Don't let your Mumble client expose your (users) IP address(es).

If someone sends a textmessage with an image file embedded via IMG-tag to a user/channel the Mumble-Client automatically starts to download the file. Everyone who has access to the used web server and can write text messages to other users (which is enabled by default) is able to get the IP-Address of his victim(s).

There are two solutions for this problem… using one of these is sufficient.

(A related German blog post is available in my blog)

Configure → Settings → Network → Misc → now check „Disable image download“ (if this option is not available, then enable „Advanced“ in the bottom left corner of the configuration window):

Plumble 3.0 can also download embedded images which should be disabled:

Uncheck „Settings“ → „General“ → „Load External Images“.

As a Mumble-Server hoster you must change the server option allowhtml to false. This will remove everything from text messages that is not plain text.

This option must be set in the murmur.ini of your server or in any used web interface.