[tor-talk] "If you have access to certain tools, you can completely ignore Tor."

tor at lists.grepular.com tor at lists.grepular.com
Tue Dec 20 12:01:39 UTC 2011


On 20/12/11 04:44, Andrew Lewman wrote:

> This also requires the user not being very sophisticated. If you load
> up html emails full of web-bugs, javascript, and your normal browser
> pointed at Tor, then I believe most of what 'SR' says is correct. I
> don't believe this is true for Tor Browser users, but I welcome
> research and proof otherwise.  Also, we'll fix any leaks found.

FWIW, I built a web app a while ago which sends out an HTML email to you
full of different types of web bugs to try and test if your email client
is loading remote content when it shouldn't be. It found bugs in
Thunderbird, Outlook, Androids standard mail client, K-9, Apple Mail,
the iOS email client, Roundcube and several other webmail
implementations. If you want to try it out, it can be accessed here:

https://grepular.com/email_privacy_tester

And I originally wrote a about it here:

https://grepular.com/Automated_Email_Privacy_Tester

-- 
Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20111220/8af0b824/attachment.pgp>


More information about the tor-talk mailing list