Tor Browser on Android leaks IP in desktop mode
I've been testing Tor Browser on Android (rooted tablet + Bluetooth tether sniffer). Here's what I found: These requests contain: · Your real IP address · The .onion URL in the Referer header · Tor Browser user-agent The evidence (captured live): ``` [18:12:10] 10.188.1.98 -> 192.178.183.95 (Akamai) [18:12:14] 10.188.1.98 -> 142.251.14.95 (Google) [18:12:22] 10.188.1.98 -> 142.251.20.95 (Google) ``` HTTP attempts: 5 HTTPS SNI captured: 0 All plain text. No encryption. Tor not involved. What this means: Every time you use Tor Browser on Android, switch to Desktop Mode, and visit a .onion site, you're broadcasting your real IP to Google, Amazon, and anyone monitoring your network. 1 comments on Hacker News.
I've been testing Tor Browser on Android (rooted tablet + Bluetooth tether sniffer). Here's what I found: These requests contain: · Your real IP address · The .onion URL in the Referer header · Tor Browser user-agent The evidence (captured live): ``` [18:12:10] 10.188.1.98 -> 192.178.183.95 (Akamai) [18:12:14] 10.188.1.98 -> 142.251.14.95 (Google) [18:12:22] 10.188.1.98 -> 142.251.20.95 (Google) ``` HTTP attempts: 5 HTTPS SNI captured: 0 All plain text. No encryption. Tor not involved. What this means: Every time you use Tor Browser on Android, switch to Desktop Mode, and visit a .onion site, you're broadcasting your real IP to Google, Amazon, and anyone monitoring your network.
I've been testing Tor Browser on Android (rooted tablet + Bluetooth tether sniffer). Here's what I found: These requests contain: · Your real IP address · The .onion URL in the Referer header · Tor Browser user-agent The evidence (captured live): ``` [18:12:10] 10.188.1.98 -> 192.178.183.95 (Akamai) [18:12:14] 10.188.1.98 -> 142.251.14.95 (Google) [18:12:22] 10.188.1.98 -> 142.251.20.95 (Google) ``` HTTP attempts: 5 HTTPS SNI captured: 0 All plain text. No encryption. Tor not involved. What this means: Every time you use Tor Browser on Android, switch to Desktop Mode, and visit a .onion site, you're broadcasting your real IP to Google, Amazon, and anyone monitoring your network. 1 comments on Hacker News.
I've been testing Tor Browser on Android (rooted tablet + Bluetooth tether sniffer). Here's what I found: These requests contain: · Your real IP address · The .onion URL in the Referer header · Tor Browser user-agent The evidence (captured live): ``` [18:12:10] 10.188.1.98 -> 192.178.183.95 (Akamai) [18:12:14] 10.188.1.98 -> 142.251.14.95 (Google) [18:12:22] 10.188.1.98 -> 142.251.20.95 (Google) ``` HTTP attempts: 5 HTTPS SNI captured: 0 All plain text. No encryption. Tor not involved. What this means: Every time you use Tor Browser on Android, switch to Desktop Mode, and visit a .onion site, you're broadcasting your real IP to Google, Amazon, and anyone monitoring your network.
Hacker News story: Tor Browser on Android leaks IP in desktop mode
![Hacker News story: Tor Browser on Android leaks IP in desktop mode]()
Reviewed by Tha Kur
on
April 11, 2026
Rating:
No comments: