Is that possible for any JS script on a website to leak my IP when using tor? Does whonix do anything special? I used also vpn before tor
That’s flawed reasoning based on limited information.
Blocking all Tor exit relays is neither hard nor uncommon. Trivial to block Tor when using cloudflare (literally just a setting in the webinterface) just to name 1 method. And many do so. All of this is being elaborated with more details here: Tor Browser Essentials chapter Tor Censorship in Whonix wiki.
Finally, the general part…
Generally, without using Whonix: No, not directly. Only when an exploit is available and being used.
Thanks a lot man for all the resources. But Proton used to work until today with tor and onion, they started blocking when I used some shitty temporary mail provider (is there any you recommend btw or generally an email provider). Maybe they use browser finger printing?
None of the following providers are explicitly recommended by the Whonix ™ team.
There are links to lists of e-mail providers.
Cloudflare (which many websites use) does. I’ve experienced situations where download using Tor Browser was supported but download using curl (command line downloader) was blocked. Can be very confusing.
FYI, I have had this exact same problem and its because you accessing the clearnet domain. The .onion domain only requires a captcha for sign up. Just use onionmail if your so anal about not using protonmail because of a perceived exploit.
It’s hard to make something with CSS and HTML only.
The reason why I don’t believe that it is a honeypot is because it doesn’t coerce you to do crime by itself. It doesn’t explicitly advertise itself to criminals, just as how Tox and onionchat advertise to legal activists on sites like RiseUp.
Most of the known honeypot cases were directed at CP distributors and consumers and encouraged people to give incriminating evidence, so quite honestly for the average activist or restricted citizen using Tor it shouldn’t be too much of a problem.
TL;DR: Onionmail (probably) isn’t (currently) a honeypot for above reasons.
Alright, thats true, but it does not hurt to minimize risks. For me its just fun to stay anonymous. having no privacy is disgusting to me. we are no animals in a zoo. But lets no drift away from the topic lol.