[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] email over Tor / anonymity sets vs. source IPs (was: Torbutton-birdy version 0.0.2)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] email over Tor / anonymity sets vs. source IPs (was: Torbutton-birdy version 0.0.2)
From: <proper@xxxxxxxxxxxxxxx>
Date: Wed, 30 May 2012 01:33:52 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 29 May 2012 19:34:06 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=secure-mail.biz; s=default; t=1338334432; bh=N8nmr8no3nEr2OJYuBycRJ1N489q8+OQcSLgT8aB/70=; l=2584; h=Date:MIME-Version:Message-ID:From:Subject:Reply-To:To:In-Reply-To: References:Content-Type:Content-Transfer-Encoding; b=f7saTkIWd3orAd5fnOVy5VgY8jPpg4r1sJMm0CTHIUaREVy/Leb19e9BWdoK1tSIH 5tzRht9e/zqrTRvJ6SIcjsapVrS4wYkKFZfxjqeXaTDtPQtyMbsFr91akozEHOmEwl NSkqQUHrIWOMpX+LC74MNAivMNaSpIE+AsVq8+f8=
In-reply-to: <4FC5533C.5090502@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4FC5533C.5090502@xxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

> >> I'd consider it as important to have all torbirdy "stable"
> users
> >>  in one anonymity set as soon as there is a feature complete
> >> stable version. I consider the current version as experimental.
>
> >
> > Hrmm. Actually, if we can avoid revealing this anonymity set
> > explicitly to mailing lists and recipients, I think that might be a
>
> > worthy goal.
> >
> > Since Tor IPs are often absent from mailing list headers if the
> > SMTP server(s) are not run by a total jerk, can we figure out a
> > way to look more common?
>
> I do think that most SMTP servers / MLs include the entire SMTP path
> and therefore it is very easy to separate Tor users based on their
> source IP anyway. [I agree that it would be nice to have a more common
> fingerprint but I do not think it is feasible without sacrificing a
> lot on other aspects.] And after all this is only relevant if you
> choose to trust your mail provider - which is considered an adversary
> in my threat model.

As I Tor user, I prefer to use mail servers, who does not spill the source IP. Imho it's a gain in security, if only the mailserver has a better chance for an attack, or if everyone on a list has a better chance for an attack.

Your decision to consider the mail provider an adversary is good. I still recommend to use mail servers which are less likely to attack you.

I were nice, if it were possible to hide Torbirdy and Tor use from mailing lists.

> [I agree that it would be nice to have a more common
> fingerprint but I do not think it is feasible without sacrificing a
> lot on other aspects.]

Can you tell more please about these aspects?

>
> > What's wrong with using the Thunderbird default locale string for
> > the quotation here? If you're posting on a mailing list where
> > discussion occurs in only one human language, shouldn't you be
> > using that same localization for mail client? For multilingual
> > users, can we solve that problem a different way, perhaps by a
> > localization dropdown menu or something?
>
> I think that such an approach that requires the user to actively select
> its language for every message is error prone. As soon as the sender
> forgets to select the correct language or fails to choose the correct
> language he is screwed.
> I prefer something that doesn't depend on user interaction.

What about choosing the language within the account configuration per account?

______________________________________________________
powered by Secure-Mail.biz - anonymous and secure e-mail accounts.

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] email over Tor / anonymity sets vs. source IPs (was: Torbutton-birdy version 0.0.2)
  - From: tagnaq

Prev by Author: Re: [tor-talk] How to get browser after closing it ?
Next by Author: Re: [tor-talk] DNS and DNSSec Questions
Previous by thread: [tor-talk] email over Tor / anonymity sets vs. source IPs (was: Torbutton-birdy version 0.0.2)
Next by thread: [tor-talk] email over Tor / anonymity sets vs. source IPs (was: Torbutton-birdy version 0.0.2)
Index(es):
- Author
- Thread