Update to default exit policy
idefix at riseup.net
idefix at riseup.net
Wed Aug 20 17:04:16 UTC 2008
Quoting 7v5w7go9ub0o <7v5w7go9ub0o at gmail.com>:
> anonym wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 20/08/08 15:42, 7v5w7go9ub0o wrote:
>>> anonym wrote:
>>>> Email clients leak tons of information, the most critical I know of
>>>> being your IP address and/or host in the EHLO/HELO in the beginning
>>>> of the SMTP(S) transaction.
>>> Nope.
>>>
>>> The encrypted connection occurs before the smtp handshake.
>>>
>>> IP/host info is not compromised, this is not an issue.
>>
>> Care to elaborate on this?
>>
>> The way I understand it, the encrypted connection will only prevent
>> eavesdroppers from snooping the IP address/host, but the destination
>> email server will get it in the EHLO/HELO message. IMHO, that equals a
>> compromise of grand scale.
>
> AH!.... we were talking about two different things. :-(
>
> I was referring to third-parties being unable to sniff your email
> contents or your host address within an SSL/SMTP transaction via TOR.
> You're talking about withholding information from the mail server itself
> (e.g. you're on the road with a laptop, and don't want to leave records
> of where you were as you sent your messages).
>
> And indeed, you raise an interesting point!
Sorry, I didn't get it: in case I'm using Thunderbird and Torbutton,
and connect to the smtp server trough tor. Will my "real" ip adress
occur in the mail headers, or the ip of the exit node?
I'm guessing the ip of the exit node, right? Because if not, it would
be senseless to use tor? Would be great if someone could clarify this!
Merci! :)
More information about the tor-talk
mailing list