On 02/06/2011 11:59, Anon Mus wrote: > Is it true that email SMTP & POP3 hosts (e.g. gmail's servers) can > obtain from SMTP & POP3 clients (e.g. Thunderbird) data such as, > > 1. client time zone > 2. client machine clock time > 3. client machine time since last boot > > even though its over Tor? I have a pretty decent knowledge of the SMTP, POP3 and IMAP4 protocols, and I'm not aware of any part of the protocol which transmits this information. > If so, can't these be used to trace a client machine which might also be > accessing other, say gmail, accounts via the open internet (not via Tor) > ? (I know it sounds paranoid, but surely it is theoretically possible) SMTP *might* leak your machine name or hostname or LAN IP address when transmitting the EHLO. When you send an email, it's going to include your local system time and local time zone in the Date header. It may also include information about your email client and/or OS in some header like X-Mailer or User-Agent. I reckon IMAP4 and POP3 are relatively safe protocols. I don't think they leak any useful information. It may be possible to fingerprint what actual IMAP client you're using by analysing the protocol, such as how many connections are open, command execution order, the format of tag names, IMAP extension usage, how the client responds to certain types of protocol errors, etc. > And ... is there ANY software/email clients out there that can > counteract/obfuscate this kind of tracing, say by changing the > parameters returned? (Preferably Windows OS but others will do if available) Not sure. If I wanted to access my email over Tor, but using a proper client rather than webmail, I'd probably set up fetchmail to fetch the email using SSL secured POP3 over Tor, and drop it in a local Maildir, and point Thunderbird at that. For SMTP, I'd stick Exim inbetween Thunderbird and Tor, and configure it to remove/sanitise headers and to use a custom HELO. An advantage of using fetchmail to retrieve the mail, is that mail retrieval would be done on a regular interval, rather than just when you're actually reading it. You might not want an attacker to be able to determine the times that you're online checking your email. One thing to note. For SMTP submission over Tor. If you can use port 465+SSL rather than TLS on ports 587 or 25, then do that. If you're using TLS rather than SSL, even though the majority of your connection is encrypted, the welcome banner and your initial EHLO are transmitted in the clear. smtp.gmail.com has both options. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk