> >> I'd consider it as important to have all torbirdy "stable" > users > >> in one anonymity set as soon as there is a feature complete > >> stable version. I consider the current version as experimental. > > > > > Hrmm. Actually, if we can avoid revealing this anonymity set > > explicitly to mailing lists and recipients, I think that might be a > > > worthy goal. > > > > Since Tor IPs are often absent from mailing list headers if the > > SMTP server(s) are not run by a total jerk, can we figure out a > > way to look more common? > > I do think that most SMTP servers / MLs include the entire SMTP path > and therefore it is very easy to separate Tor users based on their > source IP anyway. [I agree that it would be nice to have a more common > fingerprint but I do not think it is feasible without sacrificing a > lot on other aspects.] And after all this is only relevant if you > choose to trust your mail provider - which is considered an adversary > in my threat model.
As I Tor user, I prefer to use mail servers, who does not spill the source IP. Imho it's a gain in security, if only the mailserver has a better chance for an attack, or if everyone on a list has a better chance for an attack. Your decision to consider the mail provider an adversary is good. I still recommend to use mail servers which are less likely to attack you. I were nice, if it were possible to hide Torbirdy and Tor use from mailing lists. > [I agree that it would be nice to have a more common > fingerprint but I do not think it is feasible without sacrificing a > lot on other aspects.] Can you tell more please about these aspects? > > > What's wrong with using the Thunderbird default locale string for > > the quotation here? If you're posting on a mailing list where > > discussion occurs in only one human language, shouldn't you be > > using that same localization for mail client? For multilingual > > users, can we solve that problem a different way, perhaps by a > > localization dropdown menu or something? > > I think that such an approach that requires the user to actively select > its language for every message is error prone. As soon as the sender > forgets to select the correct language or fails to choose the correct > language he is screwed. > I prefer something that doesn't depend on user interaction. What about choosing the language within the account configuration per account? ______________________________________________________ powered by Secure-Mail.biz - anonymous and secure e-mail accounts. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
