Description of problem:
Onion browser button extension, that come built-in with IceCat browser does not working at all !
Version-Release number of selected component (if applicable):
IceCat version 68.8.0esr X64 bit for Fedora Linux, Fedora-1.0
1. install tor package
2. start tor package
3. enable tor package
4. launch IceCat
5. try to connect to Tor from this extension. It show you that you message, you are connected to Tor, but this is not correct !
6. visit for example https://ipleak.net or use options of this extension itself to know your IP, & you will see yourself NOT connected to Tor ! Your real IP address will be revealed !
This MUST NEVER be happened ! User should never see heir/his real IP address !
To be sure from the defect, I installed FoxyProxy Standard extension on IceCat & set it to Tor & tried to connect by it to Tor (while Onion browser button extension was switched off at a time & completely disabled at other time). It connect me to Tor without any problem & no any sites detected my real IP address.
Please fix this dangerous issue as quick as possible, because many users my not check whether connected or not & misleaded by extension message "connected to Tor" ...
I can't reproduce this problem, but i'm using IceCat 68.9.0 now.
Would you try with newer IceCat version?
Hi. Just few minutes I received version 68.9
Complete failure !! Still my real IP leak & exposed as if I'm not connected to Tor network ! I received notification from add-on that I'm connected to Tor, but really I'm not connected !
I retried FoxyProxy & it is working very well without such error !
This is the 1st time to me over previous 4 years using Fedora Linux to facing such security bug ! All Fedora bugs are in performance not in security, & if there was a security bug then it will be fixed as quick as possible ... But, here this bug, though I mention it as "urgent", it did not receive fast fix ! Please investigate this bug on Fedora 32 X64. I'm on Cinnamon edition. If there was a bug outside IceCat then FoxyProxy should was failed also ... As long as FoxyProxy working okay, this mean that there is internet error in IceCat package.
2. start tor package
3. enable tor package
How do I perform these steps? I see I can do tor start, but how do I enable it before I start icecat? I saw the message asking for help in checking, and thought I would give it a try, but I'm stumped here as I have never used tor before.
(In reply to stan from comment #3)
> 2. start tor package
> 3. enable tor package
> How do I perform these steps? I see I can do tor start, but how do I enable
> it before I start icecat? I saw the message asking for help in checking,
> and thought I would give it a try, but I'm stumped here as I have never used
> tor before.
# dnf install tor
# systemctl enable tor
# systemctl start tor
Run IceCat and enable proxy by Onion Browser Button
That worked to get tor started and I was able to click the onion button. It showed Connected to 127.0.0.1:9050 But, when I clicked on the check mark, it told me that I was not connected to Tor. When I clicked on the IP icon, it gave me a different address than my IP address. I think I'm doing something wrong, but my results did duplicate those of the original poster.
Your IP addresses - WebRTC detection
If you are now connected to a VPN and you see your ISP IP, then your system is leaking WebRTC requests
And my IP address was visible.
Hi. I'm not receiving email notification about @stan comments ! Why ?
> It showed Connected to 127.0.0.1:9050 But, when I clicked on the check mark, it told me that I was not connected to Tor.
Have you clicked on the colored icon to connect to TOR proxy?
Created attachment 1697152 [details]
Yes, that is exactly what I did. I tested after I had clicked that and received the notification that I was connected. See the attachment.
Created attachment 1697153 [details]
screenshot of icecat with onion popup showing and tor failure after clicking check mark
Here is the screenshot.
Check 'tor' service when Check says you're not using Tor.
$ systemctl status tor
Also, try to disable all addons and use Onion only.
The status of tor is active, running.
When I connect, a popup tells me I am connected to a running tor.
But, with all default extensions enabled, both the check and ipleak.net tell me I am not running tor.
I am running icecat without any customization, as it comes out of the package, as far as I know. I haven't added any extensions, or modified any configuration.
After I turn off all the extensions except onion, ipleak.net tells me I am not leaking an IP, but the check mark still tells me I am not connected. Seems the check mark is not working.
By adding the extensions back one at a time, I find that the extension that is causing the problem is GNU LibreJS.
Every other extension can be enabled, and ipleak.net still doesn't find an IP.
I'll attach a screenshot of the extensions separately.
Created attachment 1697226 [details]
screenshot of icecat extensions in configuration that does not leak an IP
Here is the screenshot of icecat extensions.
There was one missing from the screenshot, disable-polymer-youtube, outside the screen. It was enabled.
The Onion Browser Button extension from 2010 has been removed upstream because it is wildly insecure, it doesn't do what it is supposed to do and it tells you that you're connected to Tor when you're not.
Fedora should remove it from the IceCat build it ships ASAP, see
Thank you for your information Oyvind.
After I read the comment by Oyvind, I fired up icecat, I turned on the Tor access with the Onion app, and I went to ipleak.net, and it said my IP address was not leaking. Doesn't that mean that it is working? I still have LibreJS turned off, but everything else turned on.
I just checked again. I was wrong. It *does* show me my IP address, it is the WebRTC that is not leaking.
Onion Browser button is now removed on F31/F32 icecat-68.12.0-2 and F33+ icecat-78.2.0-6.rh6 (just pushed for testing).
Onion Browser Button addon is no more included in IceCat.
I close this bug ticket.