Sorry. You are not using Tor.Your IP address appears to be: 108.61.122.139(new:108.61.122.70)

Sorry. You are not using Tor. Your IP address appears to be: 108.61.122.139 https://check.torproject.org/?lang=en_US

Trac:
Username: 108.61.122.139

added component::applications/tor check owner::arlolra priority::medium reporter::108.61.122.139 severity::critical status::assigned type::defect labels

Trac:
Username: 108.61.122.139

Trac:
Username: 108.61.122.139

Trac:
Username: 108.61.122.139

tor108.61.122.70

Trac:
Username: 108.61.122.139

new old

Trac:
Username: 108.61.122.139

Trac:
Username: 108.61.122.139
Summary: Sorry. You are not using Tor.Your IP address appears to be: 108.61.122.139 to Sorry. You are not using Tor.Your IP address appears to be: 108.61.122.139(new:108.61.122.70)

This is certainly not a bug with Atlas, as you have screenshots of check.torproject.org. I can also tell you that the IP addresses that you have seen are not Tor exit relays, nor are they Tor relays at all, so this is also not a bug with check.torproject.org.

This is most likely a problem with your local configuration.

The Tor Trac is for tracking issues with the Tor software. Please find details of user support at:

https://www.torproject.org/about/contact.html.en#support

Trac:
Resolution: N/A to not a bug
Status: new to closed

A lot of tickets about that in the blog, and you close this ticket as not a bug?

Especially, if

IP addresses that you have seen are not Tor exit relays and this is also not a bug with check.torproject.org then a problem with your local configuration the default config of Tor Browser?

Trac:
Severity: Normal to Critical
Component: Metrics/Atlas to Applications/Tor Browser
Resolution: not a bug to N/A
Status: closed to reopened

If you're seeing this with Tor Browser, then maybe this is a bug with Tor Browser, but you originally filed this on Atlas though I could not see any relevance to Atlas at all.

You've reassigned this to Tor Browser, can you confirm that you are in fact using a Tor Browser release from the Tor website and that you have validated the signatures on the download to verify its integrity and authenticity?

Can you also let us know if the IP address you are seeing is your external IP address on your Internet connection (you can visit https://check.torproject.org/ from an ordinary browser to see this as is seen by the Internet) or if another IP address is coming back?

108.61.122.139 appears on: https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=8.8.8.8&port=443

It is not on: https://check.torproject.org/exit-addresses

Replying to irl:

If you're seeing this with Tor Browser, then maybe this is a bug with Tor Browser, but you originally filed this on Atlas though I could not see any relevance to Atlas at all. It seems to be a reply to my comment, but my username is a little bit different from the author's. You've reassigned this to Tor Browser, can you confirm that you are in fact using a Tor Browser release from the Tor website and that you have validated the signatures on the download to verify its integrity and authenticity? Sounds scary, but yes. Can you also let us know if the IP address you are seeing is your external IP address on your Internet connection (you can visit https://check.torproject.org/ from an ordinary browser to see this as is seen by the Internet) or if another IP address is coming back? Uh, let's hope we'll never see real external IP address in Tor connection. In https://blog.torproject.org/blog/tor-browser-65a2-released#comment-196642 there is one IP reported by Tor, but another - reported by circuit visualizer, and a third - reported by ip-check.info site. But it's all about the exit node!

Trac:
Status: reopened to assigned
Owner: irl to tbb-team

Oh, forgot to mention, https://check.torproject.org/ sometimes shows an IPv6 address of the exit node with "Sorry. You are not using Tor." message.

So this appears then to be an issue with perhaps a few things:

• Tor Check is not returning all exits in the exit-addresses that it knows about
• Some relays are configured to listen on their IPv4 interfaces only when IPv6 addresses may be used for connections from the exit relay
• IPv6 privacy (temporary) addressing is in use and the IPv6 interface rapidly changes what the source address used is (quicker than Tor Check can keep up, I'm not sure of the reporting mechanism used)

I don't think this is a bug in Tor Browser, I think this is a problem in Tor Check. I'm not convinced that tbb-team is the appropriate owner for this bug either (though I'm also not an appropriate owner for it).

Trac:
Component: Applications/Tor Browser to Applications/Tor Check
Owner: tbb-team to arlolra

Trac:
Cc: N/A to mcs

Replying to bugzilla:

Oh, forgot to mention, https://check.torproject.org/ sometimes shows an IPv6 address of the exit node with "Sorry. You are not using Tor." message.

Since #19940 (moved), check should no longer be reachable by IPv6. Fixing the underlying issue is in #16947 (moved).

For a general response to when false negatives are encountered, please see: http://tor.stackexchange.com/a/873

I'll look into the specifics of this case in a bit.

The relay in question is, https://atlas.torproject.org/#details/7A5F0856723FF95617828B7C4852C0C81CD58997

Looking at a sampling of the archives for exit-list-2016-08.tar.xz, https://collector.torproject.org/archive/exit-lists/

> grep -A 3 -r 7A5F0856723FF95617828B7C4852C0C81CD58997 . | more

./01/2016-08-01-00-02-02:ExitNode 7A5F0856723FF95617828B7C4852C0C81CD58997
./01/2016-08-01-00-02-02-Published 2016-07-31 16:26:20
./01/2016-08-01-00-02-02-LastStatus 2016-07-31 17:03:46
./01/2016-08-01-00-02-02-ExitAddress 108.61.123.66 2016-07-31 17:09:46
--
./01/2016-08-01-19-02-02:ExitNode 7A5F0856723FF95617828B7C4852C0C81CD58997
./01/2016-08-01-19-02-02-Published 2016-08-01 10:27:20
./01/2016-08-01-19-02-02-LastStatus 2016-08-01 11:03:19
./01/2016-08-01-19-02-02-ExitAddress 108.61.123.69 2016-08-01 11:07:15
--
./02/2016-08-02-12-02-04:ExitNode 7A5F0856723FF95617828B7C4852C0C81CD58997
./02/2016-08-02-12-02-04-Published 2016-08-02 04:27:21
./02/2016-08-02-12-02-04-LastStatus 2016-08-02 09:26:55
./02/2016-08-02-12-02-04-ExitAddress 108.61.123.70 2016-08-02 05:11:52
--
./03/2016-08-03-06-02-03:ExitNode 7A5F0856723FF95617828B7C4852C0C81CD58997
./03/2016-08-03-06-02-03-Published 2016-08-02 22:27:53
./03/2016-08-03-06-02-03-LastStatus 2016-08-02 23:03:16
./03/2016-08-03-06-02-03-ExitAddress 108.61.123.85 2016-08-02 23:05:51
--
./04/2016-08-04-18-02-02:ExitNode 7A5F0856723FF95617828B7C4852C0C81CD58997
./04/2016-08-04-18-02-02-Published 2016-08-04 10:28:54
./04/2016-08-04-18-02-02-LastStatus 2016-08-04 11:03:03
./04/2016-08-04-18-02-02-ExitAddress 108.61.122.152 2016-08-04 11:08:23
--
./05/2016-08-05-12-02-03:ExitNode 7A5F0856723FF95617828B7C4852C0C81CD58997
./05/2016-08-05-12-02-03-Published 2016-08-05 04:28:55
./05/2016-08-05-12-02-03-LastStatus 2016-08-05 05:03:25
./05/2016-08-05-12-02-03-ExitAddress 108.61.122.8 2016-08-05 05:08:12
--
...

It goes on and on, and eventually gets to,

./08/2016-08-08-19-02-02:ExitNode 7A5F0856723FF95617828B7C4852C0C81CD58997
./08/2016-08-08-19-02-02-Published 2016-08-08 10:27:58
./08/2016-08-08-19-02-02-LastStatus 2016-08-08 11:02:56
./08/2016-08-08-19-02-02-ExitAddress 108.61.122.139 2016-08-08 11:03:49

and,

./13/2016-08-13-07-02-02:ExitNode 7A5F0856723FF95617828B7C4852C0C81CD58997
./13/2016-08-13-07-02-02-Published 2016-08-13 04:26:06
./13/2016-08-13-07-02-02-LastStatus 2016-08-13 05:03:04
./13/2016-08-13-07-02-02-ExitAddress 108.61.122.70 2016-08-12 23:12:49

This is somewhat analogous to what teor was talking about here, https://lists.torproject.org/pipermail/tor-dev/2016-August/011309.html

We could perhaps change the wording a bit on check to waffle a bit on the certainty of its results, but that doesn't help other services that depend critically on an accurate exit list, like ExoneraTor.

Replying to arlolra:

Replying to bugzilla:

Oh, forgot to mention, https://check.torproject.org/ sometimes shows an IPv6 address of the exit node with "Sorry. You are not using Tor." message.

Since #19940 (moved), check should no longer be reachable by IPv6. Fixing the underlying issue is in #16947 (moved). That comment had been added before #19940 (moved) was created. Fixing #14939 (moved) is also required. For a general response to when false negatives are encountered What about slightly different positives? Like when you see 108.61.122.70, reported by Tor / circuit visualizer, and 108.61.122.139 - reported by Tor Check (when they are positives). The difference in tor108.61.122.70.png, this is #18138 (moved).

What about slightly different positives?

The circuit visualizer is showing the OR address for the router, as reported in the consensus, and check is showing the exit IP, as discovered by TorDNSEL's exit scanning. Ingress vs egress. There's no requirement that they be the same thing, but I can see how it can be confusing.

Consolidating the two might involve doing a self-check in TorBrowser to discover its exiting IP (querying some "what's my ip" service), and then updating the circuit visualizer. But that seems less than ideal, and it's unclear if this is even desirable.

Replying to arlolra: Thanks, let's also see what TBB Team will decide in the Design Guide.

Have you checked this by independently resolving your IP address using a source other than check.torproject.org? If so and you still detect an address discrepancy, the issue is with your implementation of TBB. On the other hand, if the problem isn't detected with another source to resolve IP, then the issue is most likely with check.torproject.org. I might also check to determine whether or not the IP that check.torproject.org is giving is a Tor exit node, and if not, (and it is also not your IP) then I would find out whom owns the IP or if a domain is attached to it using a WHOIS, and deal with the attack from there.

Trac:
Username: bakertaylor28