Re: [Tails-dev] TorBirdy: first impressions

Borrar esta mensaxe

Responder a esta mensaxe
Autor: Jacob Appelbaum
Data:  
Para: intrigeri
CC: Sukhbir Singh, The Tails public development discussion list
Asunto: Re: [Tails-dev] TorBirdy: first impressions
intrigeri:
> Hi,
>
>> Jacob Appelbaum wrote (22 Jun 2012 01:00:01 GMT) :
>>> What do we need to fix or do for you to ship TorBirdy?
>
> We need a way to configure TorBirdy so that it does *not* disable the
> account creation wizard -- currently fails with "TorBirdy has disabled
> Thunderbird's auto-configuration wizard to protect your anonymity."
> Is it possible to a preference setting to do so?


We'd gladly accept a patch to handle this case - one problem is that the
auto-configuration wizard is simply dangerous. It may use insecure
protocols, even if it doesn't directly cause leaking, it is isn't safe
to use on the internet, I think.

>
> Rationale: our patchset "secure" account creation patchset should take
> care of most, if not all, of the issues highlighted in Tagnaq's paper.
>


Did you merge our patches to ensure the date/time stamp issues are taken
care of, amongst other issues?

> In case someone wants to review / test / have a look,
> here's the code:
>
>   repo:    git://labs.riseup.net/tails_icedove.git
>   branch:  tails/master-10.x
>   patches: debian/patches/tails/*

>


Could you describe how it solves the issues we faced? I don't have
access to this git repo at the moment. If for example such patches
allowed for the use of Tor safely and prevented insecure protocols from
being used, I'm in favor of enabling the wizard. However, I find it
concerning to enable the wizard if the result is an accidental leak or
the use of an insecure protocol...

All the best,
Jake