On 05/06/2012 03:52 AM, Mix+TB Test wrote: > Jacob Appelbaum wrote: >> Hi, >> >> A few Tor hackers (Sukhbir, tagnar, myself, etc) are working on a plugin >> for Thunderbird that attempts to Torify it properly. The codename for >> now is 'torbutton-birdy' and it is based largely on the seminal >> analysis[-1] by tagnaq. Two core goals in addition to Torification is >> the integration with MixGUI[0] and of course Enigmail[1]. > > Nice. I didn't even realise that MixMinion was still a going concern.
I think it's clear that we need MixMinion for the near future and well, the present for everyday of people. :( > >> At the moment the code is entirely un-reviewed and is not ready for real >> use. If you'd like to test it, we'd very much appreciate it. We have not >> uploaded the extension to Mozilla's addon site - I'm not sure we'll ever >> do that as a result of data retention issues and other stuff. > > Some very early feedback ... > > DNS and other connections leak during account creation (when Thunderbird > is trying to work out how to connect), but after that I can receive > (IMAP w/STARTTLS, IMAPS) and send (Submission w/STARTTLS, SMTPS) without > seeing any leaks, including no DNS leaks. I can also see the connections > showing up in the Vidalia Network Map. > These issues should be listed in the TODO file - I'm sorry to say that Thunderbird and the Mozilla team seems to refuse to Do The Right Thing with the account setup wizard. The bugs on this topic are a depressing read - it's not really possible to override this and fail closed - which seems like an unreasonable stance... > When sending via IMAP (even when using STARTTLS) there is a pop up to > notify you that you're sending in the clear, and the warning goes away > when you switch to IMAPS. No such warning appears when using Submission > w/STARTTLS. (Or when using SMTPS, as expected.) That is to be expected, yes. > > This was all performed using a clean Thunderbird 12.0.1 profile, no > other addons, 64-bit Debian 6.0.4, Tor Browser 2.2.35-11 with a static > SOCKS port. Great. So as it stands, I found the following meta-data in your email that may be harmful to your privacy: Message-ID: <[email protected]> Date: Sun, 06 May 2012 11:52:25 +1000 Your raw email is impressive in how many systems it seems to touch - it routes over Tor through the Noisebridge exit, it traverses some ipv6 SMTP servers and so on. There's a lot of stuff in there - can you look through it and tell me if any of it is harmful to your privacy other than the two lines listed above? All the best, Jacob _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
