I think I might have found a leak or something strange.
This is unlikely. Here is why.
Why this is unlikely?[edit]
- Summary: When a link to this wiki page is posted by an administrator or moderators in the Whonix forums, then there is likely no evidence your IP was leaked from inside Whonix-Workstation.
- Fact: Whonix provides reliable IP hiding. In over 12 years of history, no leaks have been reported in Whonix.
- Invalid compromise indicator: See also Valid Compromise Indicators versus Invalid Compromise Indicators .
- Lack of required skills: Non-technical users lack the capability to find IP leaks. It requires knowledge of using packet analyzers and understanding their output or using some tool (such as a browser, command line downloader) running inside Whonix-Workstation and showing the user’s real external IP address. This requires being a sysadmin or similar. That’s just the way it is. A normal person cannot perform heart surgery, and even a doctor who does not specialize in it lacks the capability to perform it, and there is no shame in that. See also System Audit.
- Invalid test results: There are many Unsuitable Tests.
- Support Request Policy:
Whonix developers will normally only respond if they are convinced an actual technical, privacy or security-related problem has been identified. Many issues are unfortunately Out of Scope Issues.
- Policy Rationale: Limited developer time.
- Purpose of this wiki page: Having a wiki page that allows to quickly reply to a similar support request.
- Lack of other reports: If this were an issue, technical users performing Leak Tests (or Security Reviews and Feedback) would have reported this already. Multiple users, among years long users, would report the same issue.
- Research community: It seems rational to assume that there is an active research community. See anonbib for a collection about research papers about Tor and other anonymity networks. The Full Disclosure Mailing List is highly active. Presumably, security researchers would be happy to collect a proverbial trophy by finding a leak in Whonix. Nowadays, security researchers like to create websites for security issues with good descriptions and nice logos. Examples include Milk Sad, Meltdown and Spectre, and many others.
- Trust based:
Realistically, users can only Trust that software works as described and intended, develop skills to undertake audits and/or pay someone to perform that task. System Audit
How to prove that there is a leak?[edit]
- A) Use one of the available leak tests.
- B) Create your own test.
1. Determine your external IP address.
2. Host your own leak testing server.
3. Connect to your leak testing server over clearnet (or use a VM that does not use Tor).
4. Confirm the connection time and IP address in the server logs when you connect to your server.
5. Run an application inside Whonix-Workstation that connects to your server.
6. Check the server logs for a new entry with the connection time and your external IP address.
Proper Report[edit]
Unless someone can demonstrate to run a command inside Whonix-Workstation that results in showing the user’s real external IP address, there is no anonymity / routing related bug. [1]
User Alternatives[edit]
If the user believes there is an IP leak bug in Whonix, there is not much the user can do:
- A) Become a sysadmin: Learn Linux networking.
- B) Paid investigation: Pay a third party to investigate this issue.
- C) Paid full security audit: Pay a third party to perform a full security audit of Whonix.
- D) Paid conceptual review: Pay a third party to review and explain the technical design summary to the user.
- E) Disclose: Disclose your findings publicly and see if any security researcher takes it seriously.
Example Forum Threads[edit]
- Chrome acceses IP in search bar!
- IP leak? Workstation connect directly to servers bypassing the gateway?
- google calculated me across whonix
- Possible Tor Browser/Whonix Leak
- Strange behavior of Whonix related to updates.
- SSH tunnel from Whonix Workstation to VPS unreliable
- Whonix not safe traffic decrypted!
Footnotes[edit]
- ↑ Excluding security bugs such as a hypothetical vulnerability that breaks the virtualizer, the kernel.
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!