The person on the other end of a call could discover your IP address from your preferred messaging and calling software. And the main reason for this is that most chat programs by default employ peer-to-peer connections to enhance call quality, which means that you and the person you're speaking with connect directly to one another.
That is not necessarily a huge risk. But, according to experts, it’s not clear that users are aware of this potential privacy issue or are aware of how calls over popular messaging apps like Telegram, Signal, WhatsApp, Facebook Messenger, Apple’s FaceTime, Viber, Snapchat, and Threema work.
Cooper Quintin, a security researcher at the Electronic Frontier Foundation, told Newsreedom that "I think that most of them aren't aware of the fact that calls can leak their IP address to the person that they're calling, even for users with more extreme threat models."
Johns Hopkins University professor of cryptography Matthew Green claimed on X (previously Twitter) that he was unaware that Signal disclosed IP addresses during calls between contacts. Furthermore, Green said it's possible that many people are likewise unaware.
I figure that 95% of users never utilize a feature that has been designated to be non-default. I became even more optimistic when I saw that it was located in the 'Privacy' settings menu at 99%. However, Privacy > Preferences > Advanced? I'd guess we're up to 99.8% currently," Green added, alluding to Signal's ability to fully disable peer-to-peer calls.
IP addresses don’t reveal your precise location but can still present a risk to users who have their IP address exposed, especially for victims of abuse, according to Runa Sandvik, a digital security expert and founder of Granitt, a startup that helps defend at-risk users. IP addresses may also be connected to an individual's online activities, making users vulnerable to monitoring.
Experts agree that there isn’t a one-size-fits-all solution and that this is a complicated problem.
The best course of action is difficult to decide upon, according to Quintin, who has investigated the security and privacy of other messaging apps. "I don't believe there's a wonderful way to do this that always and flawlessly preserves everyone's privacy. People calling each other can either reveal their IP addresses to each other or Or the proxy servers for the encrypted messaging app can have a list of everybody who’s calling everybody. And that can be potentially accessed by law enforcement.”
Telegram
In October, we reported that Telegram leaks users’ IP addresses during calls made between contacts. As long as the two callers are in each other's contacts, security researcher Denis Simonov, commonly known as n0a, created a comparatively simple application that can be used to record the other person's IP address during a call. Telegram reveals users’ IP addresses in that circumstance because calls between contacts default to being peer-to-peer with the goal of having better “quality and reduced latency,” according to Telegram spokesperson Remi Vaughn.
Because it's a direct connection, the drawback is that both parties must be aware of each other's IP address. Unlike on other messengers, calls from those who are not on your contact list will be routed through Telegram’s servers to obscure that,” Vaughn told Newsreedom.
Similar functionality and IP address leakage are also features of other apps. The most widely used chat and calling applications are listed here, along with an explanation of how they operate and the situations in which they may disclose callers' IP addresses. (Note: the instructions that follow are exclusive to the iOS apps.)
Telegram users can prevent leaking their IP address by disabling peer-to-peer calls completely by going to Telegram’s Settings > Privacy and Security > Calls, and then selecting “Never” in the Peer-to-Peer menu.
Signal
Signal's founder, Moxie Marlinspike, stated that starting in 2017, when video calls were introduced on the platform, Signal would create a peer-to-peer connection during talks between contacts. If not, Signal would continue to reroute calls via its servers, hiding the IP addresses of those making the calls.
“By default, Signal will only attempt to establish a P2P [peer-to-peer] connection if you are initiating the call or if you are receiving a call from someone in your contacts. Signal will forward calls from people who are not in your contact book via the Signal service, according to Marlinspike.
It’s important to remember that Signal’s messages and calls are end-to-end encrypted by default, meaning that the company cannot see or listen to the contents of any communication.
Signal provides the same option to disable peer-to-peer by default as Telegram, which helps to prevent user IP addresses from being leaked.
If you want to completely eliminate the risk of exposing your IP address on Signal, tap on your avatar on the top left, tap on Settings, then Privacy, scroll all the way down to Advanced, and turn on the “Always Relay Calls” option.
Signal chose to make peer-to-peer calling the default between contacts to give users calls that have better audio quality and less latency, according to Signal’s president, Meredith Whittaker.
It wouldn't function well for many individuals in different parts of the world if relay was the default. Peer-to-peer is more efficient and quick, which frequently makes the difference between a feature functioning and not, according to Whittaker, who spoke with Newsreedom. “So ultimately, it’s not just a performance issue; it’s a ‘will this work for people at all?’ issue.”
According to Signal’s senior technical writer, Josh Lund, what Signal is doing is now the industry’s standard. “Using peer-to-peer connections is just how voice-over-IP apps work. And I think that’s a really important point to represent accurately,” Lund said.
According to WhatsApp, one of the most widely used messaging apps worldwide, if not the most, is owned by Meta and is built to automatically transition between mediated and peer-to-peer talks.
That choice depends on call latency and which option provides stronger call quality. Sometimes that’s peer-to-peer; sometimes relaying the call through the WhatsApp server is better, according to WhatsApp. Just like Signal, WhatsApp messages and calls are end-to-end encrypted by default.
On Nov. 8, WhatsApp launched an optional feature that gives WhatsApp users the ability to hide their IP address from other people they’re calling. With the help of this feature, users can now require all calls to travel via WhatsApp's servers rather than through to the other person directly. The user can then conceal their IP address from prying eyes. On iOS and Android, users may activate this new feature by turning on the "Protect IP Address in Calls" option under Settings > Privacy > Advanced.
In other words, this disables peer-to-peer calls completely, eliminating the risk of exposing one’s IP address to other WhatsApp users.
In the blog post announcing the news, the business stated that "IP addresses may contain information that some of our most privacy-conscious users are mindful of, such as broad geographical location or internet provider." "We added a new feature to WhatsApp that lets you secure your IP address while on calls in order to address this concern."
FaceTime
Apple's security literature states that every call made over FaceTime—which is likewise end-to-end encrypted by default—uses peer-to-peer connections.
“When the user answers the call, the audio is seamlessly transmitted from the user’s iPhone using a secure peer-to-peer connection between the two devices,” Apple says in the guide.
It is not possible to disable this peer-to-peer connection. A request for comment from Apple was not answered.
Facebook Messenger
"In audio or video calls between only two people, your IP address will be shared with the other person's device to establish a peer-to-peer connection," Facebook Messenger explicitly states on its support page.
FACEBOOK HAS DETECTED UP TO 400 ANDROIDS AND IOS APPS THAT ARE STEALING USERS LOG IN CREDENTIALS
“A peer-to-peer connection uses your IP address to connect directly with the person you’re calling to help improve the audio and video quality of your call. While this happens in the background, it may be possible for the other person to discover your IP address,” the page reads.
According to Meta representative Alex Dziedzan, "you will share your IP address if you answer a call on Messenger," as reported by Newsreedom. Calling cannot be disabled as a feature.Snapchat
It's unknown how Snapchat calls operate and if IP addresses are leaked or not. There’s no reference to the use of peer-to-peer calls or whether calls expose IP addresses anywhere on Snapchat’s official website. Snapchat did not respond to requests for comments.
Viber
On its website, Viber says that “peer-to-peer is only used in 1-on-1 calls on Viber.” And users can choose to turn peer-to-peer communication off so that “your IP address is no longer used in your Viber calls, but it will reduce your call quality.”
To turn off peer-to-peer calls, go to More on the bottom-left corner with the three dots, tap on Settings, then Privacy, scroll down, and turn off the toggle for “Use Peer-to-Peer.”
A request for comment from Viber was not answered.
Threema
Similar to Signal, the privacy-conscious chat service Threema operates. Calls between "unverified contacts" are "always routed through the Threema server in order to obscure the IP address," a representative for Threema Julia Weiss told Newsreedom.
Calls between users who authenticate each other—either in person by scanning each other's QR code or Threema ID or by contact discovery, a feature that lets users connect their Threema ID to their phone numbers or email addresses—become peer-to-peer by default.
And, like Signal and Telegram, Threema users can turn off peer-to-peer by default, making all calls go through its relay servers.
Navigate to Settings, Threema Calls, and select "Always Relay Calls" to activate that feature.
UPDATE: 10:30 a.m. ET on November 8 The information that WhatsApp now allows users to disable peer-to-peer calls and conceal their IP address from other users has been added to this story.
Nov. 14, 11:30 a.m. ET UPDATE: The steps for disabling peer-to-peer calls in Telegram have been added to this post.