[tor-dev] Torbirdy - IMAP issue

arkmd arkmd at mailtor.net
Fri Dec 6 22:00:55 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I've checked it again. Write, wait it to be saved, close and open your
email via web-mail. And thats my draft in cleartext on mailtor.net server:
> Testing draft.
> 
> Icedove 17.0.10 Enigmail 1.6 TorBirdy 0.1.2
> 
> That's it.

Nima Fatemi:
> It doesn't have anything to do with TorBirdy.

I did not say it is TorBirdy fault.

But yes it has everything to do with TorBirdy. It is an anonymity and
security tool and tries avoid leaks. Maybe you just don't see it as a
leak.

Anyway the users must know it may happen.

> All you really have to do, is to have Encryption on by default in 
> Enigmail. Your drafts are now going to be encrypted. Problem
> solved!

Sukhbir Singh:
> By default, Enigmail saves an encrypted copy of the message. This
> is the default setting [1] and I think it also confirms this when
> it saves an encrypted message for the first time. TorBirdy does
> not modify this setting so it should be enabled by default for
> Enigmail.

Enigmail asks to save an encrypted draft *only when you enable
encryption* to that message. If you forget to set the encryption and
write it will be saved in cleartext without asking anything.

When you are sending the email Enigmail asks if you really wanna send
unencrypted, but the draft already have been sent unencrypted on the
IMAP server.

Enigmail should ask *always* when saving a draft remotely. Even
locally it should.

And TorBirdy should help prevent this to happen.

griffin at cryptolab.net:
> Now Thunderbird is set to *not* automatically create/save drafts. 
> Works like a charm. =)

That should be default set by both Enigmail and TorBirdy.
Also should set to save locally, instead of remotely, if the user
wants to save a draft.

- -- 
arkmd
DeepBlog | A verdade nua crua e distorcida
    http://xzzpowtjlobho6kd.onion/

OpenPGP Public Key:
http://xzzpowtjlobho6kd.onion/arkmd.asc
4096R: 0461 DF2C B6B7 6059 7529  77E0 04CD FE83 766B 8DA6
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJSokkNAAoJEATN/oN2a42m89UP/2E48vY3596pIhIFHZMJWvVk
MGhrJpJUCsBP7R/B0AiYLQS6/7mEIEo2AEexusaFjza12Lc9Q4qh+AOll/JQOKLi
a2cEAVEgwma0CSUTRweKXK3qVl4A5Uybp9bFbxrErmW7siGKcS5yhH4ldqXGCw9V
jYifzydey0rKKv7C7nXcO5X2ZnRfDYmO/FoaQIS9iSf8IDnPpPedtwQTVYUFPkRo
AD1eYPbaDpLQe5eG+rtxP0+VsCbQj3z3BykKTVtzGEzMPADwjTh0OpHk1WrQI0ux
WKBZK0afMeX2EIsLjNc8FcNVN5w+llONCkTEjoWM1+Ftrlut6WMhSAu1LrW9CCIz
eBnGZLtdkLh67dulRUM1Vf+kekmf0hjvSWWw+37a1q9+6lpckYDH4CJ7s7lMX0Ov
h4DZOQiLMnPYhGazI6nF15kbmtGWQRSBO7wcTkLGszRGA+OKPlmhV4o3bnyPIvUH
Do+TpOVSn+WHidZnei9aICN1Q689pHAfjohs7ZsMS+ydXQQR7LFz5P1N8EYXbbeC
kweOYWE+2hdw9uAHoloH8DeF0urk2ykhiRp62PhkspF8Ks6eO18yqrLvI28n0mo7
LSHVlnXEPn+qVU7rLQhWc+oo6f2OWvQYWj718/xVKogH/nmIANk1ofpeF9cZ9yYj
U2utYkh3lqR94715XHmJ
=kUz/
-----END PGP SIGNATURE-----

More information about the tor-dev mailing list