[tor-talk] "If you have access to certain tools, you can completely ignore Tor."

Chris tmail299 at errtech.com
Tue Dec 20 14:47:50 UTC 2011

Would any of these attacks work with HTML off? I ask mostly because the
default in GNU/Linux is for these things to be off. Even my web mail
GNU/Linux interface I write from has HTML off by default.

> Thank you for that.
> Kmail (Kontact) appears perfectly safe.  I also tested vs gmail in my
> firefox browser with noscript.  No leaks there either.
> praedor
> On Tuesday, December 20, 2011 07:01:39 AM tor at lists.grepular.com wrote:
>> On 20/12/11 04:44, Andrew Lewman wrote:
>> > This also requires the user not being very sophisticated. If you load
>> > up html emails full of web-bugs, javascript, and your normal browser
>> > pointed at Tor, then I believe most of what 'SR' says is correct. I
>> > don't believe this is true for Tor Browser users, but I welcome
>> > research and proof otherwise.  Also, we'll fix any leaks found.
>> FWIW, I built a web app a while ago which sends out an HTML email to you
>> full of different types of web bugs to try and test if your email client
>> is loading remote content when it shouldn't be. It found bugs in
>> Thunderbird, Outlook, Androids standard mail client, K-9, Apple Mail,
>> the iOS email client, Roundcube and several other webmail
>> implementations. If you want to try it out, it can be accessed here:
>> https://grepular.com/email_privacy_tester
>> And I originally wrote a about it here:
>> https://grepular.com/Automated_Email_Privacy_Tester
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

More information about the tor-talk mailing list