Is real public IP Address hidden when using a system wide proxy in Windows 10?



For example if I am using a free VPN(I know vpn and proxy not the same) and it looses the connection, for this short period of time my real IP is exposed, before connecting back to VPN again.

Does this occur if I am using proxy server setup in Windows 10 settings?

Settings -> Network & Internet -> Proxy


Internetoptions -> “Connections” -> “LAN-Settings”->“Extended Options”

If yes, can I somehow prevent it from doing so.


Posted 2019-05-24T17:05:07.917

Reputation: 221



No. The proxy settings are 1) completely optional, 2) not applicable to most non-HTTP-based protocols. (For example, protocols built on top of UDP are outright incompatible with HTTP proxies.)


Posted 2019-05-24T17:05:07.917

Reputation: 283 655


Other people have discussed the network side, so I will point out a different issue: Applications.

Even if you could set up an airtight network setup where your public IP is never exposed, that doesnt guarantee that an application you are running doesnt expose it. Even a program from a developer you trust can accidentally expose your information. An application might have a security flaw, a bug, the user misconfigured it, or even by design, which exposes the public IP of the user. Here is one example of this.

Unless you can sniff the unexcrypted packets being sent by an application, its really hard to tell what information they are sending.


Posted 2019-05-24T17:05:07.917

Reputation: 57 019

This is a little pessimistic. You could combine the VPN with some kind of NAT-like contraption, so that the only device aware of the "public IP" is the router(?) that is implementing the combined VPN/NAT functionality. The PC gets a private IP and has no idea it's even on a VPN. The private IP could be exposed, but since lots of IPv4 hosts are on NATs anyway, that's not terribly interesting to the average attacker. – Kevin – 2019-05-25T04:55:23.570

@Kevin pessimistic or not, its true. It might not be in every case, but it is something to be mindful of. – Keltari – 2019-05-26T16:58:39.463

@Kevin: It becomes quite interesting when the network also runs IPv6 (as the app might accidentally report your global IPv6 prefix). – user1686 – 2019-05-27T06:27:40.147


Does this occur if I am using proxy server setup in Windows 10 settings?


If yes, can I somehow prevent it from doing so.


There are several reasons for this:

The way a proxy works, is that instead of connecting to the server directly, you connect to the proxy and the proxy connects to the server. In order to do this, the proxy needs to understand the protocol you are using to connect to the server.

The particular settings you are talking about, are for web proxies, i.e. proxies that implement proxying for typical web protocols such as HTTP, HTTPS, FTP, FTPS, WS, WSS, and Gopher.

So, that should already tell you the first limitation: it only works for a limited set of protocols, i.e. for web protocols, IOW it only works for web browsing and related things, and not, for example, for Email, or Skype, or Teamspeak, or multiplayer games, or a myriad of other protocols.

Also, in order for the proxy to be used, an application has to actually, well, use the proxy. Internet Explorer and Edge, for example, they read those settings you talked about, but not every browser does. Some browsers have their own, browser-specific proxy settings.

Lastly, the protocol itself could contain the original IP address (or other identifying data) in encrypted form, and there is nothing the proxy can do about that. For example, the WhatsApp Messenger uses end-to-end encryption, so the proxy can not look inside the protocol. And the protocol is proprietary, so nobody knows what it actually sends. It is entirely possible that it might send the original IP address, or the telephone number.

So, in short:

  1. The use of the proxy is completely voluntary. Only applications which read those settings and want to use the proxy will use it.
  2. The proxy generally only works for web protocols.
  3. Applications may still send the IP address as part of the application protocol.

Jörg W Mittag

Posted 2019-05-24T17:05:07.917

Reputation: 1 236

1There are two kinds of HTTPS proxies. The classic kind, which Windows InternetOptions +IE/Edge/etc is intended to support, creates a TCP-level relay with CONNECT, see RFC2817 sec5, then does HTTPS end-to-end over that relay, so server sees the (last) proxy IP but browser gets the real cert. You are talking about the newer kind of 'proxy' that is really an interceptor used by many organizations or people to 'inspect' traffic (for things like personal use, porn, malware, secret or restricted data) and those require browser trust the interceptor's (fake) CA cert. ... – dave_thompson_085 – 2019-05-25T07:36:47.097

1... HTTP CONNECT could be used for other TCP-based protocols, but I don't know anything (at least on Windows) that does so. – dave_thompson_085 – 2019-05-25T07:37:24.750

@dave_thompson_085: Thanks. Removed. You're right, I completely forgot about that. The last time I set up a proxy was 20 years ago, and that was a filtering proxy, so it needed access to the content of both the request and the response. – Jörg W Mittag – 2019-05-25T07:50:35.720