[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Why check Tor with check.torproject.org

Results returned by check.torproject.org may be false:

Apart from the possibility of getting false results by accident the explanation above points out that a malicious network could try to deceive you by providing false results on purpose.

So why would you do a check with check.torproject.org? If you can’t rely on it what is really its purpose? How is it ever at all useful?
Earlier versions of Tor browser opened check.torproject.org on startup so there must be some kind of rationale behind it.

Hi ifyes

Welcome to the Whonix community!

This question can be answered as per: https://whonix.org/wiki/Support#Free_Support_Principle

Since this is a Tor specific question you may want to try asking a follow up question on tor.stackexhange, tor-talk mailing list or IRC channel.

1 Like

Often not useful when users run such tests indeed, as per:

It might be an indicator for a bug, though indeed not a certain one due to possibility of a false positive. No more than a clue to investigate.

There’s multiple of such services which decreases the likelihood that they’re all broken/compromised at the same time although this does not apply to an assumed adversary capability of always breaking any kind of SSL.

I can only speculate since the ones who made that decision might not have posted their rationale or it might not be easy to find after so much time has passed now (and not motivated to spend too much time to search for it).

Why did whonixcheck have default leak testing and since Whonix 14 optional leak testing use --leak-tests? My answer for Whonix and whonixcheck might be similar to Tor Browser:

  • Users do all sorts of really crazy reconfiguration, custom software, and whatnot. More than any human can foresee - since it’s general purpose computing.
  • Developer uncertainty, bugs. If one reads the word of developers in this field and can’t see defensive, careful wording and modesty, then, problem.

5 posts were split to a new topic: stackexchange self-answering