[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Thunderbird & Gmail

Hash: SHA1

On 07/10/08 22:18, Gerardo Rodríguez wrote:
> I´ve found the version you told me and installed it (in a th v1.5.x),
> and as far as the headers info sent to the receiver it´s ok, it
> doesn´t leak any thing - only the client version - so it´s impossible
> to trace the email.

All information leaks are bad, but this is probably not critical, yes.
There could be other problems that we are not aware of, though.

> Now I just need to verify that there is no registration of mi ip &
> other info @ the smpt & pop servers;

I'd be surprised if you could verify this with any certainty. I highly
recommend you to register a new account anonymously (e.g. through Tor)
and never access it directly without Tor. Any account that you have
accessed directly should immediately be considered as compromised (in
terms of lost anonymity), and that's also the case with all previous
correspondence that account has participated with. That's dangerous
stuff. _Any_ eavesdropper could have connected your IP address to that
account and logged that. [/paranoia mode]

> you told me to sniff the packets; I´m not to involved into sniffers
> and only used one or two times the wireshark, is there a special
> technique to do so?

It's easy with Wireshark. Turn off all network using applications except
Tor, then:

1. start a new Wireshark capture
2. start Thunderbird
3. refresh inbox
4. send an email
5. stop the Wireshark capture

Then make sure that the destinations of all packets are either (where you run Tor and privoxy/polipo) or Tor entry
nodes and possibly Tor directory servers (there are services like
http://torstatus.kgprog.com/ to look that up). In particular, make sure
that your email account's POP/IMAP and SMTP server addresses do not appear.

I'd also recommend to look for the EHLO/HELO message in the beginning of
the SMTP transaction (when it's sent to Tor on localhost, i.e. before
Tor encrypts it) and make sure that the message content/payload does not
contain your IP address/hostname. Torbutton should scrub that and put there instead. Note that you'll have to use plaintext SMTP (that
is without TLS/SSL) in order to do this easily. So I recommend you do
this with a disposable account that you later terminate as the login
credentials may (that is: should be assumed to) have been compromised
when sent in plaintext.
Version: GnuPG v2.0.9 (GNU/Linux)