I’m using Firefox with a Proxy configured on Whonix Workstation. I am aware of a difference between anonymity and pseudonymity.
Today I noticed a strange behavior. While Whonixcheck was saying that a tor connection could not be established, I was able to connect to the Internet using Firefox. On the Gateway there was a problem with clock settings. I expected that there would be no connection. Tor browser could not connect to the Internet. All applications didn’t have a connection (time out). All but Firefox with a proxy.
So, I wanted to ask how it’s possible? I use an HTTP and SSL proxy address with a port 9878 and a SOCKS v5 host with a port 19878. Was my traffic torrified before proxy?
No, Firefox says 502 - Bad Gateway. I’m a bit surprised that it is able to parse the .onion link…
Here’s a description of my case. I use iMac. Sometimes I leave my PC for some time and it sleeps for a while. While it’s sleeping, Whonix time is frozen. So, after a couple of hours I continue my work and the time is already wrong (more than 2 hours difference with UTC). And here’s a problem. Proxy still connects! But not Tor. Maybe it’s somehow related to the fact that a circuit is already established. I don’t know. But it really frightens me.
How to reproduce it. Have Firefox set up with proxy (http, ssl, socks5). Connect normally to tor through the gateway. Open firefox and go to Google.com. It works. Then change the time in the Gateway to the wrong one (let’s say one day less than the current time). DO NOT RESTART TOR. Go back to the Workstation. Tor doesn’t seem to work. But Firefox still successfully connects.
You could also test with tcpdump or wireshark either on the host or on the whonix gateway eth0 interface if the traffic goes through Tor or just through the proxy.
Thanks for testing. So it appears that the two worst case scenarios are not what’s happening here. (1. Workstation is not circumventing Gateway, 2. Gateway is not circumventing Tor). If you do have connectivity (ie Firefox is not simply displaying cached pages), then your traffic is almost certainly being routed through Tor using the TransPort (9040 on Gateway).
You can monitor as Algernon suggested, or use something like onioncircuits in jessie-backports / stretch, to see exactly what’s happening with your circuits. For example, find out if the same circuit is being used before and after sleep.
So, I have tested everything and it’s seems to be OK.
After setting an incorrect time 11/15 established circuits were lost while 4 were still active. These circuits were used to route the traffic, that’s why I was able to connect. After restarting TOR no circuits had been established, so, I wasn’t able to connect.
In Wireshark, no packets were sent to the proxy’s IP address directly.
