-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Arrakis wrote:
>> 2.) Obfuscate the data sent in the EHLO so it doesn't leak the hostname/ip > > I'll have to check how thunderbird implements smtp. It must be possible as TorButton manages to do it. >> 7.) Turn off return receipts and Junk filtering > > Junk filtering is sticky. Because we are going to use thunderbird, we > can create bayesian filters in token form, and push token updates to > the client. It would be kind of amazing if the latest paris hilton > spam was blocked before the user had to read it. The management program > could update such a token over https, un-anonymized, every x time. The main reason I mentioned this one is because it is an unknown quantity to me. I'm not sure if Thunderbird leaks any information with it's Spam filtering. Even if it doesn't now, I'm not sure if an upgrade wouldn't cause it to in future. So to be safe, I leave it off. >> 8.) For convenience rather than security, I'd make it automatically turn >> on the options to download the full messages to disk. > > Thats one of those distasteful things about mail, and one of the reasons > I prefer IMAP over POP. POP is fine if you're encrypting your message > base, but if not, IMAP is preferable. But I tell you what... i really > *could* encrypt the messagebase on thunderbird. No telling how secure > that would really be in windows implementation, but it is certainly > a fun idea. Yeah, I prefer IMAP, but I like a local copy of the mail so it doesn't need to connect to the server over Tor every time I want to read a message. Encrypted on disk would be a nice option. Another thing worth looking at would be how Thunderbird performs automatic extension updates. Oh, and generating a list of extensions that are safe/unsafe to use with Thunderbird. - -- Dawn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFIronWcoR2aV1igfIRAnhxAJdeawiNTbd1ZRG+4JAE4LzQMfvLAKCYxDHu U1/xQbKTtgbFiNFn4VWt1A== =IZ+7 -----END PGP SIGNATURE-----
