[justnotworthit]

The nature/architecture of tails means this kind of attack is possible. Apps that can "break through" the OS networking, get access to the "real connection". Excuse my non-technical language.

Disclosure/ad: I work on Whonix, which is, uh, tails in VM essentially (to the person who only knows tails and not whonix). In Whonix, the desktop is in an VM, separate from another OS in another VM running the networking. No program in the desktop VM can reveal the public IP. On top of that, for advanced users, the desktop hardware itself might be separate from the hardware connected to the public internet.

The VM (virtualbox, kvm, whatever) is the single (practical) attack service, which is safer than ensuring every program the user may run is patched. Excuse the rant/ad/competition-bashing.