Frederic Jacobs, a former developer for Whisper Systems where he worked on the Signal app, discovered an interesting problem that will likely scare a lot of Tor users not acquainted with the Tor Browser’s underbelly.
For some years now, the Tor Project has made available the check.torproject.org web page as a means for Tor users to detect when their Tor Browser is improperly configured and is leaking their real IP address.
The service uses a simplistic UI and tells people either “Congratulations. This browser is configured to use Tor” in a green font, or “Sorry. You are not using Tor” in big bright red letters.
For users where Tor Browser’s setup is a matter of life death, this page, and its output, matters. Lots of people use it as their homepage.
IPv6 support in Tor Browser is to blame
Jacobs discovered a problem for users connecting to Tor via IPv6, the Internet addressing system that evolved to replace the classic IPv4 xxx.xxx.xxx.xxx format.
Even if his Tor Browser was properly set up, he still received this error. After digging around for an answer, Jacobs discovered the root of the problem.
“What likely happened is that