Re: is tor an email mixmaster?

To: or-talk@xxxxxxxxxxxxx

Subject: Re: is tor an email mixmaster?

From: "M. Peterson" <petersonmaxx@xxxxxxxxxxxxxx>

Date: Sun, 9 Nov 2008 18:17:43 +0100

Delivered-to: archiver@xxxxxxxx

Delivered-to: or-talk-outgoing@xxxxxxxx

Delivered-to: or-talk@xxxxxxxx

Delivery-date: Sun, 09 Nov 2008 12:17:48 -0500

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=c3bW/wn+rMjQ8v8fRrU4JcB1XTapnjxNtX/cc7dnFWs=; b=CoIE5pcNUjN2E72EsQ/yO2YwvsCjLPOsW+Gk5lDhlVLuNW+1k7pPRdM3Wap+m6IMMm xYW5/zdGTj6uMYr3nYl1fDNbXAtiUgZr0O7Bgiy2PJaqoW+vbAJYYSu2zHnvD1+DURZD gx9t+12SLNy425npdDeibxN+B6o5SiKHKJpcw=

Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=paLEJbIrCLVtaXKR3eFwhcUYD0SntItUETlAxJFAvkPYvha2YTVaM55paZZC2tVXKt zElL810zRJ5UPiYLYRJ9kySx2IVfiKNrEr74cEAGbdy/29ZeYac4uERSVYU0jLMMGxww B8yewllySHQh3QxHwdtPgeTVJiFAGA/42mZk4=

In-reply-to: <20081109171133.GA16400@xxxxxxxxxxxxxxxxxxx>

References: <bccbc6690811090336mc463135y5dc82059a4b61d79@xxxxxxxxxxxxxx> <4916DEF4.5090300@xxxxxxxxxxxxxxxxxxxx> <bccbc6690811090503p44dbed4djc18c93ecb60a4705@xxxxxxxxxxxxxx> <20081109171133.GA16400@xxxxxxxxxxxxxxxxxxx>

Reply-to: or-talk@xxxxxxxxxxxxx

Sender: owner-or-talk@xxxxxxxxxxxxx

Hi Andrew, you missed one important point, tor-email-button is done in an email client, which is sending openPGP encrypted emails only,

then you have an exit node, sending the packet to the mail server - or not, if the mail has not been delivered, the mail was not going out, so the smtp server sends that notice back.

So everyone who runs tor-email-button in that mail client (we already have one in mind) is able to send the message out or can pop up the mails (which should be encrypted).

Well the question is every node or not is an outproxy is not the question, the question is, if we can architect that for an email client, sending PGP encrypted mails only, then many problems are solved.

On Sun, Nov 9, 2008 at 6:11 PM, <phobos@xxxxxxxxxx> wrote:

On Sun, Nov 09, 2008 at 02:03:53PM +0100, petersonmaxx@xxxxxxxxxxxxxx wrote 3.5K bytes in 68 lines about:
: is it possible to make a kind of tor button, so that all users using a kind

: of email client are a outproxy or hidden service, or must it be hidden
: service?
: so a torbutton with default on smtp relay /exitnode for email?

The challenge is in developing a tor extension for a mail client. Tor is
still developing torbutton to address the changes and anonymity risks in
firefox 2 and 3.

There once was a torbutton for thunderbird. I think all it did was
redirect the connections to your mail servers over tor. There are still
many personally identifing details in the mail itself that need to be
anonymized and cleaned.

And what you seem to be asking is client as a relay by default. This
topic is discussed on the wiki at
https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#EverybodyARelay

--
Andrew