14 DAY TRIAL // Frederic Jacobs, a former developer for Whisper Systems where he worked on the Signal app, discovered an interesting problem that will likely scare a lot of Tor users not acquainted with the Tor Browser's underbelly.
For some years now, the TOR Project has made available the check.torproject.org web page as a means for users to detect when their Tor Browser is improperly configured and is leaking their real IP address.
The service uses a simplistic UI and tells people either "Congratulations. This browser is configured to use Tor" in a green font, or "Sorry. You are not using Tor" in big bright red letters.
In the case of users for whom Tor Browser's setup is a matter of life & death, this page and its output matter. Lots of people use it as their homepage.
IPv6 support in Tor Browser is to blame
Jacobs discovered a problem for users connecting to Tor via IPv6, the Internet addressing system that evolved to replace the classic IPv4 xxx.xxx.xxx.xxx format.
Even if his Tor Browser was properly set up, he still received this error. After digging around for an answer, Jacobs discovered the root of the problem.
"What likely happened is that the exit node connected to check.torproject.org over IPv6," he explains. "Since Tor doesn’t have full support for IPv6 yet, the exit node appeared as unknown, hence triggering this warning."
Jacobs raised the issue with the Tor Project on their developer mailing list and recommended that Tor nodes not use IPv6 at all until the Tor Browser fully supports this feature.
This shouldn't be a big issue since IPv6 support worldwide is still under 15 percent, according to Google. The Tor Project still has more than enough time to properly support IPv6 in the Tor network and browser, but it would be a good idea not to scare or confuse its users until then.
