I am using Debian with Tor 13.5 and when I go to the Reddit onion site it reports an IP address which does not match the circuit IP. I have tried several circuits using meek-azure bridge and the reddit onion site keeps reporting the same IP address.
So this is actually kind of an interesting bit of confusing UI here and also most likely a problem with reddit’s onion service configuration. The key point here is that the circuit display here does not show Reddit’s half of the circuit (since we are not privy to the specifics of that information)
So first let me walk us through a few scenarios with hypothetical ‘circuit displays’ to give an overview of the different possible ways to access reddit.
Clearnet
Your Browser
Reddit
In this scenario, reddit would be potentially complaining about your actual public IP.
Clearnet Site via Tor
Your Browser
Tor daemon
Guard Relay or Bridge (obfs4, meek-lite, snowflake, etc)
Middle Relay
Exit Relay
Reddit
In this scenario reddit would be complaining about the Exit Relay’s public IP address.
Onion Service via Tor
Your Browser
Tor Daemon
Guard Relay or Bridge (etc)
Middle Relay
Rendezvous Relay
Middle Relay 2 (this doesn’t seem to have a better name)
Middle Relay 1
Guard Relay
Tor Daemon
Reddit
So, presumably in this case, reddit’s internal spam detection infra is detecting a large number of connections coming from its own tor daemon? The IP in your screenshot ( 54.85.65.228 ) is allegedly an amazon IP according to whois. According to dns records reddit.com does have some AWS ips, so maybe we’re inadvertantly learning some info about Reddit’s internal inra configuration here
Most likely reddit’s onion is a single-hop since it doesn’t need the anonymity properties onion services provide. However, this type of info leak is similar to various issues onion scan warned us about. Simply slapping an onion-service in front of a clearnet site does nothing to protect your sites anonymity if you leave debug or configuration pages available that expose your site’s actual ip address.
So most likely the hidden service is not build properly and it is basically just a proxy service accessing reddit via clearnet. The IP (54.85.65.228) probably is the one which the ‘hidden service’ is using for network communication to reddit.