[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #12842 [Tor Support]: Helpdesk needs a PGP key to be able to receive encrypted help queries

Subject: Re: [tor-bugs] #12842 [Tor Support]: Helpdesk needs a PGP key to be able to receive encrypted help queries
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 11 Aug 2014 17:14:10 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 11 Aug 2014 13:14:19 -0400
In-reply-to: <045.6cfad2d843e8e16627b1b63c38bcb754@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.6cfad2d843e8e16627b1b63c38bcb754@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#12842: Helpdesk needs a PGP key to be able to receive encrypted help queries
-----------------------------+-------------------
     Reporter:  mrphs        |      Owner:  lunar
         Type:  defect       |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Tor Support  |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+-------------------

Comment (by lunar):

 Replying to [comment:2 mrphs]:
 > when a user contacts RT it usually means they were unable to use Tor,
 meaning they're sending a plaintext email over the clearnet on the same
 network (which they're trying not to use,) about their issue.
 > Even if we keep the data unencrypted in our database, PGP could still
 add a good layer of protection from their adversary, while their message
 is traveling on the wire.

 I believe that's not actually true.

 Most users will connect to their mail provider using encrypted channels
 (IMAPS, POP3S, SMTPS, or HTTPS webmail). Tor mail server offers
 opportunistic STARTTLS, so delivery from user's mail provider to RT is
 likely to be also encrypted.

 I'm sure this is true for GMail and riseup.net. Here's some quick
 research:

 The RT database currently holds 2987 different domains. Top twenty used
 over 22378 email addresses:

 {{{
 rt=> select lower(split_part(emailaddress, '@', 2)) as domain, count(*)
 from users group by domain order by count desc limit 20;
     domain      | count
 ----------------+-------
  gmail.com      | 10178
  yahoo.com      |  2866
  hotmail.com    |  1351
  qq.com         |   327
  aol.com        |   219
  live.com       |   174
  mail.ru        |   157
  outlook.com    |   156
  hushmail.com   |   155
  ymail.com      |   141
  googlemail.com |   138
  tormail.org    |   116
  yahoo.co.uk    |   116
  comcast.net    |   115
  me.com         |   106
  163.com        |    97
  riseup.net     |    95
  yandex.ru      |    91
  safe-mail.net  |    89
  hotmail.co.uk  |    82
 }}}

 ''Yes, I know users can use other SMTP server to send their emails, but I
 believe these days most will use the one given by their provider.''

 So, most of them are webmail. And according to
 [https://www.google.com/transparencyreport/saferemail/ Google's reports] a
 good amount of them have STARTTLS enabled on their SMTP servers.

 > What if we start using PGP in RT (for the reason stated above) in short
 term and slowly get to Schleuder or some other alternative when we're
 ready?

 Switching our support handling from RT to straight email would really feel
 like going backward to me. We have currently 11 people that work on
 tickets on a more or less regular basis, spread over 6 different language
 (and growing). Using only email, and encrypted it's going to be tougher,
 would really really make the job harder for everyone involved.

 ''Yes, I know that some people are really efficient with emails. But it's
 not possible to coordinate a team that large without a common database.''

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12842#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #12842 [Tor Support]: Helpdesk needs a PGP key to be able to receive encrypted help queries
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #12843 [BridgeDB]: Bridgedb shouldn't handout bridges from .ir and .sy
Next by Author: Re: [tor-bugs] #12843 [BridgeDB]: Bridgedb shouldn't handout bridges from .ir and .sy
Previous by thread: Re: [tor-bugs] #12842 [Tor Support]: Helpdesk needs a PGP key to be able to receive encrypted help queries
Next by thread: Re: [tor-bugs] #8950 [Tor]: Comments on the formula calculating the number of Introduction Points
Index(es):
- Author
- Thread