{{Header}} {{Title|title= I think I might have found a leak or something strange. }} {{#seo: |description=This is unlikely. Here is why. |image=Strange-leak12312.jpg }} {{audit_mininav}} [[File:Strange-leak12312.jpg|thumb]] {{intro| This is unlikely. Here is why. }} = Why this is unlikely? = * Summary: When a link to this wiki page is posted by an administrator or moderators in the {{project_name_short}} forums, then there is likely no evidence your IP was leaked from inside Whonix-Workstation. * Fact: {{project_name_long}} provides [[Reliable_IP_Hiding|reliable IP hiding]]. In over {{project_age_years}} years of [[history]], no leaks have been reported in {{project_name_short}}. * Invalid compromise indicator: See also {{kicksecure_wiki |wikipage=Malware_and_Firmware_Trojans#Valid_Compromise_Indicators_versus_Invalid_Compromise_Indicators |text=Valid Compromise Indicators versus Invalid Compromise Indicators }}. * Lack of required skills: Non-technical users lack the capability to find IP leaks. It requires knowledge of using packet analyzers and understanding their output or using some tool (such as a browser, command line downloader) running inside {{project_name_workstation_short}} and showing the user’s real external IP address. This requires being a sysadmin or similar. That’s just the way it is. A normal person cannot perform heart surgery, and even a doctor who does not specialize in it lacks the capability to perform it, and there is no shame in that. See also [[System Audit]]. * Invalid test results: There are many [[Dev/Leak_Tests#Unsuitable_Tests|Unsuitable Tests]]. * [[Reporting_Bugs#Support_Request_Policy|Support Request Policy]]:
{{project_name_short}} developers will normally only respond if they are convinced an actual technical, privacy or security-related problem has been identified. Many issues are unfortunately [[Reporting_Bugs#Out_of_Scope_Issues|Out of Scope Issues]].* [[Reporting_Bugs#Policy_Rationale|Policy Rationale]]: Limited developer time. * Purpose of this wiki page: Having a wiki page that allows to quickly reply to a similar support request. * Lack of other reports: If this were an issue, technical users performing [[Dev/Leak_Tests|Leak Tests]] (or [[Security Reviews and Feedback]]) would have reported this already. Multiple users, among years long users, would report the same issue. * Research community: It seems rational to assume that there is an active research community. See [https://www.freehaven.net/anonbib/ anonbib] for a collection about research papers about Tor and other anonymity networks. The [https://seclists.org/fulldisclosure/ Full Disclosure Mailing List] is highly active. Presumably, security researchers would be happy to collect a proverbial trophy by finding a leak in {{project_name_short}}. Nowadays, security researchers like to create websites for security issues with good descriptions and nice logos. Examples include [https://milksad.info/ Milk Sad], [https://meltdownattack.com/ Meltdown and Spectre], and many others. * Trust based: {{quotation |quote=Realistically, users can only [[Trust]] that software works as described and intended, develop skills to undertake audits and/or pay someone to perform that task. |context={{kicksecure_wiki |wikipage=System Audit |text=System Audit }} }} = How to prove that there is a leak? = * A) Use one of the available [[Dev/Leak Tests|leak tests]]. * B) Create your own test. '''1.''' Determine your external IP address. '''2.''' Host your own leak testing server. '''3.''' Connect to your leak testing server over clearnet (or use a VM that does not use Tor). '''4.''' Confirm the connection time and IP address in the server logs when you connect to your server. '''5.''' Run an application inside {{project_name_workstation_short}} that connects to your server. '''6.''' Check the server logs for a new entry with the connection time and your external IP address. = Proper Report = Unless someone can demonstrate to run a command inside {{project_name_workstation_short}} that results in showing the user’s real external IP address, there is no anonymity / routing related bug. Excluding security bugs such as a hypothetical vulnerability that breaks the virtualizer, the kernel. = User Alternatives = If the user believes there is an IP leak bug in {{project_name_short}}, there is not much the user can do: * '''A)''' Become a sysadmin: Learn Linux networking. * '''B)''' Paid investigation: Pay a third party to investigate this issue. * '''C)''' Paid full security audit: Pay a third party to perform a full security audit of {{project_name_short}}. * '''D)''' Paid conceptual review: Pay a third party to review and explain the [[Dev/Technical_Introduction#multiple_security_layers|technical design summary]] to the user. * '''E)''' Disclose: Disclose your findings publicly and see if any security researcher takes it seriously. = Example Forum Threads = * [https://forums.whonix.org/t/chrome-acceses-ip-in-search-bar/19738 Chrome acceses IP in search bar!] * [https://forums.whonix.org/t/ip-leak-workstation-connect-directly-to-servers-bypassing-the-gateway/18036 IP leak? Workstation connect directly to servers bypassing the gateway?] * [https://forums.whonix.org/t/google-calculated-me-across-whonix/4087 google calculated me across whonix] * [https://forums.whonix.org/t/possible-tor-browser-whonix-leak/13586 Possible Tor Browser/Whonix Leak] * [https://forums.whonix.org/t/strange-behavior-of-whonix-related-to-updates/19782 Strange behavior of Whonix related to updates.] * [https://forums.whonix.org/t/ssh-tunnel-from-whonix-workstation-to-vps-unreliable/19969 SSH tunnel from Whonix Workstation to VPS unreliable] * [https://forums.whonix.org/t/whonix-not-safe-traffic-decrypted/20455 Whonix not safe traffic decrypted!] = Footnotes = {{reflist|close=1}} {{Footer}} [[Category:Documentation]]