[tor-dev] Torbirdy - IMAP issue
arkmd
arkmd at mailtor.net
Fri Dec 6 04:01:18 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Accessing an email server via IMAP may leak data by saving a draft on
the remote server.
Using Thunderbird+Enigmail+Torbirdy.
While writing a message on Thunderbird, it is automatically saved as a
draft, which by default is sent to the IMAP server. So the server will
be able to read that message.
That's a big problem when the message should be encrypted before sent.
So the email provider will be able to read sensitive data on those
drafts in cleartext and the user probably won't notice.
To solve this the user need to manually set the account drafts
settings (in Copies & Folders) to keep drafts on Local Folders.
I think Torbirdy should do it by default.
This info should be added to known issues on Torbirdy wiki.
I know Torbirdy developers recommend POP over IMAP, but as a
mailtor.net user I don't have any other option.
- --
arkmd
DeepBlog | A verdade nua crua e distorcida
http://xzzpowtjlobho6kd.onion/
OpenPGP Public Key:
http://xzzpowtjlobho6kd.onion/arkmd.asc
4096R: 0461 DF2C B6B7 6059 7529 77E0 04CD FE83 766B 8DA6
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJSoUwEAAoJEATN/oN2a42mW/AQAI7IITFPTZEe4X2UBNS3kovK
UHJIe9j/K9FA63ubGxu8TotdkIK5TvnkPP/DGDg6NrnILIx/KeK6XAWTDhv6vfgY
hIBA+v+9mjAW64fQ31tTSXEVKUofKUyazN984QnVcb/Qyj297GujgrI0vdDFU0c9
KIS7z15Lk3QRx+Qtb+VboXH3ES59oRPuutTSQ+z0RyLToMmFs41BDei01WtLfy/i
aLcIYTWUZb+yVmspkOuOKAe9enlGNTXeFGaR6uspA8ImedsCUYq5iySBhm5CVs0B
0sF6Mq18rXTVDF4jwoNLYqkgyANSI9IzgDbxlzgBaJwJjnN9OAeF8vJI+qkZUElS
56pVIzayyEMJXhvsqotuBYH+X+aRt2+Hw2prIxuUcRDFP3iOrupElARpqvDqYa4U
IrQ/8lUl5jEnPNNJFklBwTjzHOVtxmCymEDh+zSXlIzL4WQJwYPDj1+uqwOenwO4
FCy1ADFXyMDQso3bXwPqD3VSGdYGqmMc+34vIVA28vTSFYyxiBwjHZLF16Us+uD/
sMbMGEOg+za8MSrgLVwcBAkbRG14fE50litW+bnSWl3QltGOt0rV9INKLKSGvEy4
DMCL2mc9aU9Rago1j/FJlXAOCctuFlTOS9MkCzF+iSJIoa3IxwUmnrvWwOuEuFxa
zrSdjkyzMJKgnd+b+Vm4
=oF2B
-----END PGP SIGNATURE-----
More information about the tor-dev
mailing list