-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Accessing an email server via IMAP may leak data by saving a draft on the remote server.
Using Thunderbird+Enigmail+Torbirdy.
While writing a message on Thunderbird, it is automatically saved as a draft, which by default is sent to the IMAP server. So the server will be able to read that message.
That's a big problem when the message should be encrypted before sent. So the email provider will be able to read sensitive data on those drafts in cleartext and the user probably won't notice.
To solve this the user need to manually set the account drafts settings (in Copies & Folders) to keep drafts on Local Folders.
I think Torbirdy should do it by default.
This info should be added to known issues on Torbirdy wiki.
I know Torbirdy developers recommend POP over IMAP, but as a mailtor.net user I don't have any other option.
- -- arkmd DeepBlog | A verdade nua crua e distorcida http://xzzpowtjlobho6kd.onion/
OpenPGP Public Key: http://xzzpowtjlobho6kd.onion/arkmd.asc 4096R: 0461 DF2C B6B7 6059 7529 77E0 04CD FE83 766B 8DA6