[tor-talk] email over Tor / anonymity sets vs. source IPs (was: Torbutton-birdy version 0.0.2)

tagnaq tagnaq at gmail.com
Tue May 29 22:52:44 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

[new thread]

>> My threa*t model is described on page 6 of the following paper: 
>> http://bit.ly/qDZm7C
> 
> This is an awesome doc.

I'm glad you like it.

> Is this sourced from latex? Is it possible to output an html 
> version somehow, too? I find the pdf format heavy and unnerving 
> from a security perspective..
I see your point.

I exported it as html but it probably contains lots of metadata, which
would take some time for clean up.
I suppose it is less of an effort to open the pdf in a VM appropriate
for untrusted files.
...however if an html version is for some reasons very important for
you I'll reconsider it and add it to my todo list.


>> I'd consider it as important to have all torbirdy "stable" users
>>  in one anonymity set as soon as there is a feature complete 
>> stable version. I consider the current version as experimental.
> 
> Hrmm. Actually, if we can avoid revealing this anonymity set 
> explicitly to mailing lists and recipients, I think that might be a
> worthy goal.
> 
> Since Tor IPs are often absent from mailing list headers if the 
> SMTP server(s) are not run by a total jerk, can we figure out a
> way to look more common?

I do think that most SMTP servers / MLs include the entire SMTP path
and therefore it is very easy to separate Tor users based on their
source IP anyway. [I agree that it would be nice to have a more common
fingerprint but I do not think it is feasible without sacrificing a
lot on other aspects.] And after all this is only relevant if you
choose to trust your mail provider - which is considered an adversary
in my threat model.
(btw: anyway I finally filed #5997)


> What's wrong with using the Thunderbird default locale string for 
> the quotation here? If you're posting on a mailing list where 
> discussion occurs in only one human language, shouldn't you be 
> using that same localization for mail client? For multilingual 
> users, can we solve that problem a different way, perhaps by a 
> localization dropdown menu or something?

I think that such an approach that requires the user to actively select
its language for every message is error prone. As soon as the sender
forgets to select the correct language or fails to choose the correct
language he is screwed.
I prefer something that doesn't depend on user interaction.


thank you for your feedback.




-----BEGIN PGP SIGNATURE-----

iF4EAREKAAYFAk/FUzsACgkQyM26BSNOM7ZxlwD8C0/Db0qjazxxp1bPDeHtXydi
lIij5fTgE1rgGHMTRp4A/0F3Smeze1o1XrGGVUbXeQF3Wp0rhDZJDPV6MxN1YNS1
=CtPa
-----END PGP SIGNATURE-----


More information about the tor-talk mailing list