browser extensions by trying to fetch extension-specific URLs. Some sites also scan ports on the localhost by trying to connect to them to find out which software is run.



>I thought gmail doesn't disclose sender's IP address? Or I was wrong? This is not good for privacy.

The IP address is the smtp server of course, not the individual user.


I learned that most email services do attach the IP address of the MUA (that is, the user's computer) if you send through SMTP. I set up an SMTP relay for myself to hide that.

The user's IP address is not attached if you use webmail.


> I thought gmail doesn't disclose sender's IP address? Or I was wrong? This is not good for privacy.

This is not necessarily a Gmail thing, but just how SMTP works. It's not as bad as you'd think though.

SMTP services log the IP address and/or hostname of the remote host, and the address used by the host to identity itself (known as the HELO address). This is the address of the remote SMTP service (known as the MTA), which isn't typically the IP address of the users computer where the email client runs on (known as the MUA).

Under normal circumstances your email client (MUA) connects to your email service provider (MTA), which then sends the email to the MTA of the recipient. So the IP of your MTA (email hosting service), not your MUA (your computer) is exposed.

For example: if you send an email to a Gmail inbox using MS365, the receiver (the Gmail user) would see only the IP-address from Microsoft's outbound SMTP services.

So unless you run your own SMTP service at home, or attempt to directly connect with the receiving MTA using SMTP, your IP address won't be exposed.


If you send through a MUA (like Thunderbird) that uses Gmail's SMTP then Gmail do expose your IP address. Most other email providers do the same.

> Under normal circumstances your email client (MUA) connects to your email service provider (MTA), which then sends the email to the MTA of the recipient. So the IP of your MTA (email hosting service), not your MUA (your computer) is exposed.

This is incorrect, most email providers' MTA includes the MUA's IP address in the headers.


Pretty sure that gmail doesn't disclose a useful email address when using web version of gmail, is that right?


Now i think it doesn't but it did as recent as in 2014, in a Received header like the one in the article.


It still does, just tested it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: