Location revealed despite Qubes/Whonix/Tor stack... finding the hole

User Support General
1

I have used Linux for years but rarely ever used Tor…
Qubes and Whonix are new to me as-of a few weeks ago.

In Qubes I am using a whonix17-workstation-dvm with Tor and have verified my IP is
a Tor exit far far away…
then I navigate to a page with a US State selection field that is IMMEDIATELY auto-filled
with my actual US State name…

upon inspecting the page element I can find the city and zip-code of the largest hub
in the state which is not MY city or zip specifically… but is way closer than the
rural Eastern Europe IP address I got through Tor… and means that there is a hole
somewhere.
running Whonix/Tor disposable VM in QubesOS is quite the stack… to be circumvented
by some automatic feature included as a courtesy on a very basic web page search form.

what am I missing? where could this hole be?
Im using defaults for the whonix-dvm and its Tor installation.
thanks for your input!

1 Like
2

I dont think that you are on the correct forum: try on whonix or tor forum instead, or on a privacy-related community?

2 Likes
3

It’s not clear if the problem is with Whonix, Tor, or Qubes’ implementation. Are you using Tor Browser Bundle for your Browser? If you are using another browser, like some browser with any history or cookies, that could explain it.

It’s not clear if you’re layering an AppVM on top of your whonix/disposable.

I’ve used dispxxxx Qubes based on whonix-workstation, with sys-whonix as the NetVM, many times, and I have not experienced this. So I think you’re mixing in a browser with history or something else.

4

to follow up here, i found this…

which explains that Tor should NOT be used in a whonixXX-workstation-dvm style-VM and proves what I expected, that I have more to learn to use this safely/effectively.

1 Like
5

Wait a second. Tor browser is the standard browser in whonixXX-workstation-dvm.

The documentation just says you should not update tor browser in it.

6

the documentation you linked to says using tor browser in a disposable qube/VM (so disp####) based on whonix-workstation-18-dvm is fine, which is expected.

1 Like
7

this could be just coincidence?

1 Like
8

It is probably guessing appropriate location by inspecting your time zone and/or locale

9

Isn’t tor browser preventing this? timezone is spoofed, typically to UTC.

1 Like
10

True. Maybe it’s the default location for the UTC undefined timezone, after all it points to the largest hub in the state?

Might be true if the company is from OP’s state

11

That exit node was at the end of a particular circuit. You have many other circuits active at the same time, and your Tor client continuously builds new ones and expires used ones. Take a look at the Onion Circuits utility in sys-whonix to get a glimpse of how TCP connections (to websites etc.) are attached to circuits.

12

Which one is it? Never used it before and it looks interesting. Do you mean nyx with the “connections view”.?

13

No it’s a different thing: Onion Circuits is available as an application menu, or in Whonix’s Tor control panel in the Utilities tab, or by running onioncircuits. Nyx is good for this too though.

1 Like
14

I think it is important to note that the Whonix page linked by @mcg does

the base template or the disposable template.

I did wonder in the past if there are ways to give much more obvious warning when we are accidentally running one of those…

Maybe it has changed, but I remember easily making that mistake when I was first trying Qubes. (I rarely use Whonix now, so I dont really know how it is.)