Opened 3 years ago

Last modified 7 months ago

#19843 assigned defect

Sorry. You are not using Tor.Your IP address appears to be: 108.61.122.139(new:108.61.122.70)

Reported by: 108.61.122.139 Owned by: arlolra
Priority: Medium Milestone:
Component: Applications/Tor Check Version:
Severity: Critical Keywords:
Cc: mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Sorry. You are not using Tor.
Your IP address appears to be: 108.61.122.139
https://check.torproject.org/?lang=en_US

Child Tickets

Attachments (2)

tor.png (42.2 KB) - added by 108.61.122.139 3 years ago.
tor108.61.122.70.png (47.4 KB) - added by 108.61.122.139 3 years ago.
tor108.61.122.70

Download all attachments as: .zip

Change History (20)

Changed 3 years ago by 108.61.122.139

Attachment: tor.png added

Changed 3 years ago by 108.61.122.139

Attachment: tor108.61.122.70.png added

tor108.61.122.70

comment:1 Changed 3 years ago by 108.61.122.139

new
https://trac.torproject.org/projects/tor/raw-attachment/ticket/19843/tor108.61.122.70.png
old
https://trac.torproject.org/projects/tor/raw-attachment/ticket/19843/tor.png

Last edited 3 years ago by 108.61.122.139 (previous) (diff)

comment:2 Changed 3 years ago by 108.61.122.139

Summary: Sorry. You are not using Tor.Your IP address appears to be: 108.61.122.139Sorry. You are not using Tor.Your IP address appears to be: 108.61.122.139(new:108.61.122.70)

comment:3 Changed 3 years ago by irl

Resolution: not a bug
Status: newclosed

This is certainly not a bug with Atlas, as you have screenshots of check.torproject.org. I can also tell you that the IP addresses that you have seen are not Tor exit relays, nor are they Tor relays at all, so this is also not a bug with check.torproject.org.

This is most likely a problem with your local configuration.

The Tor Trac is for tracking issues with the Tor software. Please find details of user support at:

https://www.torproject.org/about/contact.html.en#support

comment:4 Changed 3 years ago by bugzilla

Component: Metrics/AtlasApplications/Tor Browser
Resolution: not a bug
Severity: NormalCritical
Status: closedreopened

A lot of tickets about that in the blog, and you close this ticket as not a bug?

Especially, if

IP addresses that you have seen are not Tor exit relays

and

this is also not a bug with check.torproject.org

then

a problem with your local configuration

the default config of Tor Browser?

comment:5 Changed 3 years ago by irl

If you're seeing this with Tor Browser, then maybe this is a bug with Tor Browser, but you originally filed this on Atlas though I could not see any relevance to Atlas at all.

You've reassigned this to Tor Browser, can you confirm that you are in fact using a Tor Browser release from the Tor website and that you have validated the signatures on the download to verify its integrity and authenticity?

Can you also let us know if the IP address you are seeing is your external IP address on your Internet connection (you can visit https://check.torproject.org/ from an ordinary browser to see this as is seen by the Internet) or if another IP address is coming back?

comment:7 in reply to:  5 Changed 3 years ago by bugzilla

Owner: changed from irl to tbb-team
Status: reopenedassigned

Replying to irl:

If you're seeing this with Tor Browser, then maybe this is a bug with Tor Browser, but you originally filed this on Atlas though I could not see any relevance to Atlas at all.

It seems to be a reply to my comment, but my username is a little bit different from the author's.

You've reassigned this to Tor Browser, can you confirm that you are in fact using a Tor Browser release from the Tor website and that you have validated the signatures on the download to verify its integrity and authenticity?

Sounds scary, but yes.

Can you also let us know if the IP address you are seeing is your external IP address on your Internet connection (you can visit https://check.torproject.org/ from an ordinary browser to see this as is seen by the Internet) or if another IP address is coming back?

Uh, let's hope we'll never see real external IP address in Tor connection. In
https://blog.torproject.org/blog/tor-browser-65a2-released#comment-196642 there is one IP reported by Tor, but another - reported by circuit visualizer, and a third - reported by ip-check.info site. But it's all about the exit node!

comment:8 Changed 3 years ago by bugzilla

Oh, forgot to mention, https://check.torproject.org/ sometimes shows an IPv6 address of the exit node with "Sorry. You are not using Tor." message.

comment:9 Changed 3 years ago by irl

So this appears then to be an issue with perhaps a few things:

  • Tor Check is not returning all exits in the exit-addresses that it knows about
  • Some relays are configured to listen on their IPv4 interfaces only when IPv6 addresses may be used for connections from the exit relay
  • IPv6 privacy (temporary) addressing is in use and the IPv6 interface rapidly changes what the source address used is (quicker than Tor Check can keep up, I'm not sure of the reporting mechanism used)

I don't think this is a bug in Tor Browser, I think this is a problem in Tor Check. I'm not convinced that tbb-team is the appropriate owner for this bug either (though I'm also not an appropriate owner for it).

comment:10 Changed 3 years ago by gk

Component: Applications/Tor BrowserApplications/Tor Check
Owner: changed from tbb-team to arlolra

comment:11 Changed 3 years ago by mcs

Cc: mcs added

comment:12 in reply to:  8 ; Changed 3 years ago by arlolra

Replying to bugzilla:

Oh, forgot to mention, https://check.torproject.org/ sometimes shows an IPv6 address of the exit node with "Sorry. You are not using Tor." message.

Since #19940, check should no longer be reachable by IPv6. Fixing the underlying issue is in #16947.

comment:13 Changed 3 years ago by arlolra

For a general response to when false negatives are encountered, please see: http://tor.stackexchange.com/a/873

I'll look into the specifics of this case in a bit.

comment:14 Changed 3 years ago by arlolra

The relay in question is,
https://atlas.torproject.org/#details/7A5F0856723FF95617828B7C4852C0C81CD58997

Looking at a sampling of the archives for exit-list-2016-08.tar.xz,
https://collector.torproject.org/archive/exit-lists/

> grep -A 3 -r 7A5F0856723FF95617828B7C4852C0C81CD58997 . | more

./01/2016-08-01-00-02-02:ExitNode 7A5F0856723FF95617828B7C4852C0C81CD58997
./01/2016-08-01-00-02-02-Published 2016-07-31 16:26:20
./01/2016-08-01-00-02-02-LastStatus 2016-07-31 17:03:46
./01/2016-08-01-00-02-02-ExitAddress 108.61.123.66 2016-07-31 17:09:46
--
./01/2016-08-01-19-02-02:ExitNode 7A5F0856723FF95617828B7C4852C0C81CD58997
./01/2016-08-01-19-02-02-Published 2016-08-01 10:27:20
./01/2016-08-01-19-02-02-LastStatus 2016-08-01 11:03:19
./01/2016-08-01-19-02-02-ExitAddress 108.61.123.69 2016-08-01 11:07:15
--
./02/2016-08-02-12-02-04:ExitNode 7A5F0856723FF95617828B7C4852C0C81CD58997
./02/2016-08-02-12-02-04-Published 2016-08-02 04:27:21
./02/2016-08-02-12-02-04-LastStatus 2016-08-02 09:26:55
./02/2016-08-02-12-02-04-ExitAddress 108.61.123.70 2016-08-02 05:11:52
--
./03/2016-08-03-06-02-03:ExitNode 7A5F0856723FF95617828B7C4852C0C81CD58997
./03/2016-08-03-06-02-03-Published 2016-08-02 22:27:53
./03/2016-08-03-06-02-03-LastStatus 2016-08-02 23:03:16
./03/2016-08-03-06-02-03-ExitAddress 108.61.123.85 2016-08-02 23:05:51
--
./04/2016-08-04-18-02-02:ExitNode 7A5F0856723FF95617828B7C4852C0C81CD58997
./04/2016-08-04-18-02-02-Published 2016-08-04 10:28:54
./04/2016-08-04-18-02-02-LastStatus 2016-08-04 11:03:03
./04/2016-08-04-18-02-02-ExitAddress 108.61.122.152 2016-08-04 11:08:23
--
./05/2016-08-05-12-02-03:ExitNode 7A5F0856723FF95617828B7C4852C0C81CD58997
./05/2016-08-05-12-02-03-Published 2016-08-05 04:28:55
./05/2016-08-05-12-02-03-LastStatus 2016-08-05 05:03:25
./05/2016-08-05-12-02-03-ExitAddress 108.61.122.8 2016-08-05 05:08:12
--
...

It goes on and on, and eventually gets to,

./08/2016-08-08-19-02-02:ExitNode 7A5F0856723FF95617828B7C4852C0C81CD58997
./08/2016-08-08-19-02-02-Published 2016-08-08 10:27:58
./08/2016-08-08-19-02-02-LastStatus 2016-08-08 11:02:56
./08/2016-08-08-19-02-02-ExitAddress 108.61.122.139 2016-08-08 11:03:49

and,

./13/2016-08-13-07-02-02:ExitNode 7A5F0856723FF95617828B7C4852C0C81CD58997
./13/2016-08-13-07-02-02-Published 2016-08-13 04:26:06
./13/2016-08-13-07-02-02-LastStatus 2016-08-13 05:03:04
./13/2016-08-13-07-02-02-ExitAddress 108.61.122.70 2016-08-12 23:12:49

This is somewhat analogous to what teor was talking about here,
https://lists.torproject.org/pipermail/tor-dev/2016-August/011309.html

We could perhaps change the wording a bit on check to waffle a bit on the certainty of its results, but that doesn't help other services that depend critically on an accurate exit list, like ExoneraTor.

comment:15 in reply to:  12 Changed 3 years ago by bugzilla

Replying to arlolra:

Replying to bugzilla:

Oh, forgot to mention, https://check.torproject.org/ sometimes shows an IPv6 address of the exit node with "Sorry. You are not using Tor." message.

Since #19940, check should no longer be reachable by IPv6. Fixing the underlying issue is in #16947.

That comment had been added before #19940 was created. Fixing #14939 is also required.

For a general response to when false negatives are encountered

What about slightly different positives? Like when you see 108.61.122.70, reported by Tor / circuit visualizer, and 108.61.122.139 - reported by Tor Check (when they are positives).
The difference in attachment:tor108.61.122.70.png, this is #18138.

comment:16 Changed 3 years ago by arlolra

What about slightly different positives?

The circuit visualizer is showing the OR address for the router, as reported in the consensus, and check is showing the exit IP, as discovered by TorDNSEL's exit scanning. Ingress vs egress. There's no requirement that they be the same thing, but I can see how it can be confusing.

Consolidating the two might involve doing a self-check in TorBrowser to discover its exiting IP (querying some "what's my ip" service), and then updating the circuit visualizer. But that seems less than ideal, and it's unclear if this is even desirable.

comment:17 in reply to:  16 Changed 3 years ago by bugzilla

Replying to arlolra:
Thanks, let's also see what TBB Team will decide in the Design Guide.

comment:18 Changed 7 months ago by bakertaylor28

Have you checked this by independently resolving your IP address using a source other than check.torproject.org? If so and you still detect an address discrepancy, the issue is with your implementation of TBB. On the other hand, if the problem isn't detected with another source to resolve IP, then the issue is most likely with check.torproject.org. I might also check to determine whether or not the IP that check.torproject.org is giving is a Tor exit node, and if not, (and it is also not your IP) then I would find out whom owns the IP or if a domain is attached to it using a WHOIS, and deal with the attack from there.

Note: See TracTickets for help on using tickets.