A newly-discovered bug exposes the real-world IP addresses of those who are using the Tor browser, used by millions for anonymity and private browsing. The bug, called TorMoil by security firm We Are Segment, which discovered it, is triggered when a user clicks on a local file-based address, like file://, rather than http:// or https://. If a user clicks on a specially crafted web page, “the operating system may directly connect to the remote host, bypassing Tor Browser,” said the short vulnerability disclosure report.
Read more