If you are a user of the messaging software Skype, you know that you can see the location of your contacts in the Skype interface. What you probably do not know is that there is currently a way to display a Skype user's remote and local IP address as well.
A script has been uploaded to Github that offers these options. According to the page, it can be used to lookup IP addresses of online Skype accounts, and return both the remote and the local IP of that account on a website.
This blog post reveals how the script works. It basically starts an add a Skype contact request but does not complete it. The log file will display the local and remote IP of that Skype user, even if the user is not added to the list of contacts in Skype.
Update: The script is no longer available.
The script is for instance available on this site. Just enter the user name of a Skype user, fill out the captcha, and click the search button to initiate the lookup. You will receive the user's remote IP and port, as well as the local IP and port.
This works only if the Skype user is online at the time of the lookup, and not if the user is offline. The IP address can reveal the user's country of origin, and maybe even the town or district. This can be done with the help of tools such as this one. Just enter a public IP address in the form, and you will receive information about the provider of the IP address.
You can also use a tool like IP on Map to display the real world location of an IP address on a map.
Some Skype users may not see this as a problem at all, as the IP address does not reveal a user's name or street address for instance. The IP address can however lead to those information, for instance in a lawsuit.
There is currently no way of protecting yourself against the lookup of the IP address, other than not logging in to Skype when the software is not needed. The only other option would be the use of a virtual private network or proxy to hide the IP address from users who look it up. (via Hacker News)
What's your take on this? Do you think Microsoft / Skype should fix the issue, for instance by revealing IP addresses only after confirmation by the new contact in Skype?
Update: Here is a statement from a Skype spokesperson:
“We are investigating reports of a new tool that allegedly captures a Skype user’s last known IP address. This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the safety and security of our customers and we are takings measures to help protect them.”