Re: [Tails-dev] Thoughts on reading mail

Supprimer ce message

Répondre à ce message
Auteur: intrigeri
Date:  
À: The Tails public development discussion list
Sujet: Re: [Tails-dev] Thoughts on reading mail
Hi,

William Waites wrote (10 Jun 2014 08:34:32 GMT) :
> Might it be useful to also include fetchmail and procmail?


To be honest, if the "Additional software packages" persistence
feature
(https://tails.boum.org/doc/first_steps/persistence/configure/#index13h2)
had been available back in the years, I doubt we would ever have
included Mutt. And I don't think we should include more such software
by default: it duplicates GUI software we ship too, support, care
about and document. More software means more maintenance work,
a potentially larger attack surface, and more anonymity/privacy
concerns to take care of. E.g. AFAIK nobody has ever made sure that
the default Mutt configuration in Tails was up to our standards.

IMO, we should drop Mutt at some point. But feel free to add it to
your live-additional-software.conf file :)

> With the default Claws MUA, mails get a header like this:


>     X-Mailer: Claws Mail 3.7.6 (GTK+ 2.20.1; i486-pc-linux-gnu)


> This is specific enough, and unusual enough that it is reasonably
> likely that someone sending mail with a header like this is using
> Tails. Is this kind of fingerprinting a concern?


Thanks for your input!

Indeed, we have not taken care of MUA fingerprinting concerns yet.
It may also be that if we go into this rabbit hole, we have to do
waaay more than changing the content of the X-Mailer field, or
dropping it altogether.

Given we plan to move to Icedove (Debian's rebranded Thunderbird) as
soon as possible, I'm not sure it's worth putting time into this for
Claws Mails *now*. Icedove will be shipped with Torbirdy, that is
meant to address as many such concerns as possible.

If interested, then I encourage you to look into Torbirdy, and ensure
that it does a good enough job in this area: this will help us migrate
ASAP, and provide a better email user story :)

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc