Facebook leaks user's IP addresses

Someone commented on that page that leaking user's IP address is a common spam-prevention practice. I just checked gmail and Yahoo Mail, and they both include my IP address in the header of outgoing messages<p>For instance, Yahoo Mail puts my IP address in a line like this<p>Received: from [xxx.xxx.xxx.xxx]

Yep. Confirmed. Command line example:<p>Take the Base64 string from this line in the headers:<p>X-Facebook: from zuckmail ([OTguMTgzLjI0Ny4yMTg=])<p><pre><code> $ ruby -rbase64 -e "puts Base64::decode64('NzQuMTI1Ljk1LjEwNA==')" 74.125.95.104</code></pre>

Does anyone know of a site that tracks all of these privacy problems (and potential problems) with Facebook? Following up and keeping track is the best way to keep FB accountable, and I'm sure a lot of media people would use such a site.

Not speculation. I just tried this with a few folks, and it works as advertised.

I'm just... not concerned? Anything you do online leaks your IP address. If a friend embeds a photo from Flickr into their feed, and you load it, consider your IP leaked. etc, etc, etc

<i>but not when a wife is trying to hide from an abusive husband and assumes Facebook is the best form of communication</i><p>Is this the best scenario they could come up with where this is a problem?

They changed it. The new header is:<p>X-Facebook: from zuckmail ([MTI3LjAuMC4x])<p>(127.0.0.1)<p>So I guess, nothing else to see here. Move along.

I'd be surprised if someone really wanted my IP they couldn't get it just by getting me to visit something off facebook.

Your computer may be broadcasting an IP address!!

Why does this matter? I get others IPs and send my IP all the time (e.g. IRC). If I was worried about my IP, I would use something like tor when doing everything. But worrying about IPs seems... silly An IP is just so uninformative, unless somebody subpoenas my ISP or something.

"Leaks IP address" as a dramatic headline is an indicator that the poster is not-so savvy about networks and security. Seriously, this is the level of knowledge I observed in the typical high school student 3 years ago or so.

I just did this on an email about a comment on my wall post by someone at a nonprofit. Sure enough, it came up with not just an IP, but a subdomain listing that nonprofit's domain name.<p>Yes, it works.

Perl 1-liner: <a href="http://bit.ly/cNHkzQ" rel="nofollow">http://bit.ly/cNHkzQ</a> Every other day I see facebook and privacy in the same sentence..

Note: I havent experimented with this yet.<p>Are we sure this is the ip address of the user and not just the ip address of one of facebook's servers?<p>If it is a user's address... is that a problem? This seems like very easy to obtain online information... for example, by sending an email to the person im trying to talk with via facebook...

And so does every popular webmail provider. I remember learning about this when I was 12.

This is not new <i>at all</i>.<p>Here's a segment of an email header from 2006:<p><pre><code> X-Facebook: from zuckmail ([128.208.54.23]) by washington.facebook.com with HTTP (ZuckMail); Date: Sun, 10 Dec 2006 12:31:27 -0800</code></pre>

It must suck for the one user who has had all their IP address's leaked.

Your computer is broadcast an IP address!

Can someone write a GUI in Visual Basic to track these IPs please?

Seems Facebook users are born in 2009 or after wards. Every email service sends your IP address with the email. The exception is Google.