[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] SMTP & POP3 Email over Tor.. Anonymity breaking?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] SMTP & POP3 Email over Tor.. Anonymity breaking?
From: Anon Mus <my.green.lantern@xxxxxxxxxxxxxx>
Date: Thu, 02 Jun 2011 17:55:20 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 02 Jun 2011 12:55:49 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=TPhUadU7zxzahu5lCAvp5hNMJD0ppMuw4LxRTZLmezA=; b=lI5wuPpjv9ZW0/iBJEEEB5oSM4G+vJ2MtY/kUr0A1OITD+1/S3eU7gyQTI9jOqFpN2 jwqtMI479cvk61sqJc5YkPMibaUqkZ/ppvCOdV/cdL+zTzGjEIKkRq4kwLjHNXQl+cI1 h4/ZskwwZYsb5JaMAAw3srfmAUGfmDAHsHBaw=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=uA7TzJHbn13ctA/iTPdFkIqtPzqRPoDtxtE1svnANfTF50YHXo/bm3ja00D3DIxPxf ME9LwhFm7ux1j3hMI1gWrz4ckUcJY34RW/z/VZrIzr+bay9kXMh9LPRhYrLtwTzv3PB0 F/k8+L7oBIMtWtLT4OKU2pNEbuEq0fGfHHaeE=
In-reply-to: <4DE772EB.7020801@xxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4DE76D1A.1030007@xxxxxxxxxxxxxx> <4DE772EB.7020801@xxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.24 (Windows/20100228)

tor@xxxxxxxxxxxxxxxxxx wrote:

On 02/06/2011 11:59, Anon Mus wrote:

Is it true that email SMTP & POP3 hosts (e.g. gmail's servers) canobtain from SMTP & POP3 clients (e.g. Thunderbird) data such as,
1. client time zone
2. client machine clock time
3. client machine time since last boot

even though its over Tor?


I have a pretty decent knowledge of the SMTP, POP3 and IMAP4 protocols,
and I'm not aware of any part of the protocol which transmits this
information.

I was just looking at the header received by another Tor list subscriberand there is definitely some data above leaked in the manner I mentioned.


Extract of header via Tor list from my email starting this thread...

Date: Thu, 02 Jun 2011 11:59:38 +0100
From: Anon Mus <my.green.lantern@xxxxxxxxxxxxxx>
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0

So there is my machines timezone (+0100) for starters...

and then there is my machines clock time (Thu, 02 Jun 2011 11:59:38) aswell (its my clock time not google's), I don't know if more accuratevalues (down to milliseconds say) are shared to the mail server.


You should all be able to see that in your own headers.

Again, you could fingerprint my mail by client (User-Agent: Thunderbird2.0.0.24 (Windows/20100228))

I am sure I read somewhere (eons ago) that the "3. client machine timesince last boot" could also be seen by the mail servers (or was thatjust javascript??).

If so, can't these be used to trace a client machine which might also beaccessing other, say gmail, accounts via the open internet (not via Tor)? (I know it sounds paranoid, but surely it is theoretically possible)
SMTP *might* leak your machine name or hostname or LAN IP address when
transmitting the EHLO. When you send an email, it's going to include
your local system time and local time zone in the Date header. It may
also include information about your email client and/or OS in some
header like X-Mailer or User-Agent.

In this case the sending machine is the exit node, but I suppose someemail clients might leak that, mine appears to leak (0.0.0.0).

I reckon IMAP4 and POP3 are relatively safe protocols. I don't think
they leak any useful information. It may be possible to fingerprint what
actual IMAP client you're using by analysing the protocol, such as how
many connections are open, command execution order, the format of tag
names, IMAP extension usage, how the client responds to certain types of
protocol errors, etc.

And ... is there ANY software/email clients out there that cancounteract/obfuscate this kind of tracing, say by changing theparameters returned? (Preferably Windows OS but others will do if available)


Not sure. If I wanted to access my email over Tor, but using a proper
client rather than webmail, I'd probably set up fetchmail to fetch the
email using SSL secured POP3 over Tor, and drop it in a local Maildir,
and point Thunderbird at that. For SMTP, I'd stick Exim inbetween
Thunderbird and Tor, and configure it to remove/sanitise headers and to
use a custom HELO.

An advantage of using fetchmail to retrieve the mail, is that mail
retrieval would be done on a regular interval, rather than just when
you're actually reading it. You might not want an attacker to be able to
determine the times that you're online checking your email.

One thing to note. For SMTP submission over Tor. If you can use port
465+SSL rather than TLS on ports 587 or 25, then do that. If you're
using TLS rather than SSL, even though the majority of your connection
is encrypted, the welcome banner and your initial EHLO are transmitted
in the clear. smtp.gmail.com has both options.

------------------------------------------------------------------------


_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Does anyone else have anything to offer?

Does anyone know if there is a mail client source code out there that Icould modify to create a client that would send settable/random values?


Thanks,

Jo
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] SMTP & POP3 Email over Tor.. Anonymity breaking?
  - From: tagnaq
- Re: [tor-talk] SMTP & POP3 Email over Tor.. Anonymity breaking?
  - From: tor

References:
- [tor-talk] SMTP & POP3 Email over Tor.. Anonymity breaking?
  - From: Anon Mus
- Re: [tor-talk] SMTP & POP3 Email over Tor.. Anonymity breaking?
  - From: tor

Prev by Author: [tor-talk] SMTP & POP3 Email over Tor.. Anonymity breaking?
Next by Author: Re: [tor-talk] SMTP & POP3 Email over Tor.. Anonymity breaking?
Previous by thread: Re: [tor-talk] SMTP & POP3 Email over Tor.. Anonymity breaking?
Next by thread: Re: [tor-talk] SMTP & POP3 Email over Tor.. Anonymity breaking?
Index(es):
- Author
- Thread