[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Email account correlation versus isolation

Within Workstation I have Icedove installed, and there I have several different email accounts with different pseudononymous identities that I don’t want linked to each other by any external third party.

My question is: Is it a bad idea to have them all configured in the same Icedove app, within the same Workstation, all checking for email at the same time? I know that they will all use the same Tor circuit simultaneously, and all contact the various email servers at once from the same tor exit node, but as I understand it, anyone watching the exit node traffic cannot know that all these requests also came from the exact same circuit and originating source, since lots of people could be connected to the same end exit node from different places. An observing party can’t see the whole circuit path, just the exit node traffic to the destination server, correct?

However I suppose it might be bad enough that all of the three or four email identities are seen to always check for messages at the same time together, always from the same exit node as a group, and after enough noticing of this pattern, it could be reasoned that the requests are all coming from the same place/user.

Or, does the stream isolation feature work such that each email server connection is routed through a different circuit even if the connections are all initiated simultaneously?

I have read the documentation here: https://www.whonix.org/wiki/Stream_Isolation

And I think it suggests that Whonix handles Icedove in this more intelligent/secure way, even though it isn’t pre-installed. I installed it along with Enigmail, but I had to uninstall Torbirdy because it completely prevented me from ever creating a new email account from within Icedove, every time I tried. Hopefully this configuration is safe enough.

Good day,

Like you’ve said, since all your accounts are managed with one software, they all go through the same Tor circuit and exit node. This is NOT handled in any special manner for icedove and creates the following problem, as is explained on the stream isolation site you’ve linked:

Even though you would still be anonymous, i.e. the Tor exit relay would still not know your real IP/location, they can easily correlate those activities issued by different applications to the same pseudonym.

Now, the site, at least as far as I can tell this, suggests nowhere, that icedove would use a different socksport for every account. So, like said before, this creates the afro-mentioned problems.

Have a nice day,

Ego

If you are using TorBirdy (which has native Whonix support), this will result in using:

See the Tor manual on IsolateDestAddr and IsolateDestPort.

My question is: Is it a bad idea to have them all configured in the same Icedove app, within the same Workstation, all checking for email at the same time?
I think so. Just imagine always the same "4 persons" showed up in a chat room at the same time! (Not the best comparison, but you get the idea.)
I know that they will all use the same Tor circuit simultaneously,
Perhaps (if the e-mail servers are using different IP address, which is quite likely) not, because of IsolateDestAddr, but I would not rely on this in this case. The server (farm) that hosts the mail servers could still be under control of the same person.
Or, does the stream isolation feature work such that each email server connection is routed through a different circuit even if the connections are all initiated simultaneously?
Only talking about stream isolation (independent from e-mail clients): Not necessarily.
And I *think* it suggests that Whonix handles Icedove in this more intelligent/secure way, even though it isn't pre-installed.
Only if you use TorBirdy, which has native Whonix support. "more intelligent/secure" only in the sense, that it applies stream isolation. So at the very least Icedove traffic isn't mixed with let's say Tor Browser traffic.
I installed it along with Enigmail, but I had to uninstall Torbirdy because it completely prevented me from ever creating a new email account from within Icedove, every time I tried. Hopefully this configuration is safe enough.
Two options: - a) easy: use TorBirdy (recommended) - b) hard: become expert on what TorBirdy is actually doing and see if you care about this. Depending on the outcome decide if you want to use it or not.

[hr]

In short: if you care a lot about these identifies being isolated, use multiple Whonix-Workstations and don’t fetch them at the same time.

[quote=“Patrick, post:3, topic:1574”]Two options:

  • a) easy: use TorBirdy (recommended)
  • b) hard: become expert on what TorBirdy is actually doing and see if you care about this. Depending on the outcome decide if you want to use it or not.[/quote]

I’ll have to give it another shot. When I last tried torbirdy, it not only prevented the creation of new accounts through Icedove completely, but also crashed consistently upon launching its own manual account creation wizard, thus keeping me from creating any new accounts in any way whatsoever. That’s why I had to uninstall it to move forward. I’ll try it again, though. Maybe an update has fixed the problem.

This was my original plan, but upon trying to run multiple Workstations I discovered that my system has insufficient RAM to do so effectively. I had to assign extremely small amounts of memory to the second instance (512MB or even less) or it wouldn’t even start through virt-manager. Maybe when I get a newer computer I’ll re-attempt this, but for now I have to depend on single-workstation solutions like torbirdy/stream-isolation etc.

In that case, I’d go for multiple icedove data profiles (Thunderbird profile manager) or even folders (–profile switch or so).

Multiple email accounts with the same provider are not stream isolated if connecting to the same server. (Verified with onioncircuits.)

Fixing this requires socksAuth implementation in TorBirdy, as @Patrick noted 4 years ago: https://trac.torproject.org/projects/tor/ticket/6359. The Thunderbird blocker is supposedly resolved but it looks like the TorBirdy issue hasn’t found a new owner yet.

Multiple email accounts with different providers are stream isolated provided that connections are made to different email servers because of IsolateDestAddr.

Using multiple email accounts with the same provider is tricky even if stream isolated for the non-technical reasons noted earlier in the thread: correlated logins, shared contact lists, stylometry, etc.

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]