PSA: Your chat and call apps may leak your IP address
Your favorite messaging and calling app could reveal your IP address to the person on the other end of a call. And that, essentially, is because most chat apps default to using peer-to-peer connections — meaning you and the person you’re talking to connect directly to each other — to improve the quality of the calls.
That is not necessarily a huge risk. But, according to experts, it’s not clear that users are aware of this potential privacy issue, or are aware of how calls over popular messaging apps like Telegram, Signal, WhatsApp, Facebook Messenger, Apple’s FaceTime, Viber, Snapchat and Threema work.
“Even for users with more extreme threat models, I think that most of them aren’t aware of the fact that calls can leak their IP address to the person that they’re calling,” Cooper Quintin, a security researcher at the Electronic Frontier Foundation, told TechCrunch.
Matthew Green, a cryptography teacher at Johns Hopkins University, said on X (formerly Twitter) that he did not realize Signal revealed IP addresses in calls between contacts. Green also added that it’s likely many users are also not aware.
“Anytime someone sets a feature as a non-default, I assume 95% of users never touch it. When they put it under the ‘Privacy’ settings menu, I raise my expectation to 99%. But Privacy > Settings > Advanced? I’d bet we’re up to 99.8% now,” Green wrote, referring to the option to turn off peer-to-peer calls completely off on Signal.
IP addresses don’t reveal your precise location, but can still present a risk to users who have their IP address exposed, especially for victims of abuse, according to Runa Sandvik, a digital security expert and founder of Granitt, a startup that helps defend at-risk users. IP addresses can also be linked to a person’s internet activity, which can subject users to surveillance.
Experts agree that there isn’t a one-size-fits-all solution, and that this is a complicated problem.
“It’s a tough call about what would be the better way to do it,” said Quintin, who has studied the security and privacy of several messaging apps. “I don’t think there’s any great way to do this that perfectly protects everybody’s privacy all the time. People calling each other can either reveal their IP address to each other. Or the proxy servers for the encrypted messaging app can have a list of everybody who’s calling everybody. And that can be potentially accessed by law enforcement.”
Telegram
In October, we reported that Telegram leaks users’ IP addresses during calls made between contacts. Security researcher Denis Simonov, also known as n0a, made a relatively easy-to-use tool that is designed to capture the IP address of the other person during a call, as long as the two callers are in each other’s contacts. Telegram reveals users’ IP addresses in that circumstance because calls between contacts default to being peer-to-peer with the goal of having better “quality and reduced latency,” according to Telegram spokesperson Remi Vaughn.
“The downside of this is that it necessitates that both sides know the IP address of the other (since it is a direct connection). Unlike on other messengers, calls from those who are not your contact list will be routed through Telegram’s servers to obscure that,” Vaughn told TechCrunch.
Other apps work in a similar way, and can also leak IP addresses. Below, we go through some of the most popular chat and calling apps in the world and break down how they work and under what circumstances they can reveal IP addresses between callers. (Note: all instructions below are for the iOS apps.)
Signal
In a blog post about the launch of video calls on Signal from 2017, Signal’s founder Moxie Marlinspike wrote that from then on, Signal would establish a peer-to-peer connection in calls between contacts. If not, Signal would still be relaying calls through its servers, which results in masking the caller’s IP addresses.
“By default, Signal will only attempt to establish a P2P [peer-to-peer] connection if you are initiating the call or if you are receiving a call from someone in your contacts. If you are receiving a call from someone not in your address book, Signal will relay that call through the Signal service,” Marlinspike wrote.
It’s important to remember that Signal’s messages and calls are end-to-end encrypted by default, meaning that the company cannot see or listen to the contents of any communication.
Just like Telegram, which has an option to turn off peer-to-peer by default and thus avoid leaking users’ IP addresses, Signal offers that option too.
If you want to completely eliminate the risk of exposing your IP address on Signal, tap on your avatar on the top left, tap on Settings, then Privacy, scroll all the way down to Advanced, and turn on the “Always Relay Calls” option.
Signal chose to make peer-to-peer calling the default between contacts to give users calls that have better audio quality and less latency, according to Signal’s president Meredith Whittaker.
“If we had relay as the default it would not work well for many people in various parts of the world. Peer to peer is faster and more performant, which in many cases is the difference between the feature working or not,” Whittaker told TechCrunch. “So ultimately it’s not just a performance issue, it’s a ‘will this work for people at all?’ issue.”
According to Signal’s senior technical writer Josh Lund, what Signal is doing is now the industry’s standard. “Using peer to peer connections is just how Voice over IP apps work. And I think that’s a really important point to represent accurately,” Lund said.
Meta-owned WhatsApp, one of the most popular chat apps in the world (if not the most), is designed to switch between peer-to-peer and relayed calls automatically, WhatsApp said.
That choice depends on call latency and which option provides stronger call quality. Sometimes that’s peer-to-peer, sometimes relaying the call through the WhatsApp server is better, according to WhatsApp. Just like Signal, WhatsApp messages and calls are end-to-end encrypted by default.
As of this writing, users don’t have the option to turn off peer-to-peer calls like they do on Signal. But, according to WhatsApp, the company has been rolling out an optional feature — already present in beta versions — that would give WhatsApp users the ability to hide their IP address from other people they’re calling, which the company plans to completely roll out in the coming weeks.
By turning on this feature, all calls will go through WhatsApp servers. In other words, WhatsApp will soon give users the ability to completely opt-out of peer-to-peer calls, just like Signal and Telegram do now.
FaceTime
Apple’s FaceTime, which is also end-to-end encrypted by default, uses peer-to-peer connections for every call, according to Apple’s security documentation.
“When the user answers the call, the audio is seamlessly transmitted from the user’s iPhone using a secure peer-to-peer connection between the two devices,” Apple says in the guide.
There is no option to turn this peer-to-peer connection off. Apple did not respond to a request for comment.
Facebook Messenger
Facebook Messenger makes it clear in a help page that “in audio or video calls between only two people, your IP address will be shared with the other person’s device to establish a peer-to-peer connection.”
“A peer-to-peer connection uses your IP address to connect directly with the person you’re calling to help improve the audio and video quality of your call. While this happens in the background, it may be possible for the other person to discover your IP address,” the page reads.
Meta spokesperson Alex Dziedzan told TechCrunch that “if you answer a call on Messenger, you will share your IP address. You can’t turn off calling as a feature.”
Snapchat
It’s unclear how Snapchat calls work, and whether they leak IP addresses or not. There’s no reference to the use of peer-to-peer calls or whether calls expose IP addresses anywhere on Snapchat’s official website. Snapchat did not respond to requests for comment.
Viber
On its website, Viber says that “peer-to-peer is only used in 1-on-1 calls on Viber.” And that users can choose to turn peer-to-peer communication off so that “your IP address is no longer used in your Viber calls, but it will reduce your call quality.”
To turn off peer-to-peer calls, go to More on the bottom-left corner with the three dots, tap on Settings, then Privacy, scroll down and turn off the toggle for “Use Peer-to-Peer.”
Viber did not respond to a request for comment.
Threema
The privacy-minded messaging app Threema works similarly to Signal. Threema spokesperson Julia Weiss told TechCrunch that calls between “unverified contacts” are “always routed through the Threema server in order to obscure the IP address.”
Users who verify each other, either by scanning their QR code or Threema ID in real life or through contact discovery — a system that allows users to link their Threema ID to their phone numbers or email addresses — will have their calls be peer-to-peer by default.
And, like Signal and Telegram, Threema users can turn off peer-to-peer by default, making all calls go through its relay servers.
To turn that option on, go to Settings, Threema Calls, and then turn on “Always Relay Calls.”
Read more on TechCrunch: