#20861 closed defect (not a bug)

X-Mozilla-Keys (offline messages) in forwarded message (as an attachment)

Reported by: cypherpunks Owned by: sukhbir
Priority: Medium Milestone:
Component: Applications/TorBirdy Version:
Severity: Normal Keywords: TorBirdy 0.2.1
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When Thunderbird (TorBirdy 0.2.1) downloads and saves an email locally it at adds X-Mozilla-Keys, if the user forwards those email as an attachment the X-Mozilla-Keys are still in the email (resp *.eml-file) (what makes perfectly sense for signed emails)

excerpt from the received email's source code:

--------------
Content-Type: message/rfc822;
 name="test.eml"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="test.eml"

X-Mozilla-Keys:            
To: 

And thereby it leaks the users email agent.

Child Tickets

Change History (2)

comment:1 Changed 13 months ago by sukhbir

Interesting, thanks for reporting. We don't try (we can't) to pretend that TorBirdy was used, since that is trivial to find out from the header itself using the exit node information, and also possibly from the message-ID header.

What we do prevent is leaking specific user agent information, such as the Thunderbird version. So I am not fully convinced if we should fix this. What do you think?

Last edited 13 months ago by sukhbir (previous) (diff)

comment:2 Changed 12 months ago by cypherpunks

Resolution: not a bug
Status: newclosed

After reading the design goals document [1], I agree it's outside the scope of torbirdy to disguise the MUA (esp. because by having [127.0.0.1] followed by a Tor exit relay IP-address in the first received-from-field (what at least some email provide remove) and/or the message-ID header)

One might argue that revealing the used MUA is already
a risk because it makes targeted attacks easier. This is a
valid point. We do not actively reveal our MUA and the
proposed changes reduce the identifying information con-
siderably, but this does not stop an attacker from detecting
Thunderbird, because Thunderbird most likely has a unique
MUA fingerprint in terms of supported protocol and header
features.
[1]

the issue with the X-Mozilla-Keys is addressed, too.

Thunderbird uses non-standardized header fields for inter-
nal and local use. These header fields normally do not ap-
pear in outgoing mails. In earlier versions of Thunderbird
(2.x) these header fields were disclosed when forwarding
mails. Since Thunderbird has changed its forwarding mode
of emails to inline this is no longer an issue.
[1]
(even so the option still exists in the context menu or by-left clicking on an e-mail)

[1] Towards a Tor-safe Mozilla Thunderbird, https://trac.torproject.org/projects/tor/attachment/wiki/doc/TorifyHOWTO/EMail/Thunderbird/Thunderbird%2BTor.pdf

Note: See TracTickets for help on using tickets.