[tor-bugs] #6057 [TorBirdy]: avoid revealing torbirdys anonymity set explicitly (was: Enumerate difficulties with obfuscating useragent from mailinglists)

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Fri Jul 6 00:32:28 UTC 2012 

#6057: avoid revealing torbirdys anonymity set explicitly
-------------------------+--------------------------------------------------
 Reporter:  proper       |          Owner:  ioerror
     Type:  enhancement  |         Status:  new    
 Priority:  normal       |      Milestone:         
Component:  TorBirdy     |        Version:         
 Keywords:               |         Parent:         
   Points:               |   Actualpoints:         
-------------------------+--------------------------------------------------
Changes (by tagnaq):

  * priority:  critical => normal
  * type:  defect => enhancement


Comment:

 Replying to [comment:4 proper]:
 > > What do you aim for?
 > If it's not possible to hide being a TorBirdy user from a mailserver,
 I'd still prefer hiding that fact from the mailing list. Attacks by the
 mailserver are a higher class than someone on a mailing list who doesn't
 like one.

 We do not pretend to provide this 'feature' so I changed the ticket type
 from defect to enhancement.
 I also changed the ticket title/summary as I think that is what you
 actually want to achieve.
 (title is now more or less a quote from mike's email on tor-talk)

 If you want to hide the fact that you are a torbirdy user you would have
 to change your source IP (exit relays IP) and torbirdy can't help you with
 that, but this is certainly not the only problem.

 Lets assume your mail provider doesn't insert your source IP into mail
 headers, so this can't be used to identify you as being a tor(birdy) user,
 but there is still the missing UA header, the modified message-id (in
 progress), ...

 Now you could argue to fake the UA header and set it to a common
 thunderbird version to blend in with other thunderbird user. This would
 prevent us from reaching the 'all torbirdy users are in one anonymity set'
 goal because you would have to update the fake useragent from time to
 time. And still wouldn't fix the message-id format mismatch.

 So for now I don't see how we can achieve your 'feature request' without
 abandoning other goals (mainly all torbirdy users in one anonymity set and
 don't reveal timestamp information).
 I hope you see my point. (I'm happy to explain further if you wish)

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6057#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list