[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #20618 [Applications/GetTor]: GetTor does not return download links when using Protonmail.com



#20618: GetTor does not return download links when using Protonmail.com
------------------------------------------------+--------------------------
 Reporter:  gaj                                 |          Owner:  ilv
     Type:  defect                              |         Status:  closed
 Priority:  Medium                              |      Milestone:
Component:  Applications/GetTor                 |        Version:
 Severity:  Normal                              |     Resolution:  not a
                                                |  bug
 Keywords:  GetTor, download links, protonmail  |  Actual Points:
Parent ID:                                      |         Points:
 Reviewer:                                      |        Sponsor:
------------------------------------------------+--------------------------

Comment (by gaj):

 Replying to [comment:8 arma]:


 > Replying to [comment:7 gaj]:
 >
 > > ProtonMail does use the encryption key in the message header by
 default, and this setting can not be changed. As far as I understand, this
 key is always present, and messages to other (non ProtonMail) servers are
 encrypted using TLS 'if the non-[wiki:ProtonMail] mail server supports it'
 (see https://protonmail.com/support/knowledge-base/what-is-encrypted/)
 > > I don't know if/how TLS is handled by GetTor?
 > >
 >
 > TLS is fine and normal. TLS would mean using link encryption, when
 supported, between the protonmail server and whatever mailserver it's
 delivering the mail to. Yay link encryption.
 >
 > But what's happening here is that protonmail is encrypting the email
 message to some gpg key. How is it picking the key? It looks to me like a
 surprising and broken design -- like protonmail is just picking a key at
 random from the internet and making its mail unreadable to anybody who
 doesn't have the corresponding private key. How do they expect that to
 work?

 Sorry, I am not a developer/designer @ProtonMail, only a user, so I can
 not explain the rationale behind the key in the header as displayed in
 ProtonMail.

 But I became curious as to how other mailservers react to this, so I run a
 little experiment: I have sent a similar message (no subject, body only
 contains the word 'linux') to a number of e-mailaddresses that I use,
 including Outlook.com, Yahoo.com, YOPmail.com (disposable e-mail), and
 online.nl.

 All mailservers handled the message well, I could read it in every singel
 account. Because I wondered about the encryption and the key in the
 header, I looked into the 'raw' message (described as 'source', 'original
 text', or in the header, depending on which option was provided. To my
 surprise, I did not find the explicitly indicated PGP section (as seen in
 ProtonMail, see comment 4 of this thread) on any of the headers or raw
 messages(?!?).

 However, the body text ('linux') of the message is not present in the
 'raw' message either. I can only guess what happens (I am not a
 mail/encryption expert), but below I will post two of the 'raw' / 'source'
 messages (I have removed the original e-mail addresses and replaced these
 with gaj@*.*), for 'Yahoo.com' and 'webmail.online.nl', and the headers as
 shown by YOPmail:

 ----
 '''__1) Yahoo.com__'''

 {{{
 X-Apparently-To: gaj@xxxxxxxxx; Thu, 17 Nov 2016 09:02:08 +0000
 Return-Path: <gaj@xxxxxxxxxxxxxx>
 Received-SPF: pass (domain of protonmail.com designates 185.70.40.27 as
 permitted sender)
 X-YMailISG: fZZMqacWLDtpPxkrw_PJ1F_705oX0vwokLJSl6.pAlCsN_Mc
  MgTj9IzuxsNBmDuForH_W_W8TnxkBERivdrc.M4ABbwhT9eKOA5o3R_pEITj
  OXOc17PmRT4O0bHzfHSZ6r5iBKLqDGgHHo0Wwx35rXMoWo.qKRLZCpIUPS9r
  H0BA5bxk_9chuO4mRB19oV6ibtQvaJ9cXiaWMOWdc6JoMUiWOnzlvULgLp0I
  UmN3J.PcFQ9X0ygqDVx.zZwf1cxOJWs6STZsmFntE6C29TWQgWDVT2Yq2kMQ
  xQ19f2asdSu4Vex0c7yt8xVuIA6a2hmjEgelBJ6MGsZ5tDVF85fK8ja496UI
  ODjXSj2OYJZl5Kjvl4nJXZgyxiHutv6ixXE06JYRY4sS5DaZ6IfHPczRNiOE
  HfFSM8om1K_YZDjuu8vp9w9wxLv96pkqGaZJEmHaxaYfwPcwee9NxBcIJvNx
  PDZjcYOG8sPCc5VNZfJBNLcV6LT3bgzknx.D4ZtYCL.eXH__IeGucxy8OUSM
  VCR9E.1nPcmg7xPlT0qDTxhMYX1XTLDWVHEmcMtL0R242eeEU3DB7hTdXwaH
  zYAJ7eK.NZnefDMOAhtcsMT4Mg.R6KQ85_WCFAp0Bw76QTE6vCsVzN0.ch0Y
  6dMYr1ZaqtLDGQFY942IlaMIjIAVVrAjXIACTFY0Q3RImoE__V_cycKSeLqJ
  MQP8kdR35s3klZVl33GbIx5qAjp0NQ4QWkcYLRE9bt3v24Z_MQyKWbDa4aQH
  QlYhUyx5WSTKreHihsJDudnSxzJUiEBTn.VZTmggw7XqXzDDaktlZLaaTez0
  4LQh7nKASkvwwvIjZRI9ZAeskJCRvIL_Aq2G3i9yT2c4.bcY4oUx.V2H61Gn
  rncq8lmCSYnW4fhJ92zV8N18w4aONWjyfsWnD5s2lZ.qzpevdk92_mWhiPeZ
  r6NEeuv7A6kG5K6zaWPGHCnCDTu7by2zBdLfGZQMRjJMQWyercX_YeJTGVA8
  U4E5dmsqGt6EkQYxtsgTrRFuQyFC7Y74L0TEvCf9UjwdkOgrQQAoeMZGPNUg
  GbZNKGRDsIrteN7Lw0zOMNPEbtlz1LI4dZOuy7LujUB7wQKe0XUVPfckBY61
  zSycg6X7m0LS67Hk7VRL7P_M98tal_hCZ9CIQvFsHjOGeWZxaIB8ojRmzUFi
  UVriHtH7mCP9_5A1p7qr0X_PS3HplEZ__6jfbMCjWTYXS2VwRYppsSpVxl0j
  xujXwV1ZwV9gPPwkmaQ9AU1CySjUvJacgItNR0yjtjc2.sm_HU79obFNcmZN
  1nTsyV3iHGPKLV..HsKWe7yaavuN0Db2JbBkOSDuJ_xoJhxQZ3gMXbTmLnDM
  0eGdgauKK76d3rX4W1K7XGI9fwikyUeni3KSFRr3nqHcbY82zRjYz7x8cyLD
  MAxAJI_259SYl8FI
 X-Originating-IP: [185.70.40.27]
 Authentication-Results: mta1341.mail.gq1.yahoo.com  from=protonmail.com;
 domainkeys=neutral (no sig);  from=protonmail.com; dkim=pass (ok)
 Received: from 127.0.0.1  (EHLO mail4.protonmail.ch) (185.70.40.27)
   by mta1341.mail.gq1.yahoo.com with SMTPS; Thu, 17 Nov 2016 09:02:07
 +0000
 Received: from mail.protonmail.com (localhost [127.0.0.1])
         by mail4.protonmail.ch (Postfix) with ESMTP id 1A23E1DC3;
         Thu, 17 Nov 2016 04:02:04 -0500 (EST)
 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
         s=default; t=1479373324;
         bh=NCWs/qOiYWOIj3Sx9k1UuGsQ0DoYqE+JRVb6aQrxors=;
         h=Date:To:From:Reply-To:Subject:Feedback-ID:From;
 b=wqhh8kt3bWWZbR8AI4+ekiOKKwcATh1pSP9FIWZj9VwVHto0ymzjn3cqZTM12e9s4
 jy6lyiZrqLB75ZXxwHLUb8CKeIdmEA3xsjedhH8Ul3LXd8+Nx8E7TpTWp1t6UCScJo
          IF4YgTYWnqGLGcUe5fnYqXny/xWSUH0tEa4ooJUQ=
 Date: Thu, 17 Nov 2016 04:02:04 -0500
 To: "gaj@xxxxxxxxx" <gaj@xxxxxxxxx>
 From: gaj <gaj@xxxxxxxxxxxxxx>
 Reply-To: gaj <gaj@xxxxxxxxxxxxxx>

 Subject: (No Subject)
 Message-ID:
 <qBE6eyoCEi4_ojiuI6J3T3SsNnzbyUwHrVitqxfusRUq2KZeeEhM5NhpuB60OXX1L-
 SvTmDGjcdR7f6gqKLJLvsMGhF6T__vaC1NDOiUwl8=@protonmail.com>
 Feedback-ID: 110SiAcT-Ttf0GX5vp9zB7NGHX35BxAovvV88zX-
 sg7eznfkxnT4idcqS5r9QeQ0UBubZrr4QwSNtQGIDoVcJQ==:Ext:ProtonMail
 MIME-Version: 1.0
 Content-Type: multipart/alternative;
         boundary="b1_5482c91d8c736fe5d686a7932411f185"
 X-Spam-Status: No, score=-3.0 required=4.0 tests=ALL_TRUSTED,BAYES_00,
         DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,
         MIME_BASE64_BLANKS,TVD_SPACE_RATIO,URIBL_BLOCKED autolearn=ham
 version=3.3.1
 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
 mail4.protonmail.ch
 Content-Length: 861

 This is a multi-part message in MIME format.

 --b1_5482c91d8c736fe5d686a7932411f185
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: base64

 bGludXg=


 --b1_5482c91d8c736fe5d686a7932411f185
 Content-Type: text/html; charset=UTF-8
 Content-Transfer-Encoding: base64

 PGRpdj5saW51eDwvZGl2PjxkaXYgY2xhc3M9InByb3Rvbm1haWxfc2lnbmF0dXJlX2Jsb2NrLWVt
 cHR5Ij48YnI+PC9kaXY+PGRpdiBjbGFzcz0icHJvdG9ubWFpbF9zaWduYXR1cmVfYmxvY2sgcHJv
 dG9ubWFpbF9zaWduYXR1cmVfYmxvY2stZW1wdHkiPjxkaXYgY2xhc3M9InByb3Rvbm1haWxfc2ln
 bmF0dXJlX2Jsb2NrLXVzZXIgcHJvdG9ubWFpbF9zaWduYXR1cmVfYmxvY2stZW1wdHkiPjxkaXY+
 PGJyPjwvZGl2PjwvZGl2PjxkaXYgY2xhc3M9InByb3Rvbm1haWxfc2lnbmF0dXJlX2Jsb2NrLXBy
 b3RvbiBwcm90b25tYWlsX3NpZ25hdHVyZV9ibG9jay1lbXB0eSI+PGJyPjwvZGl2PjwvZGl2Pjxk
 aXYgY2xhc3M9InByb3Rvbm1haWxfc2lnbmF0dXJlX2Jsb2NrLWVtcHR5Ij48YnI+PC9kaXY+



 --b1_5482c91d8c736fe5d686a7932411f185--

 }}}
 '''__2) webmail.online.nl__'''

 {{{
 Return-Path: gaj@xxxxxxxxxxxxxx
 Received: from m7-zaas-prd-mx01.m7zaas.local (LHLO smtp-in.online.nl)
  (10.162.0.81) by m7-zaas-prd-ms08.m7zaas.local with LMTP; Thu, 17 Nov
 2016
  10:02:11 +0100 (CET)
 Received: from mail4.protonmail.ch (mail4.protonmail.ch [185.70.40.27])
         by smtp-in.online.nl (Postfix) with ESMTP id 18573C0003
         for <gaj@xxxxxxxxx>; Thu, 17 Nov 2016 10:02:11 +0100 (CET)
 Received: from mail.protonmail.com (localhost [127.0.0.1])
         by mail4.protonmail.ch (Postfix) with ESMTP id 1A23E1DC3;
         Thu, 17 Nov 2016 04:02:04 -0500 (EST)
 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
         s=default; t=1479373324;
         bh=NCWs/qOiYWOIj3Sx9k1UuGsQ0DoYqE+JRVb6aQrxors=;
         h=Date:To:From:Reply-To:Subject:Feedback-ID:From;
 b=wqhh8kt3bWWZbR8AI4+ekiOKKwcATh1pSP9FIWZj9VwVHto0ymzjn3cqZTM12e9s4
 jy6lyiZrqLB75ZXxwHLUb8CKeIdmEA3xsjedhH8Ul3LXd8+Nx8E7TpTWp1t6UCScJo
          IF4YgTYWnqGLGcUe5fnYqXny/xWSUH0tEa4ooJUQ=
 Date: Thu, 17 Nov 2016 04:02:04 -0500
 To: "gaj@xxxxxxxxx" <gaj@xxxxxxxxx>
 From: gaj <gaj@xxxxxxxxxxxxxx>
 Reply-To: gaj <gaj@xxxxxxxxxxxxxx>
 Subject: (No Subject)
 Message-ID:
 <qBE6eyoCEi4_ojiuI6J3T3SsNnzbyUwHrVitqxfusRUq2KZeeEhM5NhpuB60OXX1L-
 SvTmDGjcdR7f6gqKLJLvsMGhF6T__vaC1NDOiUwl8=@protonmail.com>
 Feedback-ID: 110SiAcT-Ttf0GX5vp9zB7NGHX35BxAovvV88zX-
 sg7eznfkxnT4idcqS5r9QeQ0UBubZrr4QwSNtQGIDoVcJQ==:Ext:ProtonMail
 MIME-Version: 1.0
 Content-Type: multipart/alternative;
         boundary="b1_5482c91d8c736fe5d686a7932411f185"
 X-Spam-Status: No, score=-3.0 required=4.0 tests=ALL_TRUSTED,BAYES_00,
         DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,
         MIME_BASE64_BLANKS,TVD_SPACE_RATIO,URIBL_BLOCKED autolearn=ham
 version=3.3.1
 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
 mail4.protonmail.ch
 X-Online-CMAE-Analyze: v=2.1 cv=WL+CJSYR c=1 sm=1 tr=0
         a=LdbBSXNqbvtOef0nyrOuaA==:117 a=LdbBSXNqbvtOef0nyrOuaA==:17
         a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10
 a=L24OOQBejmoA:10
         a=r77TgQKjGQsHNAKrUKIA:9 a=drXjWTiCdkwO2GI1PNAA:9
 a=QEXdDO2ut3YA:10

 This is a multi-part message in MIME format.

 --b1_5482c91d8c736fe5d686a7932411f185
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: base64

 bGludXg=


 --b1_5482c91d8c736fe5d686a7932411f185
 Content-Type: text/html; charset=UTF-8
 Content-Transfer-Encoding: base64

 PGRpdj5saW51eDwvZGl2PjxkaXYgY2xhc3M9InByb3Rvbm1haWxfc2lnbmF0dXJlX2Jsb2NrLWVt
 cHR5Ij48YnI+PC9kaXY+PGRpdiBjbGFzcz0icHJvdG9ubWFpbF9zaWduYXR1cmVfYmxvY2sgcHJv
 dG9ubWFpbF9zaWduYXR1cmVfYmxvY2stZW1wdHkiPjxkaXYgY2xhc3M9InByb3Rvbm1haWxfc2ln
 bmF0dXJlX2Jsb2NrLXVzZXIgcHJvdG9ubWFpbF9zaWduYXR1cmVfYmxvY2stZW1wdHkiPjxkaXY+
 PGJyPjwvZGl2PjwvZGl2PjxkaXYgY2xhc3M9InByb3Rvbm1haWxfc2lnbmF0dXJlX2Jsb2NrLXBy
 b3RvbiBwcm90b25tYWlsX3NpZ25hdHVyZV9ibG9jay1lbXB0eSI+PGJyPjwvZGl2PjwvZGl2Pjxk
 aXYgY2xhc3M9InByb3Rvbm1haWxfc2lnbmF0dXJlX2Jsb2NrLWVtcHR5Ij48YnI+PC9kaXY+



 --b1_5482c91d8c736fe5d686a7932411f185--

 }}}
 {{{


 }}}
 '''__3) headers as shown by YOPmail__'''

 ===== __SMTP headers :__ =====
 !IP:185.70.40.27
 EHLO mail4.protonmail.ch
 MAIL FROM:<gaj@xxxxxxxxxxxxxx> SIZE=1854
 RCPT TO:<gaj@xxxxxxxxxxx>


 ===== __MIME headers :__ =====
 Received: from mail.protonmail.com (localhost [127.0.0.1])
      by mail4.protonmail.ch (Postfix) with ESMTP id 1A23E1DC3;
      Thu, 17 Nov 2016 04:02:04 -0500 (EST)
 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
      s=default; t=1479373324;
      bh=NCWs/qOiYWOIj3Sx9k1UuGsQ0DoYqE+JRVb6aQrxors=;
      h=!Date:To:From:Reply-To:Subject:Feedback-ID:From;
      b=wqhh8kt3bWWZbR8AI4+ekiOKKwcATh1pSP9FIWZj9VwVHto0ymzjn3cqZTM12e9s4
       jy6lyiZrqLB75ZXxwHLUb8CKeIdmEA3xsjedhH8Ul3LXd8+Nx8E7TpTWp1t6UCScJo
       IF4YgTYWnqGLGcUe5fnYqXny/xWSUH0tEa4ooJUQ=
 Date: Thu, 17 Nov 2016 04:02:04 -0500
 To: "gaj@xxxxxxxxxxx" <gaj@xxxxxxxxxxx>
 From: gaj <gaj@xxxxxxxxxxxxxx>
 Reply-To: gaj <gaj@xxxxxxxxxxxxxx>
 Subject: (No Subject)
 Message-ID:
 <qBE6eyoCEi4_ojiuI6J3T3SsNnzbyUwHrVitqxfusRUq2KZeeEhM5NhpuB60OXX1L-
 SvTmDGjcdR7f6gqKLJLvsMGhF6T!__vaC1NDOiUwl8=@protonmail.com>
 Feedback-ID: 110SiAcT-Ttf0GX5vp9zB7NGHX35BxAovvV88zX-
 sg7eznfkxnT4idcqS5r9QeQ0UBubZrr4QwSNtQGIDoVcJQ==:!Ext:ProtonMail
 MIME-Version: 1.0
 Content-Type: multipart/alternative;
      boundary="b1_5482c91d8c736fe5d686a7932411f185"
 X-Spam-Status: No, score=-3.0 required=4.0 tests=ALL_TRUSTED,BAYES_00,
      DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,
      MIME_BASE64_BLANKS,TVD_SPACE_RATIO,URIBL_BLOCKED autolearn=ham
 version=3.3.1
 X-Spam-Checker-Version: !SpamAssassin 3.3.1 (2010-03-16) on
 mail4.protonmail.ch

 ----
 With this information, maybe you can explain what happens and why GetTor
 does not respond to this type of messages.

 If you need more info, just let me know.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20618#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs