[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #6310 [TorBirdy]: Torbirdy warns about a possible unsafe connection over Port 143, when using STARTTLS



#6310: Torbirdy warns about a possible unsafe connection over Port 143, when using
STARTTLS
--------------------------+------------------------------------
     Reporter:  janssen   |      Owner:  ioerror
         Type:  task      |     Status:  closed
     Priority:  normal    |  Milestone:
    Component:  TorBirdy  |    Version:
   Resolution:  wontfix   |   Keywords:  starttls 143 port imap
Actual Points:            |  Parent ID:
       Points:            |
--------------------------+------------------------------------
Changes (by sukhbir):

 * status:  reopened => closed
 * resolution:   => wontfix


Comment:

 Replying to [comment:5 harrincourt]:
 > I received the same message regarding unsafe (unencrypted) connection
 over port 143 (STARTTLS). I did change manually the settings as the
 mailaccount did not work with pop.

 Yes, this is expected. Port 143 is for plain IMAP and you should not be
 using that over Tor since you can leak your password and/or emails at the
 exit node. Please see this for more information: https://www.eff.org/pages
 /tor-and-https. To prevent this, TorBirdy enforces IMAP over SSL/TLS for
 all existing and new accounts (port 993) and you ''should not'' change
 this setting.

 > Using TorBirdy 0.1.2., Thunderbird 24.1.0, Fedora 19 and an
 openmailbox.org mailacccount.

 You should ask openmailbox.org if they support SSL for their IMAP/POP/SMTP
 accounts. If they do not, I don't recommend that you use Tor with this
 account and you should change your password just to be sure.

 Find an email provider that support SSL; most of them do these days. Then
 revert the settings back to their default (uninstall and reinstall
 TorBirdy) and then use the new account with SSL support.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6310#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs