Would any of these attacks work with HTML off? I ask mostly because the default in GNU/Linux is for these things to be off. Even my web mail GNU/Linux interface I write from has HTML off by default.
> Thank you for that. > > Kmail (Kontact) appears perfectly safe. I also tested vs gmail in my > firefox browser with noscript. No leaks there either. > > praedor > > On Tuesday, December 20, 2011 07:01:39 AM [email protected] wrote: >> On 20/12/11 04:44, Andrew Lewman wrote: >> >> > This also requires the user not being very sophisticated. If you load >> > up html emails full of web-bugs, javascript, and your normal browser >> > pointed at Tor, then I believe most of what 'SR' says is correct. I >> > don't believe this is true for Tor Browser users, but I welcome >> > research and proof otherwise. Also, we'll fix any leaks found. >> >> FWIW, I built a web app a while ago which sends out an HTML email to you >> full of different types of web bugs to try and test if your email client >> is loading remote content when it shouldn't be. It found bugs in >> Thunderbird, Outlook, Androids standard mail client, K-9, Apple Mail, >> the iOS email client, Roundcube and several other webmail >> implementations. If you want to try it out, it can be accessed here: >> >> https://grepular.com/email_privacy_tester >> >> And I originally wrote a about it here: >> >> https://grepular.com/Automated_Email_Privacy_Tester >> >> > _______________________________________________ > tor-talk mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
