[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Update to default exit policy

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Update to default exit policy
From: anonym <anonym@xxxxxxxxxxx>
Date: Wed, 20 Aug 2008 15:11:17 +0200
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Wed, 20 Aug 2008 09:11:27 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=lavabit; d=lavabit.com; b=5/uU7s2DqS0fs2oynUTx/ednDiTUtgt5QwsG2XyYEIv5hOKjWuGGqVed7doEXvZf6oEiVVaC05hm7DFW6SLZ1mkr19kdkF5sEsPB/vfydxuaEDNXC952+RLrF9KQdUd80v1LOFQ8fnL3m5CobQEKJnYb43QipIZlbyjiXyqQpNg=; h=Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:X-Enigmail-Version:OpenPGP:Content-Type:Content-Transfer-Encoding;
In-reply-to: <48AC07EB.3080001@xxxxxxxxxxxxxx>
Openpgp: id=D0E64958; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD0E64958
References: <48A6DD45.1040509@xxxxxxxxxxxxxx> <48A8438A.3030307@xxxxxx> <48AA905B.6090604@xxxxxxxxxxxxxx> <20080819150332.GA21009@xxxxxxxxxxxxxxxxxxxxxx> <48AAEAEE.6010803@xxxxxxxxxxxxxx> <48ABFC60.70900@xxxxxxxxxxx> <48AC07EB.3080001@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.16 (X11/20080806)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 20/08/08 14:02, Dawney Smith wrote:
> anonym wrote:
>> I'm sure you do. I'd love to have email work flawlessly and securly with
>> Tor, so opening ports 465 and 587 would be great (currently I do have
>> problems since there's few exit nodes which do that). But as I
>> understand it, email clients + Tor might be a very bad idea ATM. Email
>> clients leak tons of information, the most critical I know of being your
>> IP address and/or host in the EHLO/HELO in the beginning of the SMTP(S)
>> transaction.
> 
> Lots of protocols that can be used over Tor are potentially leaky. There
> are tonnes of exit nodes that allow IRC traffic for example, which can
> easily leak your username/hostname if you don't configure it correctly.
> I'm not sure what makes SMTP submission special when it comes to the
> exit policy.

Well, technically nothing makes SMTP special in this sense, and this is
really more of a general problem due to the design of Tor. But I think
it's special in another sense. For clarity, let's first consider HTTP
for a moment. Apparently a lot has been made in the Tor community in
order to making use of HTTP safer, with Firefox and the new Torbutton
being heavily promoted. That's great, because without this complete
solution users would (more or less) only get a false sense of security
when they install Tor and configure IE to use it.

Now, why has there been such an initive? My guess is that it's because
how common web browsing is, and I've got the impression that emailing is
pretty common too. That's why I think a similar initiative for the
protocols involed for emailing is necessary. Of course, this only
affects users of actual email clients, and I have no usage statistics
for how common that is compared to using webmail nowadays. Maybe we are:

1) too few and
2) too advanced (in the sense that we can identify problems and come up
with solutions ourselves)

for such an effort to make sense? I don't know. Grepping the mail
headers of this list suggests that it's fairly common (at least 50%),
but those of us active on this are most likely not representative for
neither the general Internet population nor the general Tor user base.

>> Really, this isn't an argument countering your in any way, but rather a
>> plea that the issues of using email clients with Tor are researched and
>> resolved before that combination gets promoted (IMHO opening ports 465
>> and 587 is a step towards promoting it). It's very likely your average
>> user will screw up given the current state of things.
> 
> As you said, the main issue is your hostname being leaked along with the
> EHLO, or your client loading remote images without using Tor.
> Personally, I use Thunderbird inside a virtual machine which can only
> access the Internet via Tor and has no personally identifiable
> information, including a random hostname and username etc.

Hiding behind NAT also works. And FYI the old Thunderbird compatible
Torbutton 1.0.4 will scrub the IP address/host from the EHLO/HELO messages.

Any way, this is getting pretty off topic. I for one hope that the
default exit policy will be updated as you suggest as I'm tired of
having to rebuild circuits etc. all the time when SMTP times out due to
the scarcity of usable exit nodes.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkisF/MACgkQp8EswdDmSVh0zQCeNcT0Y2pKdHw3DBFoNlRtYwuw
NT0AoIqKo3Mgva/rM/BKO5CGD+n6YxnX
=SJ3q
-----END PGP SIGNATURE-----

References:
- Update to default exit policy
  - From: Dawney Smith
- Re: Update to default exit policy
  - From: Dominik Schaefer
- Re: Update to default exit policy
  - From: Dawney Smith
- Re: Update to default exit policy
  - From: krishna e bera
- Re: Update to default exit policy
  - From: Dawney Smith
- Re: Update to default exit policy
  - From: anonym
- Re: Update to default exit policy
  - From: Dawney Smith

Prev by Author: Re: Update to default exit policy
Next by Author: Re: Update to default exit policy
Previous by thread: Re: Update to default exit policy
Next by thread: Re: Update to default exit policy
Index(es):
- Author
- Thread