[tor-bugs] #12842 [Tor Support]: Helpdesk needs a PGP key to be able to receive encrypted help queries
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Aug 11 17:14:10 UTC 2014
#12842: Helpdesk needs a PGP key to be able to receive encrypted help queries
-----------------------------+-------------------
Reporter: mrphs | Owner: lunar
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Support | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+-------------------
Comment (by lunar):
Replying to [comment:2 mrphs]:
> when a user contacts RT it usually means they were unable to use Tor,
meaning they're sending a plaintext email over the clearnet on the same
network (which they're trying not to use,) about their issue.
> Even if we keep the data unencrypted in our database, PGP could still
add a good layer of protection from their adversary, while their message
is traveling on the wire.
I believe that's not actually true.
Most users will connect to their mail provider using encrypted channels
(IMAPS, POP3S, SMTPS, or HTTPS webmail). Tor mail server offers
opportunistic STARTTLS, so delivery from user's mail provider to RT is
likely to be also encrypted.
I'm sure this is true for GMail and riseup.net. Here's some quick
research:
The RT database currently holds 2987 different domains. Top twenty used
over 22378 email addresses:
{{{
rt=> select lower(split_part(emailaddress, '@', 2)) as domain, count(*)
from users group by domain order by count desc limit 20;
domain | count
----------------+-------
gmail.com | 10178
yahoo.com | 2866
hotmail.com | 1351
qq.com | 327
aol.com | 219
live.com | 174
mail.ru | 157
outlook.com | 156
hushmail.com | 155
ymail.com | 141
googlemail.com | 138
tormail.org | 116
yahoo.co.uk | 116
comcast.net | 115
me.com | 106
163.com | 97
riseup.net | 95
yandex.ru | 91
safe-mail.net | 89
hotmail.co.uk | 82
}}}
''Yes, I know users can use other SMTP server to send their emails, but I
believe these days most will use the one given by their provider.''
So, most of them are webmail. And according to
[https://www.google.com/transparencyreport/saferemail/ Google's reports] a
good amount of them have STARTTLS enabled on their SMTP servers.
> What if we start using PGP in RT (for the reason stated above) in short
term and slowly get to Schleuder or some other alternative when we're
ready?
Switching our support handling from RT to straight email would really feel
like going backward to me. We have currently 11 people that work on
tickets on a more or less regular basis, spread over 6 different language
(and growing). Using only email, and encrypted it's going to be tougher,
would really really make the job harder for everyone involved.
''Yes, I know that some people are really efficient with emails. But it's
not possible to coordinate a team that large without a common database.''
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12842#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list