On 05/07/2012 05:02 AM, Mix+TB Test wrote: >>> DNS and other connections leak during account creation (when Thunderbird >>> is trying to work out how to connect), but after that I can receive >>> (IMAP w/STARTTLS, IMAPS) and send (Submission w/STARTTLS, SMTPS) without >>> seeing any leaks, including no DNS leaks. I can also see the connections >>> showing up in the Vidalia Network Map. >> >> These issues should be listed in the TODO file - I'm sorry to say that >> Thunderbird and the Mozilla team seems to refuse to Do The Right Thing >> with the account setup wizard. The bugs on this topic are a depressing >> read - it's not really possible to override this and fail closed - which >> seems like an unreasonable stance... > > I wonder whether tsocks could be distributed with Thunderbird, and a TBB > style startup used to load the libraries and force Thunderbird through > Tor that way?
Sounds like a nightmare. Lets not go down the TBB path - that way lies madness. > >> Great. So as it stands, I found the following meta-data in your email >> that may be harmful to your privacy: >> >> Message-ID: <4fa5d959.4010...@yandex.com> >> Date: Sun, 06 May 2012 11:52:25 +1000 >> >> Your raw email is impressive in how many systems it seems to touch - it >> routes over Tor through the Noisebridge exit, it traverses some ipv6 >> SMTP servers and so on. There's a lot of stuff in there - can you look >> through it and tell me if any of it is harmful to your privacy other >> than the two lines listed above? > > I didn't see the Message ID as harmful, but I'm more than happy to be > educated on this front. I do see the timezone leakage as a problem. I've > had a look through Thunderbird's settings and can't see anything to > indicate that this is stored within the settings so I imagine that this > comes from system. If it's controlled through the environment then it > may be able to be set before running, again maybe through a TBB style > startup. > Timing leaks are the issue. We need a time independent implementation. > My only other immediate concern is how Thunderbird identifies itself to > the SMTP server during the EHLO. Claws mail provides a dialogue to show > what it's doing, and also allows you to specify what it is that is > reported to the other end. I'm not sure what Thunderbird says, but it's > likely that it is the local hostname. We've got this covered as Sukhbir said in another email. All the best, Jacob _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
