-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings,
Several friends of mine have lately expressed the wish to be able to send email anonymously. They have really good reasons and I believe many others do as well, so I'm looking for easy to use and set up solutions. I've looked into annonymous remailers like Mixminion et al, but they don't seem to be mature enough and have the number of users required for any effective anonymity, so Tor seems to be the way. Mixminion doesn't even seem to have a GUI beyond Tork for non-Windowos users, which kind of would force everyone to install KDE. Web mail + Tor is of course an option, but then they'll loose the nice PGP intergration provided by most MUA:s (e.g. Enigmail/Thunderbird), and PGP (for end-to-end encryption) is _essential_ for my friends' purposes. Of course, there are things like FireGPG which can be used to sign/verify/encrypt/decrypt any texts in Firefox, which would work for web mail, but FireGPG is simply to flaky and have to much encoding issues to be usable right now. Therefore, web mail is not satisfactory. So I'm investigating the possibility of using SMTPS (i.e. SMTP over SSL) on Thunderbird with Torbutton. In fact, this email should have been sent over Tor. But as we know, there are several issues with using a mail client and SMTP with Tor. On the other hand, there's a lot of issues using Tor with web browsers (javascript, flash, cookies, Firefox extensions and many non-http(s) features etc). So is this really such a bad idea some people are suggesting? What are the issues? Things I've thought or read about myself are the following: * All types of SMTP is rejected by Tor's default exit policy During my testing, it has worked well. It seems there are quite a few people who still allow SMTPS (port 465) and SMTP with submission (port 587) as I've had different exit nodes for all five of my test emails. Standard SMTP seems to be completely blocked. BTW, is it possible to do queries over all exit nodes to see which of them that allow certain services? * The mail header might contain identifying information - From my experiments, I've seen fields like User-Agent, x-mozilla-status, x-enigmail-version and openpgp (key ID and key URL) which are not terribly dangerous (assuming that the key is only used for anonymous mail). The openpgp info is quite useful to keep, actually, and the others are very easily scraped away by some plugin (Torbutton for Thunderbird should alter this as it does with Firefox?). Also, I've heard that certain particularities of how the header is made might be used to identify that UA of a given mail. All in all, I'm not too worried about user agent stuff and similar right now (I need this solution fast), only of unique identifiers (but I agree that some effort should be made for this, perhaps in Torbutton). Please feel free to point out if my current mail header contains any other dangerous information that should taken into account. * EHLO/HELO message contains IP address or hostname First of all, the exit node shouldn't see anything since SSL is used. But what about the SMTP server? If you examine the header of this mail, you'll see that the first "Received:" field reports that it came from 0.0.0.0 plus hostname and IP address of the exit node (at least that's what happened in my experiments). Is that the same as what is reported in the EHLO/HELO to the SMTP server? If so, all is fine. So, what do you think? Are there any more issues? Is Thunderbird + Tor + Torbutton + SMTPS safe? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHcS0xp8EswdDmSVgRAnNRAKCI0zBFfu2pvKcYFcg+e9UmNaXKMACdH9ru C3uo0dM/Zcfp4E7P2tEEpDI= =wdMT -----END PGP SIGNATURE-----
