Re: [Tails-testers] 2.0~rc1

Poista viesti

Vastaa
Lähettäjä: u
Päiväys:  
Vastaanottaja: tails-testers, exit-1, tails-icedove
Aihe: Re: [Tails-testers] 2.0~rc1
Hi,

> On Tue, 19 Jan 2016 17:08:31 +0000 u <u@???> wrote:
>
>> Hi,
>>
>> thanks anonym for your insight :)
>>
>> anonym:
>>> sajolida:
>>>>> exit-1:
>>>>>>> On 2016-01-15 10:40, sajolida wrote:
>>>>>>>>> exit-1: But we'd be happy to see if we can maybe
>>>>>>>>> solve the reasons that prevented you from switching
>>>>>>>>> to Icedove.
>>>>>>>
>>>>>>> Here's a few of the main reasons Icedove is not for me at
>>>>>>> the moment:
>>>>>>>
>>>>>>> * 'Fetch headers only' doesn't work - blank download
>>>>>>> means retrieving the message from the server
>>>>>
>>>>> I see a "Fetch headers only" advertised in Account Settings
>>>>> → Server Settings. If it doesn't fetch the headers only then
>>>>> maybe this is a bug and would be worth investigating,
>>>>> reporting, and fixing. What exactly happens when this option
>>>>> is selected? I'm not sure to understand what you mean by
>>>>> "blank download".
>>> Hypothesis: it could also be a security feature implemented by
>>> TorBirdy.
>>
>>> With the fetch headers option enabled I'm quite sure that
>>> selecting a message that you only have the header for will
>>> trigger a download of the full message. This is an info leak of
>>> your "usage pattern" to the mail server, e.g. they can guess how
>>> much time you spend on each message, which messages that are
>>> never read, how long you spend on dealing with email and so on.
>>> Batch downloading all messages at the same time mitigates this
>>> leak.
>>
>> All I've found (just had a quick look to TB code) is that TB
>> disables auto fetching on startup and once you ask, all messages
>> are fetched:
>> https://github.com/ioerror/torbirdy/blob/master/chrome/content/preferences.js
>>
>>

(line 367)
>>
>> Seems like one can disable this, but it might indeed leak
>> information.
>>
>>>>>>> * There's no download message size limiter - good when
>>>>>>> data restrictions need considering
>>>>>
>>>>> In Account Settings → Disk Space I see an option "To save
>>>>> disk space, do not download messages larger than [ ] KB".
>>>>> Did you try this? Does it do something else than what you
>>>>> expect?
>>> Not that this option (and probably also some similar option
>>> about not
>>
>> I think anonym wanted to say "Note that this option" etc.
>>
>>> downloading attachments) will leak similar info as above since
>>> the mail server then can see when you download these messages
>>> manually.
>>
>> Ack. This is also an option which can be modified by the user from
>> what I can see, but did not try it yet.
>>
>> Cheers! u.
>
> Hello all Sorry I haven't had time to follow up since the weekend.
> Sajolida's point about 'Disk space' is right, and that also fixes my
> need to 'Fetch headers only'. So thanks, Icedove may still become a
> worthy client for me. Also looking at Mutt (on Debian) though. --


Great that this might help you solve the issues you raised.

Cheers!