so what maybe the possible causes of IP leak ?
At time of writing,
- there are no known leaks except in theory attacks: Anonymity Operating System Comparison - Whonix vs Tails vs Tor Browser Bundle chapter Attacks in Whonix wiki
- There are no public available reports of that having ever happened.
- No private reports either.
Due to the technical design, leaks without malware running that uses exploits or tailored attacks, are unlikely.
But more theoretically.
Potential causes but already considered and taken care of:
Tor control protocol command: GETINFO address
Maybe others Tor control protocol commands but also not an issue due to a whitelist rather than blacklist filtering approach. Related:
Off-topic but related: IP is an outdated, insufficient threat model.
Quote Technical Introduction
Hiding your identity is harder than just hiding your IP. Merely hiding IP addresses is an outdated, year 1990 threat model. Simply masking the user’s IP address is insufficient, as adversaries employ various Data Collection Techniques that do not require IP addresses. This is evidenced by numerous Browser Tests, such as the Fingerprint.com Demo, particularly since “12% of the largest 500 websites use Fingerprint.com”.
Due to the technical design, leaks without malware running that uses exploits or tailored attacks, are unlikely.
But more theoretically.
Potential causes but already considered and taken care of:
Tor control protocol command: GETINFO address
Maybe others Tor control protocol commands but also not an issue due to a whitelist rather than blacklist filtering approach. Related:
Off-topic but related: IP is an outdated, insufficient threat model.
Quote Technical Introduction
Hiding your identity is harder than just hiding your IP. Merely hiding IP addresses is an outdated, year 1990 threat model. Simply masking the user’s IP address is insufficient, as adversaries employ various Data Collection Techniques that do not require IP addresses. This is evidenced by numerous Browser Tests, such as the Fingerprint.com Demo, particularly since “12% of the largest 500 websites use Fingerprint.com”.