[tor-talk] Warning to TorBirdy users: system language leak in replies (via authorwrote line)

tagnaq tagnaq at bitmessage.ch
Sun Oct 19 22:21:37 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Due to a change in Thunderbird's handling of the
"reply_header_authorwrote" prefs [1] TorBirdy users which use
Thunderbird 31 and later leak their system language to recipients* of
reply messages.

Usual TorBirdy quoting behaviour when composing a reply looks like
this (author name is not followed with "wrote"):

John Doe:
> .....


leak ("wrote" in the case of an English system) introduced with newer
Thunderbird versions:

John Doe wrote:
> .....


Whether the system language is actually leaked depends on the content
of the email body. If the sender (you) manually remove the entire text
in the composing window - the "authorwrote" line is not included and
no leak occurs.

*) If the message has not been end-to-end encrypted this leak is not
limited to the intended recipients.

Workaround
- ----------

Until TorBirdy gets ready for Thunderbird versions >= 31
affected users may set the following preference to avoid this leak:

mailnews.reply_header_authorwrotesingle = #1:


[1]
https://bugzilla.mozilla.org/show_bug.cgi?id=1009585
https://bugzilla.mozilla.org/show_bug.cgi?id=995797

[2] https://trac.torproject.org/projects/tor/ticket/13480
-----BEGIN PGP SIGNATURE-----

iF4EAREKAAYFAlREOXEACgkQgSFXpOdJgOsLoAEAvA3PQMKCm6u5Yooo2cV9Mmci
wNbIpwNZLWH8qoJQqbMBAMIxHPcO72miTE+0N3+/pwcdL3Syl6bwg0Q30vO8ELEE
=RKu7
-----END PGP SIGNATURE-----



More information about the tor-talk mailing list