[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] SMTP & POP3 Email over Tor.. Anonymity breaking?



On 02/06/2011 17:55, Anon Mus wrote:

>>> Is it true that email SMTP & POP3 hosts (e.g. gmail's servers) can 
>>> obtain from SMTP & POP3 clients (e.g. Thunderbird) data such as,
>>>
>>> 1. client time zone
>>> 2. client machine clock time
>>> 3. client machine time since last boot
>>>
>>> even though its over Tor?
>>>     
>>
>> I have a pretty decent knowledge of the SMTP, POP3 and IMAP4 protocols,
>> and I'm not aware of any part of the protocol which transmits this
>> information.
>>
>>   
> I was just looking at the header received by another Tor list subscriber 
> and there is definitely some data above leaked in the manner I mentioned.
>
> Extract of header via Tor list from my email starting this thread...
> 
> Date: Thu, 02 Jun 2011 11:59:38 +0100
> From: Anon Mus <my.green.lantern@xxxxxxxxxxxxxx>
> User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
> MIME-Version: 1.0
>
> So there is my machines timezone (+0100) for starters...
> 
> and then there is my machines clock time (Thu, 02 Jun 2011 11:59:38) as 
> well (its my clock time not google's), I don't know if more accurate 
> values (down to milliseconds say) are shared to the mail server.
> 
> You should all be able to see that in your own headers.
>
> Again, you could fingerprint my mail by client (User-Agent: Thunderbird 
> 2.0.0.24 (Windows/20100228))

Erm. I explained absolutely everything you've just said in my very
response to you:

"SMTP *might* leak your machine name or hostname or LAN IP address when
transmitting the EHLO. When you send an email, it's going to include
your local system time and local time zone in the Date header. It may
also include information about your email client and/or OS in some
header like X-Mailer or User-Agent."

My point was that neither IMAP, nor POP3 leak the times. SMTP doesn't
either, but the actual content of the emails that are sent over SMTP can
do, in the Date header.

> I am sure I read somewhere (eons ago) that the "3. client machine time 
> since last boot" could also be seen by the mail servers (or was that 
> just javascript??).
>>> If so, can't these be used to trace a client machine which might also be 
>>> accessing other, say gmail, accounts via the open internet (not via Tor) 
>>> ? (I know it sounds paranoid, but surely it is theoretically possible)
>>>     
>>
>> SMTP *might* leak your machine name or hostname or LAN IP address when
>> transmitting the EHLO. When you send an email, it's going to include
>> your local system time and local time zone in the Date header. It may
>> also include information about your email client and/or OS in some
>> header like X-Mailer or User-Agent.
> 
> In this case the sending machine is the exit node, but I suppose some 
> email clients might leak that, mine appears to leak (0.0.0.0).

No idea what you're talking about here.

To clarify, SMTP, POP3 and IMAP4 don't leak your timezone. Your email
client will stick your timezone in the Date header of an email before
sending it over SMTP. This is something done on your machine, by
Thunderbird, not something a mail server does, or the exit node does.

-- 
Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk