Re: [Tails-testers] 2.0~rc1

Üzenet törlése

Válasz az üzenetre
Szerző: u
Dátum:  
Címzett: tails-icedove, Tails list for early testers
CC: exit-1
Tárgy: Re: [Tails-testers] 2.0~rc1
Hi,

thanks anonym for your insight :)

anonym:
> sajolida:
>> > exit-1:
>>> >> On 2016-01-15 10:40, sajolida wrote:
>>>> >>> exit-1:
>>>> >>> But we'd be happy to see if we can maybe solve the reasons that
>>>> >>> prevented you from switching to Icedove.
>>> >>
>>> >> Here's a few of the main reasons Icedove is not for me at the moment:
>>> >>
>>> >> * 'Fetch headers only' doesn't work - blank download means retrieving
>>> >> the message from the server
>> >
>> > I see a "Fetch headers only" advertised in Account Settings → Server
>> > Settings. If it doesn't fetch the headers only then maybe this is a bug
>> > and would be worth investigating, reporting, and fixing. What exactly
>> > happens when this option is selected? I'm not sure to understand what
>> > you mean by "blank download".
> Hypothesis: it could also be a security feature implemented by TorBirdy.


> With the fetch headers option enabled I'm quite sure that selecting a
> message that you only have the header for will trigger a download of the
> full message. This is an info leak of your "usage pattern" to the mail
> server, e.g. they can guess how much time you spend on each message,
> which messages that are never read, how long you spend on dealing with
> email and so on. Batch downloading all messages at the same time
> mitigates this leak.


All I've found (just had a quick look to TB code) is that TB disables
auto fetching on startup and once you ask, all messages are fetched:
https://github.com/ioerror/torbirdy/blob/master/chrome/content/preferences.js
(line 367)

Seems like one can disable this, but it might indeed leak information.

>>> >> * There's no download message size limiter - good when data restrictions
>>> >> need considering
>> >
>> > In Account Settings → Disk Space I see an option "To save disk space, do
>> > not download messages larger than [ ] KB". Did you try this? Does it do
>> > something else than what you expect?
> Not that this option (and probably also some similar option about not


I think anonym wanted to say "Note that this option" etc.

> downloading attachments) will leak similar info as above since the mail
> server then can see when you download these messages manually.


Ack. This is also an option which can be modified by the user from what
I can see, but did not try it yet.

Cheers!
u.