[tor-talk] Towards a Tor-safe Mozilla Thunderbird

tagnaq tagnaq at gmail.com
Thu Sep 15 21:21:59 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

I uploaded a document [1] to the Tor wiki. It is about application-level
privacy leaks in Thunderbird including proposed solutions. It would be
great to get some review/feedback - especially on the proposed solutions.

btw: I won't be able to reply in a timely manner in the next few days.

[1] http://bit.ly/qDZm7C
SHA1:6c84e6a2147ff53d01f96d876ba23a47a5329c92

Since the document was written, proposal 171 (stream separation) was
implemented/released in 0.2.3.3 [2] and new Thunderbird version were
released (but didn't address the problems yet).

To mitigate a certain problem (bugzilla: 684035) described in section
4.1.4.I recommend every Thunderbird user to set the following
preferences to true:
network.protocol-handler.warn-external.http
network.protocol-handler.warn-external.https

Related bugzilla tickets:
- - https://bugzilla.mozilla.org/show_bug.cgi?id=664633
- - https://bugzilla.mozilla.org/show_bug.cgi?id=669238
- - https://bugzilla.mozilla.org/show_bug.cgi?id=684035


[2] https://trac.torproject.org/projects/tor/ticket/1865
https://lists.torproject.org/pipermail/tor-talk/2011-September/021229.html
-----BEGIN PGP SIGNATURE-----

iF4EAREKAAYFAk5ybHYACgkQyM26BSNOM7aN6wD8DjqiHBldD1BXR1Y7qD+jpcGU
LCsjCo7/+QY/aYfVczMA/3UGO6cmYobkKYQ1ZYfhaIYr5h5wzp8I9RFu+dHHYpAN
=E8+o
-----END PGP SIGNATURE-----


More information about the tor-talk mailing list