Why is my real IP address still visible even when using a proxy?

Question

I am trying to understand how it is that our real IP address is discovered even after going through a private exclusive (I'm the only user) high security proxy.

PROXY_IP = "<private proxy IP>:<port>"

options = webdriver.ChromeOptions()
options.add_argument("--proxy-server=%s" % PROXY_IP)

driver = webdriver.Chrome(executable_path=".\\driver\\chromedriver.exe",
                          chrome_options=options)

driver.get("http://www.stayinvisible.com/")

This website displays a bunch of data it can grab from your interaction with it. It correctly lists the proxy's IP address and, to my surprise, it also lists our DSL IP address as an "Additional IP".

How is this happening and how do we prevent it?

One thought is that they may be using JavaScript/Java in some clever way to grab geolocation data and send it back to themselves. I scanned through the page source and couldn't find anything that stood out (although I did not do an exhaustive review).

EDIT 1:

If I use a different checking website they don't seem to report my real IP. For example, neither one of these seems to see the real IP:

driver.get("http://simplesniff.com/")

or

driver.get("http://analyze.privacy.net/")

EDIT 2:

Per one of the comments, I tried:

driver.get("http://myhttp.info/")

No signs of the real IP anywhere. I'd love to know what the stayinvisible.com code is doing...

EDIT 3:

I may have found the answer: WebRTC

https://www.privateinternetaccess.com/forum/discussion/8204/how-to-stop-webrtc-local-ip-address-leaks-on-google-chrome-and-mozilla-firefox-while-using-private-i

This, apparently is something that affects Chrome on Windows. Which is exactly what I am running (serves me well). I figured this out after finally finding a site that checks for IP leaks that told me how they got the real address:

driver.get("http://ipleak.net/")

I don't have the time today but tomorrow I'll check Firefox under Windows and also Chrome under Ubuntu desktop and OSX just to triple-check.

EDIT 4: Partial Solution

Well, obviously I am not sitting around waiting for an answer.

OK, I cracked the first issue. I suspected that http://simplesniff.com/ was using either Flash or Java to discover the real IP address. It turned out to be Flash. It was as simple as disabling it through chrome://plugins and reloading to verify.

To disable Flash in code:

options = webdriver.ChromeOptions()
options.add_argument("--proxy-server=%s" % PROXY_IP)    # Tell Chrome to use a proxy
options.add_argument("--disable-bundled-ppapi-flash")   # Disable internal Flash player
options.add_argument("--disable-plugins-discovery")     # Disable external Flash player (by not allowing it to load)

Works like a charm. Now http://simplesniff.com/ isn't able to sniff out the real IP address.

One problem remains: WebRTC. This might negate using Chrome on Windows until Google fixes it.

Answer 1

I guess I answered my own question in the edits. The bottom line is that this is a three-headed problem: Java, Flash and WebRTC. Per my edits to the question, Java and Flash are easy to deal with. WebRTC seems to only be an issue while running Chrome on Windows.

In our case the final codebase will run on a Linux server using PhantomJS. This means none of the above problems will be an issue.

We do have a small application that will run on a Windows machine out of convenience. Since there seems to be a bug that makes using Firefox and Selenium 2.0 somewhat problematic the solution is to run this codebase on an Ubuntu Workstation virtual machine on a Windows host. In that case Chrome should behave well and all will be good.