[tor-talk] "If you have access to certain tools, you can completely ignore Tor."
Chris
tmail299 at errtech.com
Tue Dec 20 14:47:50 UTC 2011
Would any of these attacks work with HTML off? I ask mostly because the
default in GNU/Linux is for these things to be off. Even my web mail
GNU/Linux interface I write from has HTML off by default.
> Thank you for that.
>
> Kmail (Kontact) appears perfectly safe. I also tested vs gmail in my
> firefox browser with noscript. No leaks there either.
>
> praedor
>
> On Tuesday, December 20, 2011 07:01:39 AM tor at lists.grepular.com wrote:
>> On 20/12/11 04:44, Andrew Lewman wrote:
>>
>> > This also requires the user not being very sophisticated. If you load
>> > up html emails full of web-bugs, javascript, and your normal browser
>> > pointed at Tor, then I believe most of what 'SR' says is correct. I
>> > don't believe this is true for Tor Browser users, but I welcome
>> > research and proof otherwise. Also, we'll fix any leaks found.
>>
>> FWIW, I built a web app a while ago which sends out an HTML email to you
>> full of different types of web bugs to try and test if your email client
>> is loading remote content when it shouldn't be. It found bugs in
>> Thunderbird, Outlook, Androids standard mail client, K-9, Apple Mail,
>> the iOS email client, Roundcube and several other webmail
>> implementations. If you want to try it out, it can be accessed here:
>>
>> https://grepular.com/email_privacy_tester
>>
>> And I originally wrote a about it here:
>>
>> https://grepular.com/Automated_Email_Privacy_Tester
>>
>>
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
More information about the tor-talk
mailing list