[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Torbutton-birdy version 0.0.2

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Torbutton-birdy version 0.0.2
From: Tom Ritter <tom@xxxxxxxxx>
Date: Sun, 27 May 2012 10:26:44 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 27 May 2012 10:27:18 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; bh=SMgszMgznUIVxTWoc3pAU4CRZGvTOoBqpoZZdejqAiA=; b=k7TW4ODW9d30EPIbF17ToeDNvenJFAgXJiEuXD/QOX0rQKD5RdNWlLqOD4v8bGfcAL 7ta4prK98q3sOfERTr4q2YVIPUk794SBn6K0YYD9AE5EynOT/ACfpq44q72I+7kzy5XS wXCRdg9P4LFkpo6NEPOV1ZZ/j2qMq2FZ4e3G8=
In-reply-to: <4FC0CA20.2040901@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4FBFCE43.2060707@xxxxxxxxxxxxx> <4FC0B56F.3070507@xxxxxxxxx> <4FC0CA20.2040901@xxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On 26 May 2012 08:18, Sukhbir Singh <sukhbir.in@xxxxxxxxx> wrote:
>
> Hi,
>
> Karsten N.:
> The `reply_header_authorwrote' issue has now been fixed and if you
> notice this email, this is the approach we are following:
>
>    %s:
>
> where %s is the author. So the language preference of the user is not
> revealed. If you look at [0], we are setting:
>
>    reply_header_authorwrote to %s
>    reply_header_type to 1

Wouldn't this (or some of the other header settings) allow the
recipient or general public (if a mailing list post) to learn that a
person was using TorBirdy?  I hate to say it, but "What's the threat
model?"

A passive attacker watching a user learns the user uses Tor, but
unless they do network analysis, nothing else.  The same passive
attacker watching the IMAP/POP endpoint learns someone is connecting
over Tor, and because subsequent SMTP-SMTP  connections are often
unencrypted (or unauthenticated)[1], they may be able to learn the
user's name some of the time; and email contents some of the time if
not encrypted with S/MIME or PGP.

The entire SMTP-server path is in email headers AFAIK - does that
include the connecting IP (e.g. the tor exit node?).  If it does, then
the next part doesn't matter - if it does not: a recipient wouldn't be
able to learn that the sender sent it using TorBirdy... unless
TorBirdy used some non-standard and distinguishing email header or
setting... like this one.

Is that important?  It seems like it would be.  As an example, go
through this thread, and see whose reply header is of the form "On X,
Y wrote:" and now you know who's not running the latest version.

-tom

[1] https://ritter.vg/blog-no_email_security.html
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Torbutton-birdy version 0.0.2
  - From: tagnaq
- Re: [tor-talk] TorBirdy version 0.0.2
  - From: tagnaq

References:
- [tor-talk] Torbutton-birdy version 0.0.2
  - From: Jacob Appelbaum
- Re: [tor-talk] Torbutton-birdy version 0.0.2
  - From: Karsten N.
- Re: [tor-talk] Torbutton-birdy version 0.0.2
  - From: Sukhbir Singh

Prev by Author: Re: [tor-talk] Webserver on 127.0.0.1 only?
Next by Author: Re: [tor-talk] ADDRMAP reversed IP bug
Previous by thread: Re: [tor-talk] Torbutton-birdy version 0.0.2
Next by thread: Re: [tor-talk] Torbutton-birdy version 0.0.2
Index(es):
- Author
- Thread