[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Torbutton-birdy version 0.0.2

Mike Perry:
> Thus spake Jacob Appelbaum (jacob@xxxxxxxxxxxxx):
>> I'm pleased to say that Sukhbir, tanaq, and I are making progress on
>> Torbutton-birdy, the Torbutton like plugin for Thunderbird. Today marks
>> the second release with two important fixes:
> I say we just call it TorBirdy. Easier to type, and has a better ring to it
> I think.


>>   the auto-configuration wizard leaks, so we disabled it


>>   the timezone is now UTC and does not leak your actual timezone


>> We had around 57 downloads for our first release, we'd love to see that
>> many users upgrade and send us feedback. We're really looking for
>> informational leaks but the most important kinds of leaks are proxy
>> bypass or other kinds of seriously harmful bugs.

Just the Message-ID from what I can see. No leaks detected with tcpdump
(DNS, IMAPS, SMTPS). Can see the connections going through the Vidalia
Network Map.

>> Here is our long running open bug about reviewing torbutton-birdy:
>> https://trac.torproject.org/projects/tor/ticket/5797
> I already mentioned this in the ticket, but might as well say it here
> too, in case people don't bother to click the link: Attachments can also
> cause proxy bypass when external apps are launched to open them, esp for
> doc and pdf attachments.
> It would be great if someone could test trying to open those
> attachments, especially after setting the prefs I mention in:
> https://trac.torproject.org/projects/tor/ticket/5797#comment:12.

None of the network.protocol-handler.warn-external* settings seem to
force a warning, but I haven't tried the suggestion below:

> If the prefs don't cause a warning of some kind first, you might need to
> adapt that component I linked to in comment 11...

Plus, as noted previously and demonstrated above, it's just the author's
name now listed as specified in mailnews.reply_header_authorwrote.
tor-talk mailing list