[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] email over Tor / anonymity sets vs. source IPs (was: Torbutton-birdy version 0.0.2)



> >> I'd consider it as important to have all torbirdy "stable"
> users
> >>  in one anonymity set as soon as there is a feature complete
> >> stable version. I consider the current version as experimental.
>
> >
> > Hrmm. Actually, if we can avoid revealing this anonymity set
> > explicitly to mailing lists and recipients, I think that might be a
>
> > worthy goal.
> >
> > Since Tor IPs are often absent from mailing list headers if the
> > SMTP server(s) are not run by a total jerk, can we figure out a
> > way to look more common?
>
> I do think that most SMTP servers / MLs include the entire SMTP path
> and therefore it is very easy to separate Tor users based on their
> source IP anyway. [I agree that it would be nice to have a more common
> fingerprint but I do not think it is feasible without sacrificing a
> lot on other aspects.] And after all this is only relevant if you
> choose to trust your mail provider - which is considered an adversary
> in my threat model.

As I Tor user, I prefer to use mail servers, who does not spill the source IP. Imho it's a gain in security, if only the mailserver has a better chance for an attack, or if everyone on a list has a better chance for an attack.

Your decision to consider the mail provider an adversary is good. I still recommend to use mail servers which are less likely to attack you.

I were nice, if it were possible to hide Torbirdy and Tor use from mailing lists.

> [I agree that it would be nice to have a more common
> fingerprint but I do not think it is feasible without sacrificing a
> lot on other aspects.]

Can you tell more please about these aspects?

>
> > What's wrong with using the Thunderbird default locale string for
> > the quotation here? If you're posting on a mailing list where
> > discussion occurs in only one human language, shouldn't you be
> > using that same localization for mail client? For multilingual
> > users, can we solve that problem a different way, perhaps by a
> > localization dropdown menu or something?
>
> I think that such an approach that requires the user to actively select
> its language for every message is error prone. As soon as the sender
> forgets to select the correct language or fails to choose the correct
> language he is screwed.
> I prefer something that doesn't depend on user interaction.

What about choosing the language within the account configuration per account?

______________________________________________________
powered by Secure-Mail.biz - anonymous and secure e-mail accounts.

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk