These requests contain:

· Your real IP address · The .onion URL in the Referer header · Tor Browser user-agent

The evidence (captured live):

``` [18:12:10] 10.188.1.98 -> 192.178.183.95 (Akamai) [18:12:14] 10.188.1.98 -> 142.251.14.95 (Google) [18:12:22] 10.188.1.98 -> 142.251.20.95 (Google) ```

HTTP attempts: 5 HTTPS SNI captured: 0

All plain text. No encryption. Tor not involved.

What this means:

Every time you use Tor Browser on Android, switch to Desktop Mode, and visit a .onion site, you're broadcasting your real IP to Google, Amazon, and anyone monitoring your network.