Mike Perry: > Thus spake Jacob Appelbaum ([email protected]): > >> I'm pleased to say that Sukhbir, tanaq, and I are making progress on >> Torbutton-birdy, the Torbutton like plugin for Thunderbird. Today marks >> the second release with two important fixes: > > I say we just call it TorBirdy. Easier to type, and has a better ring to it > I think.
Nice! >> the auto-configuration wizard leaks, so we disabled it Confirmed. >> the timezone is now UTC and does not leak your actual timezone Confirmed. >> We had around 57 downloads for our first release, we'd love to see that >> many users upgrade and send us feedback. We're really looking for >> informational leaks but the most important kinds of leaks are proxy >> bypass or other kinds of seriously harmful bugs. Just the Message-ID from what I can see. No leaks detected with tcpdump (DNS, IMAPS, SMTPS). Can see the connections going through the Vidalia Network Map. >> Here is our long running open bug about reviewing torbutton-birdy: >> https://trac.torproject.org/projects/tor/ticket/5797 > > I already mentioned this in the ticket, but might as well say it here > too, in case people don't bother to click the link: Attachments can also > cause proxy bypass when external apps are launched to open them, esp for > doc and pdf attachments. > > It would be great if someone could test trying to open those > attachments, especially after setting the prefs I mention in: > https://trac.torproject.org/projects/tor/ticket/5797#comment:12. None of the network.protocol-handler.warn-external* settings seem to force a warning, but I haven't tried the suggestion below: > If the prefs don't cause a warning of some kind first, you might need to > adapt that component I linked to in comment 11... Plus, as noted previously and demonstrated above, it's just the author's name now listed as specified in mailnews.reply_header_authorwrote. _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
