{{Header}}
{{Title|title=
I think I might have found a leak or something strange.
}}
{{#seo:
|description=This is unlikely. Here is why.
}}
<div class="mininav">
* [[Dev/Leak Tests|Leak Tests]]
* [[Leaks|I think I might have found a leak or something strange.]]
</div>
{{intro|
This is unlikely. Here is why.
}}
= Why this is unlikely? =
* <u>Summary:</u> When a link to this wiki page is posted by an administrator or moderators in the {{project_name_short}} forums, then there is likely no evidence your IP was leaked from inside Whonix-Workstation.
* <u>Fact:</u> {{project_age_years}} provides [[Reliable_IP_Hiding|reliable IP hiding]]. In over {{project_age_years}} years of [[history]], no leaks have been reported in {{project_name_short}}.
* <u>Invalid compromise indicator:</u> See also {{kicksecure_wiki
|wikipage=Malware_and_Firmware_Trojans#Valid_Compromise_Indicators_versus_Invalid_Compromise_Indicators
|text=Valid Compromise Indicators versus Invalid Compromise Indicators
}}.
* <u>Lack of required skills:</u> Non-technical users lack the capability to find IP leaks. It requires knowledge of using packet analyzers and understanding their output or using some tool (such as a browser, command line downloader) running inside {{project_name_workstation_short}} and showing the user’s real external IP address. This requires being a sysadmin or similar. That’s just the way it is. A non-doctor lacks the capability to perform heart surgery. There is no shame in that.
* <u>Invalid test results:</u> There are many [[Dev/Leak_Tests#Unsuitable_Tests|Unsuitable Tests]].
* <u>[[Reporting_Bugs#Support_Request_Policy|Support Request Policy]]:</u> <blockquote>{{project_name_short}} developers will normally only respond if they are convinced an actual technical, privacy or security-related problem has been identified. Many issues are unfortunately [[#Out of Scope Issues|Out of Scope Issues]].</blockquote>
* <u>[[Reporting_Bugs#Policy_Rationale|Policy Rationale]]:</u> Limited developer time.
* <u>Purpose of this wiki page:</u> Having a wiki page that allows to quickly reply to a similar support request.
* <u>Lack of other reports:</u> If this were an issue, technical users performing [[Dev/Leak_Tests|Leak Tests]] (or [[Security Reviews and Feedback]]) would have reported this already. Multiple users, among years long users, would report the same issue.
* <u>Research community:</u> It seems rational to assume that there is an active research community. See [https://www.freehaven.net/anonbib/ anonbib] for a collection about research papers about Tor and other anonymity networks. The [https://seclists.org/fulldisclosure/ Full Disclosure Mailing List] is highly active. Presumably, security researchers would be happy to collect a proverbial trophy by finding a leak in {{project_name_short}}. Nowadays, security researchers like to create websites for security issues with nice descriptions and cute logos. Examples include [https://milksad.info/ Milk Sad], [https://meltdownattack.com/ Meltdown and Spectre], and many others.
* <u>Trust based:</u>

{{quotation
|quote=Realistically, users can only [[Trust]] that software works as described and intended, develop skills to undertake audits and/or pay someone to perform that task.
|context={{kicksecure_wiki
|wikipage=System Audit
|text=System Audit
}}
}}

= How to prove that there is a leak? =
* A) Use one of the available [[Dev/Leak Tests|leak tests]]
* B) Create your own test.

'''1.''' Find out your own external IP address.

'''2.''' Host your own leak testing server.

'''3.''' Connect to your leak testing server over clearnet (or a VM that does not use Tor).

'''4.''' Confirm from the server logs the time and IP address when you connected to your own server.

'''5.''' Run an application inside {{project_name_workstation_short}} that connects to your own server.

'''6.'''. Check if you can find a new log entry with the time and your own external IP address.

= Proper Report =
Unless someone can demonstrate to run a command inside {{project_name_workstation_short}} that results in showing the user’s real external IP address, there is no anonymity / routing related bug. <ref>
Excluding security bugs such as a hypothetical vulnerability that breaks the virtualizer, the kernel.
</ref>

= User Alternatives =
If the user believes there is an IP leak bug in {{project_name_short}}, there is not much the user can do:

* '''A)''' <u>Become a sysadmin:</u> Learn Linux networking.
* '''B)''' <u>Paid investigation:</u> Pay a third party to investigate this issue.
* '''C)''' <u>Paid full security audit:</u> Pay a third party to perform a full security audit of {{project_name_short}}.
* '''D)''' <u>Paid conceptual review:</u> Pay a third party to review and explain the [[Dev/Technical_Introduction#multiple_security_layers|technical design summary]] to the user.
* '''E)''' <u>Stop:</u> Stop using {{project_name_short}}.

= Example Forum Threads =
* https://forums.whonix.org/t/chrome-acceses-ip-in-search-bar/19738
* https://forums.whonix.org/t/ip-leak-workstation-connect-directly-to-servers-bypassing-the-gateway/18036
* https://forums.whonix.org/t/google-calculated-me-across-whonix/4087
* https://forums.whonix.org/t/possible-tor-browser-whonix-leak/13586
* https://forums.whonix.org/t/strange-behavior-of-whonix-related-to-updates/19782

= Footnotes =
{{reflist|close=1}}
{{Footer}}
[[Category:Documentation]]