{{Header}}
{{Title|title=
I think I might have found a leak or something strange.
}}
{{#seo:
|description=This is unlikely. Here is why.
|image=Strange-leak12312.jpg
}}
{{audit_mininav}}
[[File:Strange-leak12312.jpg|thumb]]
{{intro|
This is unlikely. Here is why.
}}
= Why this is unlikely? =
* <u>Summary:</u> When a link to this wiki page is posted by an administrator or moderators in the {{project_name_short}} forums, then there is likely no evidence your IP was leaked from inside Whonix-Workstation.
* <u>Fact:</u> {{project_name_long}} provides [[Reliable_IP_Hiding|reliable IP hiding]]. In over {{project_age_years}} years of [[history]], no leaks have been reported in {{project_name_short}}.
* <u>Invalid compromise indicator:</u> See also {{kicksecure_wiki
|wikipage=Malware_and_Firmware_Trojans#Valid_Compromise_Indicators_versus_Invalid_Compromise_Indicators
|text=Valid Compromise Indicators versus Invalid Compromise Indicators
}}.
* <u>Lack of required skills:</u> Non-technical users lack the capability to find IP leaks. It requires knowledge of using packet analyzers and understanding their output or using some tool (such as a browser, command line downloader) running inside {{project_name_workstation_short}} and showing the user’s real external IP address. This requires being a sysadmin or similar. That’s just the way it is. A normal person cannot perform heart surgery, and even a doctor who does not specialize in it lacks the capability to perform it, and there is no shame in that. See also [[System Audit]].
* <u>Invalid test results:</u> There are many [[Dev/Leak_Tests#Unsuitable_Tests|Unsuitable Tests]].
* <u>[[Reporting_Bugs#Support_Request_Policy|Support Request Policy]]:</u> <blockquote>{{project_name_short}} developers will normally only respond if they are convinced an actual technical, privacy or security-related problem has been identified. Many issues are unfortunately [[Reporting_Bugs#Out_of_Scope_Issues|Out of Scope Issues]].</blockquote>
* <u>[[Reporting_Bugs#Policy_Rationale|Policy Rationale]]:</u> Limited developer time.
* <u>Purpose of this wiki page:</u> Having a wiki page that allows to quickly reply to a similar support request.
* <u>Lack of other reports:</u> If this were an issue, technical users performing [[Dev/Leak_Tests|Leak Tests]] (or [[Security Reviews and Feedback]]) would have reported this already. Multiple users, among years long users, would report the same issue.
* <u>Research community:</u> It seems rational to assume that there is an active research community. See [https://www.freehaven.net/anonbib/ anonbib] for a collection about research papers about Tor and other anonymity networks. The [https://seclists.org/fulldisclosure/ Full Disclosure Mailing List] is highly active. Presumably, security researchers would be happy to collect a proverbial trophy by finding a leak in {{project_name_short}}. Nowadays, security researchers like to create websites for security issues with good descriptions and nice logos. Examples include [https://milksad.info/ Milk Sad], [https://meltdownattack.com/ Meltdown and Spectre], and many others.
* <u>Trust based:</u>

{{quotation
|quote=Realistically, users can only [[Trust]] that software works as described and intended, develop skills to undertake audits and/or pay someone to perform that task.
|context={{kicksecure_wiki
|wikipage=System Audit
|text=System Audit
}}
}}

= How to prove that there is a leak? =
* A) Use one of the available [[Dev/Leak Tests|leak tests]].
* B) Create your own test.

'''1.''' Determine your external IP address.

'''2.''' Host your own leak testing server.

'''3.''' Connect to your leak testing server over clearnet (or use a VM that does not use Tor).

'''4.''' Confirm the connection time and IP address in the server logs when you connect to your server.

'''5.''' Run an application inside {{project_name_workstation_short}} that connects to your server.

'''6.''' Check the server logs for a new entry with the connection time and your external IP address.

= Proper Report =
Unless someone can demonstrate to run a command inside {{project_name_workstation_short}} that results in showing the user’s real external IP address, there is no anonymity / routing related bug. <ref>
Excluding security bugs such as a hypothetical vulnerability that breaks the virtualizer, the kernel.
</ref>

= User Alternatives =
If the user believes there is an IP leak bug in {{project_name_short}}, there is not much the user can do:

* '''A)''' <u>Become a sysadmin:</u> Learn Linux networking.
* '''B)''' <u>Paid investigation:</u> Pay a third party to investigate this issue.
* '''C)''' <u>Paid full security audit:</u> Pay a third party to perform a full security audit of {{project_name_short}}.
* '''D)''' <u>Paid conceptual review:</u> Pay a third party to review and explain the [[Dev/Technical_Introduction#multiple_security_layers|technical design summary]] to the user.
* '''E)''' <u>Disclose:</u> Disclose your findings publicly and see if any security researcher takes it seriously.

= Example Forum Threads =
* [https://forums.whonix.org/t/chrome-acceses-ip-in-search-bar/19738 Chrome acceses IP in search bar!]
* [https://forums.whonix.org/t/ip-leak-workstation-connect-directly-to-servers-bypassing-the-gateway/18036 IP leak? Workstation connect directly to servers bypassing the gateway?]
* [https://forums.whonix.org/t/google-calculated-me-across-whonix/4087 google calculated me across whonix]
* [https://forums.whonix.org/t/possible-tor-browser-whonix-leak/13586 Possible Tor Browser/Whonix Leak]
* [https://forums.whonix.org/t/strange-behavior-of-whonix-related-to-updates/19782 Strange behavior of Whonix related to updates.]
* [https://forums.whonix.org/t/ssh-tunnel-from-whonix-workstation-to-vps-unreliable/19969 SSH tunnel from Whonix Workstation to VPS unreliable]
* [https://forums.whonix.org/t/whonix-not-safe-traffic-decrypted/20455 Whonix not safe traffic decrypted!]

= Footnotes =
{{reflist|close=1}}
{{Footer}}
[[Category:Documentation]]