When connecting to the website of Whonix documentation, including its hidden service, a request is made to “https://whonix.report-uri.com”.
This can be seen in the Network tab of Tor Browser’s Web Developer Tools.
The headers are as follows:
Status 429
No Reason Phrase
Version HTTP/2
Transferred 1.07 KB (11 B size)
cf-ray: `unique value redacted`
cf-request-id: `unique value redacted`
content-length: 11
content-type: text/plain
date: Tue, 22 Dec 2020 `unique timestamp redacted` GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
server: cloudflare
set-cookie: __cfduid=`unique value redacted`; expires=Thu, 21-Jan-21 `unique timestamp redacted` GMT; path=/; domain=.report-uri.com; HttpOnly; SameSite=Lax; Secure
set-cookie: __cf_bm=`unique value redacted`=; path=/; expires=Tue, 22-Dec-20 `unique timestamp redacted` GMT; domain=.report-uri.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=`unique value redacted`; includeSubDomains; preload
vary: Accept-Encoding
X-Firefox-Spdy: h2
Why does this happen? This does not seem like behavior intended by Whonix™ developers.
It is a problem because:
- It connects to a third party (Cloudflare?), leaking that a connection has been made to whonix.org and the time when connections were made.
- It sets a unique cookie and a request is made with unique values every time any page of the documentation is opened, leaking to the third party: all the pages of the documentation visited by the user in this single session.
- It makes a connection to a clearweb website even when Whonix’s hidden service was used.
It does not happen on the forum or other parts of the Whonix website (to my knowledge), only the documentation.
Please resolve the issue.