[kdepim-users] Tips for a PARANOIC KMail MOD ?

Ingo Klöcker kloecker at kde.org
Mon Jun 2 22:02:24 BST 2008 

On Monday 02 June 2008, macintoshzoom wrote:
> Hi,
>
> Could you guys give me your tips & tricks to configure an ultra
> secure KMail for top privacy/anonymous speech?:

Start by loading the "Most Secure" profile in the configuration dialog.


> The enemy: Eavesdroppers, spyers, content alteration attacks,
> spoofers, virus/spyware/Trojans/keyloggers/rootkits infectors,
> wireless bandwith stealers, spammers, id/data/bankdata/ stealers,
> criminals, (bad-boys) hackers, fascist government (most) and
> organizations (lots) a-la Ku Klux Klan clan ... etc.
>
> The mission: Protect Humanity from attacks against their dignity and
> their free/anonymous speech, to speak, to listen, to learn, to
> communicate, to think, to vote, to opine, in an uncensored way: A key
> feature for a (hopely) in-progress civilization. Some of my current
> KMail (and similarly for Thunderbird or Sylpheed) testing tweaks:
>
> - Remove any User_agent header, by adding a custom User-Agent header
> =   (empty)
> - Socksifying it via the tor (tor.eff.org) socks anonymizer network
> using the local tor server and dsocks (socksify tool) on OpenBSD
> (dsocks-torify.sh kmail).
> - Environment proxy settings (.profile)
> HTTP_PROXY="http://127.0.0.1:8118/" and
> HTTPS_PROXY="http://127.0.0.1:8118/", that is a privoxy (.org) http
> proxy & cleaner (with custom extra severe tweaks) that redirects to
> the local tor socks server proxy. (dns requests are passed via tcp
> via the tor network)
> - Use Kgpg (gnupg) sign & encryption per default, adding a note to
> all sent emails promoting gnupg e-mailing use (to-do offering a
> simple and complete quick how-to link).
>
> Some interesting to-dos:
> - Mixminion to send: Setting an option (via a custom toolbar-button
> or so) to optionally sent the email via a local mixminion (+via the
> tor network) (mixminion.net) medium latency remailer system network
> for ultra secure-private e-mailing. The incognito
> (http://incognito.anonymityanywhere.com) livecd/liveusb has already
> setup this and is a very good job on this subject, I am learning from
> it a lot.
> - MIxminion to receive: The reply-block system permits an mixminion
> anonymous inbox, dont know how yet and even less how to integrate it
> in a transparent (one-button) option on Kmail.

More to-dos:
- Open all attachments in a jail to prevent infiltration of the system 
via exploitable security leaks in the applications used for viewing the 
attachment.
- Disable the creation of the Message-Id. (Probably not really necessary 
if an anonymous remailer is used.)


> If KMail inherits some settings from Konqueror (???), I have set-up
> this for KDE "paranoic" browsing:
>
> - No cache, no cookies, no java, no javascript, no plugins, env proxy
> as said before, no send-identification, SendReferrer=false,
> SendUserAgent=false, proxying all via privoxy and tor. (Enabling only
> some of these per site-specific domain if in need of better browsing
> for trusted (?) sites). As most of you know, if you enable all this
> you got a
>
> I don't know where and how KMail handles cookies, java, javascript,
> plugins, referrer, cache,  external images-links, etc, but I think
> its setup as default is for secure e-mailing (???).

As long as you read messages as plain text none of the above is a 
problem.

Even if you read messages as HTML all active content (JavaScript, any 
plugins) is explicitly disabled (and cannot be enabled). Loading of 
external references can be enabled globally or for selected messages. 
If loading of external references is enabled then khtml will probably 
cache the data and send some information to the servers. I have never 
checked whether the khtml used by KMail honors the setting made for 
Konqueror.

Anyway, if you are really concerned about those problems then you should 
never ever load external references.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kdepim-users/attachments/20080602/b6698f12/attachment.sig>
-------------- next part --------------
_______________________________________________
KDE PIM users mailing list
kdepim-users at kde.org
https://mail.kde.org/mailman/listinfo/kdepim-users

More information about the kdepim-users mailing list