Update Your Tor Browser to Prevent Your Real IP From Leaking
Some users of the privacy-focused Tor web browser should download the latest app update , which adds an interim fix to prevent the browser from leaking identifying information such as IP addresses. The TorMoil bug, dubbed by security research company We Are Segment that discovered the vulnerability, could exploit the browser flaw to reveal a user’s real IP address by logging out of anonymous browsers if they click on a certain type of link.
Your real IP address may be missing
The IP leak issue only affects Tor browsers on Mac and Linux devices (Windows and Tails Tor users are safe for now). We – Segment CEO Filippo Cavallarin called the issue a bug in the way the Tor browser (based on the Firefox version) handles links that start with a “file: //” handler. Why this doesn’t affect Windows or Tails Tor users is unclear, but Cavallarin plans to share more details on the vulnerability once a proper fix is implemented. Tor handles http: // and https: // links by sending your traffic through Tor’s network of volunteer-run virtual tunnels to keep it anonymous. Clicking the file: // URL instead of routing it through the appropriate privacy-focused servers will allow the operating system to connect directly to the remote host, exposing the user’s IP address.
Update now, but expect another update soon
The latest Tor browser update 7.0.9 fixes the TorMoil bug and prevents your IP address from leaking when clicking the file: // link. However, according to Tor, your browser may handle files differently until the correct fix is applied:
“The fix we have implemented is just a workaround to stop the leak. As a result, navigating to file: // URLs in the browser may no longer work as expected. In particular, entering file: // URLs into the address bar and clicking on the resulting links does not work. Opening them in a new tab or in a new window doesn’t work either. To solve this problem, drag the link to the address bar or to the tab. “
In short, you need to start dragging and dropping file: // links to the URL bar or tab, not just clicking on them. Regardless of how often you click on file: // links or not, you should update your Tor browser to the most recent stable version to avoid falling victim to identity disclosure bugs.
Tor Critical Error Leaks Users Real IP Address – Update Now | Ars Technica