I'm curious to see how you tested this... the user-agent should only ever emit the browser (product) and a comment after this. It should never show the IP address of your machine!
Were you doing the test on all browsers, or was it only Chrome? I'm curious as to what's going on here, because if Google have worked out how to get your IP address even when going through an SSL-capable proxy (not something I'd normally recommend, btw...) then I'd suggest they are sending something else over the wire.
Mind you, if you have not disabled the X-Forward-For header on your proxy, then this may be how Google knows your originating IP address. You should be able to tell by running a packet trace between the proxy and the Google site you are accessing.
Perhaps they're just probabilistically getting your IP address by clustering your user agent+browsing habits+etc against the set of IPs it's seen that cluster come from via AdSense embedding on other sites?
Now I was setting up my proxy as I was doing these said tests so it was work in progress, First checked it all
out with no changes to the headers. Then I started stripping the headers a few at a time to see the differences
between the above websites and a few others. Now my IP changed as soon as I did an x-forward no change in the
proxy configration. At this stage 99% of websites get the IP of the proxy, I was happy. however Google still
was giving me my real IP. More header striping later and pinned it down to the user_agent. I know the user agent
does not contain any IP information but I think google must be using it as part of the IDing of the broswer profile
My main point today was that this SSL handshaking leaks lots of information that appears to be able to see
real IP behind a proxy. The bad man in side of myself now wonders if I could knock up a script like
https://p0f.popcnt.org/ that can see passed a proxy to get real IP addresse not that I would have anywhere
interesting to put it, guess it is just the fun of doing it.
Now I completely believe that my proxy could be just badly setup, so I also tested the p0f page on a number of
elite proxies (public not private or paid) and the p0f page gives up the real IP every time.
As i said, I will try the tor broswers to night (sidenote I only really test firefox because Chrome and IE lift
proxy settings from the local system where as firefox is customizable
Oh i used your header page, very nice http://my-addr.com/ip (thank you), all headers are empty and it has the correct IP (proxyed)
Sorry for spelling, :/ notepad lacks a spell:checker
Are you sure your browser or proxy is configured to use https? In my case, HTTP://p0f.popcnt.org is correctly anonymised, while HTTPS://p0f.popcnt.org is not and leaks my originating IP address.
I was concerned, so I tried a bit of troubleshooting before realising I configured Firefox to use no proxy for HTTPS traffic (because I don't want my banking to go through the proxy). So really, there was no problem.
Bizarre! Try finding an extension to change the default user agent in Firefox (there are quite a few) and try it again... I'm curious to see if it still works! What happens if you try a few different browsers? Same issue?
Were you doing the test on all browsers, or was it only Chrome? I'm curious as to what's going on here, because if Google have worked out how to get your IP address even when going through an SSL-capable proxy (not something I'd normally recommend, btw...) then I'd suggest they are sending something else over the wire.
Mind you, if you have not disabled the X-Forward-For header on your proxy, then this may be how Google knows your originating IP address. You should be able to tell by running a packet trace between the proxy and the Google site you are accessing.