[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Email Clients and Tor



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 09/01/2013 12:31 AM, Viking God wrote:
> Most internet related programs can be configured to use Tor, but
> not necessarily in a totally anonymous way. Some programs still
> leak information about your IP, for example when doing DNS
> requests. But also, if the socks-proxy answers are too slow which
> happens frequently with TOR, programs that are mainly intended to
> be user friendly instead of secure may try to bypass the proxy
> setting and try to connect directly with a server if the latency is
> too high, if the transfer speed is too low or if there are frequent
> time-outs. All of this happens every now and then with Tor when you
> happen to get a "bad circuit" which slows everything down. But of
> course you're generally more anonymous while using Tor partially
> than by not using Tor at all, but be aware of the false sense of
> security this gives you. You might not be anonymous at all
> sometimes when you believe you're anonymous because of how the
> program is programmed to use proxies.

When it comes to email clients, DNS leaks and proxy bypassing are not
the only concern. Email headers are a potent source of exposed private
information, and are generally much less configurable by the end user
- - and easily overlooked by less experienced users.

The operator of mail.i2p/i2pmail.org (the email system inside I2P)
compiled a list of popular email clients and compared them in the
areas of anonymity and privacy protection. I don't know how current it
is, but it does provide a good overview of how different clients
expose different information within the email itself before the client
even touches the network:

http://hq.postman.i2p/?page_id=9

Incidentally, by postman's ratings, (Sylpheed) Claws comes out on top :)

(For those without I2P I have pasted the page contents to
http://pastebin.com/TDD5NzTn - postman doesn't allow access to his
site via I2P inproxies)

str4d
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCgAGBQJSJonXAAoJENXeOJaUpGWy/cEH/ArZcUpNH5ZiqBnfxln/VNSK
u7+I0t0NEkzcRLJxDrzvQMpJceOhhfufaHiox8ypxsww+ZjDZFThReXV3RSg+Oh4
Se+XIkuGdkYoqM6806SotdZz2idR9a9GRd1IeRzZBDqQI37q0KobirLl/0ucywOB
+gWd0dTQhGIqj5LYrTdtLAdxQ559ydXLqGfWM2jpyeWbzog/ZpWTQtW7RF6MLCD1
RYlMqthqvKyX5wHvXm97g3GJWVGRJCAgYd4e5em7VBkKlEOM6tPcgPATo/xRFZJ4
vBqBHIQ6MXNpG5/VZgK1GI09XAysuXzbSS/ZVfWpY7m6/UBRpfG9eI4jMfmvoQs=
=1N+0
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk