Increase your Surf Privacy with IPFuck

AnonymousThe debate is ongoing for a while and has partisans on both sides: Can an IP address be considered as private data? Europe said yes and the “fight” between privacy protectors and authorities is still present.

Having your IP address considered as private from a legal point of view or not, it’s always interesting to increase your on-line privacy. Not only to hide your illegal activity (indeed for most politicians and anti-fraud organizations, behind each surfers lives a “bad guy” 😉 ) but to just keep your personal information away from marketing companies. Think about the search engines which build your profile based on your searches.

That’s why initiatives arise here and there with tools to increase your on-line privacy. A new one is called “IPFuck”. From the website: “IPFuck is a Firefox add-on created to simulate the use of a proxy. With this add-on installed and enabled, and if a lot of us use it, there will no longer be any mean to know who is using a real IP, who isn’t and who was charged doing something he didn’t…“.

It is based on the X-Forwarded-For HTTP header. When the add-on is installed and activated, your Firefox will automatically add a new XFF header to all the HTTP requests sent (like it was located behind a proxy). The reported IP address can be:

  • Generated randomly (the most common usage)
  • Select from a list

The second option can be handy to simulate traffic from a specific geographic location or organization. If we extrapolate the usage of this extension, it could also be used  to perform  intrusion tests! (to abuse websites which grant access based on the browser IP address).

I tested the add-on via a direct Internet connectivity and via my local Squid instance. It worked. When Squid was proxying my requests, the XFF and VIA headers where correctly rewritten.

Always keep in mind that X-Forwarded-For is a de-facto standard and quite well supported by application developers or vendors. It was introduced by the developers of the Squid proxy but it not part or any RFC! What does it mean? IPFuck will clearly not warranty your privacy. This is a proof-of-concept to show that IP addresses can easily be spoofed and no taken as an evidence.

For a first release (1.0.1), the add-on is well developed: a GUI is available and an exception-list (white list) is available. Take care of your privacy!


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.