intrigeri: > Hi, > >> Jacob Appelbaum wrote (22 Jun 2012 01:00:01 GMT) : >>> What do we need to fix or do for you to ship TorBirdy? > > We need a way to configure TorBirdy so that it does *not* disable the > account creation wizard -- currently fails with "TorBirdy has disabled > Thunderbird's auto-configuration wizard to protect your anonymity." > Is it possible to a preference setting to do so?
We'd gladly accept a patch to handle this case - one problem is that the auto-configuration wizard is simply dangerous. It may use insecure protocols, even if it doesn't directly cause leaking, it is isn't safe to use on the internet, I think. > > Rationale: our patchset "secure" account creation patchset should take > care of most, if not all, of the issues highlighted in Tagnaq's paper. > Did you merge our patches to ensure the date/time stamp issues are taken care of, amongst other issues? > In case someone wants to review / test / have a look, > here's the code: > > repo: git://labs.riseup.net/tails_icedove.git > branch: tails/master-10.x > patches: debian/patches/tails/* > Could you describe how it solves the issues we faced? I don't have access to this git repo at the moment. If for example such patches allowed for the use of Tor safely and prevented insecure protocols from being used, I'm in favor of enabling the wizard. However, I find it concerning to enable the wizard if the result is an accidental leak or the use of an insecure protocol... All the best, Jake _______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
