I’m using Tor Browser in a disposable qube. A while back, I found this monitoring tool called ‘tor circuits’ in the Tor control panel and decided to check it out. I found a weird coincidence—every time I open a disposable Tor Browser, it connects to securedrop.org:443, aus1.torproject.org:443, versioncheck-bg.addons.mozilla.org:443, and oscp.digicert.com:80, uploading about 20 KB of data. "
Also, on every sys-whonix startup, I connect to 3 random onion sites for a few seconds. Most are Secure Drop onion domains for journals like Forbes or Financial Times. There was also the CryptoStorm VPN onion site and some obscure blog by a guy named ‘daniel’.
Has my stuff been hacked by the glowies? Is this some kind of silent data exfiltration? Or is this normal behavior for Tor Browser and Qubes OS?
1 Like
I just signed up to state that I’m seeing the same thing in TAILS OS. TAILS 7.0 with Tor Browser 14.5.7.
I start Tor Browser and maybe not the first time but I see this securedrop connection at least after using the Live OS for a bit including Tor Browser sessions of random browsing. It is hard to pin down due to the Home Page setting reverting to the identifyable “tails dot net” ( any traffic correlation attacks then knows this is a TAILS host).
I can tell you that securedrop is one of the hosts (or seems to be) that TAILS uses for internet connectivity check - alongside adobe and other well known domains, for example. However, when I try to start Tor Browser again, without opening any other sites (sometimes offline) I can’t, as the stupid insistence on reseting the Home Page to tails.net. So I close the tab, and try not to open anything. Often successfully - except this one securedrop connection (alongside the pki google com - I think - on TCP port 80 which is a HTTPS Certificate validation connection I believe.
That’s all I know. It did look a bit dodgy, when the browser is doing that AFTER the Tor connection had already been up for a long time BUT the browser had just been re-launched from closed. In case it is interesting, I am in quite a hostile network environment and probably on compromised router and computer, due to a nasty combination of security negligence and being a target for oppression! Which isn’t going away any time soon due to who is in charge of the world. Good luck everyone!
1 Like