Tor Browser on Android leaks IP in desktop mode13 points·by shchess·3 mesi fa·2 commentsI've been testing Tor Browser on Android (rooted tablet + Bluetooth tether sniffer). Here's what I found:These requests contain:· Your real IP address · The .onion URL in the Referer header · Tor Browser user-agentThe evidence (captured live):``` [18:12:10] 10.188.1.98 -> 192.178.183.95 (Akamai) [18:12:14] 10.188.1.98 -> 142.251.14.95 (Google) [18:12:22] 10.188.1.98 -> 142.251.20.95 (Google) ```HTTP attempts: 5 HTTPS SNI captured: 0All plain text. No encryption. Tor not involved.What this means:Every time you use Tor Browser on Android, switch to Desktop Mode, and visit a .onion site, you're broadcasting your real IP to Google, Amazon, and anyone monitoring your network.2 commentsPost comment[–]rjn32s·3 mesi fareplythat's a solid information[–]high_byte·3 mesi fareplydid you report this?
These requests contain:
· Your real IP address · The .onion URL in the Referer header · Tor Browser user-agent
The evidence (captured live):
``` [18:12:10] 10.188.1.98 -> 192.178.183.95 (Akamai) [18:12:14] 10.188.1.98 -> 142.251.14.95 (Google) [18:12:22] 10.188.1.98 -> 142.251.20.95 (Google) ```
HTTP attempts: 5 HTTPS SNI captured: 0
All plain text. No encryption. Tor not involved.
What this means:
Every time you use Tor Browser on Android, switch to Desktop Mode, and visit a .onion site, you're broadcasting your real IP to Google, Amazon, and anyone monitoring your network.