[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: xB Mail: Anonymous Email Client



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Arrakis wrote:

>> 2.) Obfuscate the data sent in the EHLO so it doesn't leak the hostname/ip
> 
> I'll have to check how thunderbird implements smtp.

It must be possible as TorButton manages to do it.

>> 7.) Turn off return receipts and Junk filtering
> 
> Junk filtering is sticky. Because we are going to use thunderbird, we
> can create bayesian filters in token form, and push token updates to
> the client. It would be kind of amazing if the latest paris hilton
> spam was blocked before the user had to read it. The management program
> could update such a token over https, un-anonymized, every x time.

The main reason I mentioned this one is because it is an unknown
quantity to me. I'm not sure if Thunderbird leaks any information with
it's Spam filtering. Even if it doesn't now, I'm not sure if an upgrade
wouldn't cause it to in future. So to be safe, I leave it off.

>> 8.) For convenience rather than security, I'd make it automatically turn
>> on the options to download the full messages to disk.
> 
> Thats one of those distasteful things about mail, and one of the reasons
> I prefer IMAP over POP. POP is fine if you're encrypting your message
> base, but if not, IMAP is preferable. But I tell you what... i really
> *could* encrypt the messagebase on thunderbird. No telling how secure
> that would really be in windows implementation, but it is certainly
> a fun idea.

Yeah, I prefer IMAP, but I like a local copy of the mail so it doesn't
need to connect to the server over Tor every time I want to read a
message. Encrypted on disk would be a nice option.

Another thing worth looking at would be how Thunderbird performs
automatic extension updates. Oh, and generating a list of extensions
that are safe/unsafe to use with Thunderbird.

- --
Dawn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD4DBQFIronWcoR2aV1igfIRAnhxAJdeawiNTbd1ZRG+4JAE4LzQMfvLAKCYxDHu
U1/xQbKTtgbFiNFn4VWt1A==
=IZ+7
-----END PGP SIGNATURE-----