[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Risk of checking multiple accounts with TorBirdy

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Risk of checking multiple accounts with TorBirdy
From: Mix+TB Test <mix.tb@xxxxxxxxxx>
Date: Sat, 04 Jan 2014 22:03:48 +0000
Authentication-results: smtp13.mail.yandex.net; dkim=pass header.i=@xxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 04 Jan 2014 17:11:57 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1388873036; bh=sp6F/JINW0fEkLtOASCDbSKmYnstAQ3vlRC/8tIu58Q=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=AVuMhlcdKieKXxAC1zltDR6SEbUyjofOl10CVhp3XfMhYygNpEmb0V7P0zklTTBk+ c7qJU71XgXFpCn53gHrIbbzgadGR06OXB7vUj/rgza403DSC2FhHMWKEG4P2Iq6koQ q1ZD9WnwerQcWx7jNsFt9XVzaTxWKd85VfvxA8o0=
In-reply-to: <52C824E4.3010700@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <52C7C0E0.4020407@xxxxxxxxxx> <52C7D8B5.5040206@xxxxxxxxxxxxxx> <52C7F28E.6030507@xxxxxxxxxx> <52C806A9.9010306@xxxxxxxxxx> <52C824E4.3010700@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

dhanlin:
> Mix+TB Test:
>> dhanlin:
>>> The adversary I had in mind was a malicious exit node administrator.
>>
>> The exit node admin should only be able to see which email services you
>> are talking to, not the address you are using (assuming end-to-end
>> encryption). An even then they are only going to see it when you exit
>> through that node, which should not be all the time.
>>
>> So worst case is that they can see three simultaneous connections to
>> different providers, not which addresses are in use.
> 
> Yes, but with cooperation between the e-mail provider(s) and the
> malicious exit node, pseudonymous accounts can be connected to accounts
> using a real identity.  For example, if the NSA runs a malicious exit
> node and wants to know the identity of jane.doe@xxxxxxxxx, they can take
> from Google all the access times for that account.  Then they can look
> at the logs of their exit node, and find possible accesses to that
> account, and link them to other e-mail provider accesses.  If one of
> these providers is say a personal e-mail server at a domain with valid
> WHOIS, jane.doe@xxxxxxxxx is deanonymized.
> 
> I see your point that an malicious exit node cannot itself deanonymize
> by connecting accounts (unless the e-mail providers themselves would
> deanonymize the user, which is possible).  So the attack is a little
> harder than I initially thought.  There seems to be no technological
> impediment to an e-mail provider and a malicious exit node cooperating,
> though.

Yes, I was considering your threat model of a malicious exit node
administrator. Collusion or a global passive adversary is far more
difficult.

You could try separate Thunderbird profiles with only one account per
profile, or you could turn off checking at startup and checking every x
minutes and then just check manually. You could also use 'fetchmail' and
a small script with 'cron' or 'at' to randomise which accounts are
checked and how long the break is in between. Using separate profiles
would mean that an adversary may be able to see patterns of when you are
actively checking email, while a fetchmail setup running on an always on
machine would make this far more difficult.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Risk of checking multiple accounts with TorBirdy
  - From: dhanlin
- Re: [tor-talk] Risk of checking multiple accounts with TorBirdy
  - From: Sebastian G. <bastik.tor>
- Re: [tor-talk] Risk of checking multiple accounts with TorBirdy
  - From: dhanlin
- Re: [tor-talk] Risk of checking multiple accounts with TorBirdy
  - From: Mix+TB Test
- Re: [tor-talk] Risk of checking multiple accounts with TorBirdy
  - From: dhanlin

Prev by Author: Re: [tor-talk] Risk of checking multiple accounts with TorBirdy
Next by Author: Re: [tor-talk] Risk of checking multiple accounts with TorBirdy
Previous by thread: Re: [tor-talk] Risk of checking multiple accounts with TorBirdy
Next by thread: Re: [tor-talk] Risk of checking multiple accounts with TorBirdy
Index(es):
- Author
- Thread