search

gjedeer / paranoia

Paranoia add-on for Thunderbird. See who is reading your emails.
GNU General Public License v2.0
34 stars 9 forks source link

False positives #24

Closed gjedeer closed 4 years ago

gjedeer commented 5 years ago

https://addons.thunderbird.net/en-US/thunderbird/addon/paranoia/reviews/1156471/

Sorry, but this plugins seems to guess TLS connections to be active.
I checked my actual/ old emails with faces (which are hard to differentiate) and their popup information and many emails without TLS notification in headers between mail servers were still marked as "Perfect - no known email providers and encryption between all hops" ???
Like this not too old email where you can yourself also subscribe/verify this behavior:

Received: from mail7.atl51.rsgsv.net ([205.201.135.7]) by mx-ha.gmx.net
(mxgmx011 [212.227.15.9]) with ESMTP (Nemesis) id 0LzGiX-1ffutS1fov-014QEI
for <...@gmx.de>; Wed, 10 Oct 2018 21:14:15 +0200
Received: from mail7.atl51.rsgsv.net ([205.201.135.7]) by mx-ha.gmx.net
(mxgmx011 [212.227.15.9]) with ESMTP (Nemesis) id 0LzGiX-1ffutS1fov-014QEI
for <...@gmx.de>; Wed, 10 Oct 2018 21:14:15 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=k1; d=divx.com;
h=Subject:From:Reply-To:To:Date:Message-ID:List-ID:List-Unsubscribe:
Content-Type:MIME-Version; i=feedback@divx.com;
bh=hKFncKmjznI7eWjYuebk14QtFUlkgSq0GCHGsM0zGWo=;
b=vr0HxyIJQVxudic78n62DFvEHXSnDXTtCKKYj8/EnmybQU5DhkVSqAh6hFiYL41LBM3LyRM219E1
4DrO4kVNxGqThmurSW1dmNvbW2rCMRMJm38l/rVeyfrHAuyD2pteJfeihRsmi0U9cfSFQYaubAQT
g2hcJZGQOMPq2HeYEEI=
Received: from (127.0.0.1) by mail7.atl51.rsgsv.net id hnp7oe2ddl4t for <...@gmx.de>; Wed, 10 Oct 2018 17:08:37 +0000 (envelope-from <bounce-mc.us18_93722225.221041-...=gmx.de@mail7.atl51.rsgsv.net>)
Subject: =?utf-8?Q?Thank=20you=20=2D=2D=20get=2025%=20off=20DivX=20Pro=21=C2=A0?=
From: =?utf-8?Q?DivX=20News?= <feedback@divx.com>
Reply-To: =?utf-8?Q?DivX=20News?= <feedback@divx.com>

=> ESMTP usage isn't ESMTPS (or some TLS written headers)
=> DKIM signature is no encryption - only origin proove !
Reiner030 commented 5 years ago

Sorry forgot to write it initially: I am running latest Thunderbird: 60.4.0 with latest Windows 10 version

sdellenb commented 5 years ago

To test #26 on TB 68.1.1 (macOS Mojave), I pulled out some really old mails, and they get recognized as "Perfect":

Received: (qmail 2558 invoked by uid 65534); 20 Aug 2003 15:08:14 -0000
Received: from mail4.bluewin.ch (EHLO mail4.bluewin.ch) (195.186.4.74)
  by mx0.gmx.net (mx021-rz3) with SMTP; 20 Aug 2003 17:08:14 +0200
Received: from [213.3.238.190] (213.3.238.190) by mail4.bluewin.ch (Bluewin AG 7.0.019)
        id 3F2FA29000181F45 for <address_redacted>; Wed, 20 Aug 2003 15:08:14 +0000
sdellenb commented 5 years ago

I think I found the problem:

https://github.com/gjedeer/paranoia/blob/5e6330d93ce804ec8988ac1506f287283a3f8c25/content/overlay.js#L109

None of the additional strings are found in the header and -1 is truthy.

if ('blablabla'.indexOf('test')) { console.log('what') }
what

PR is up: https://github.com/gjedeer/paranoia/pull/27

gjedeer commented 5 years ago

huh, javascript is full of magic (and, apparently, I haven't read the documentation). I decided to release it without your PR, let's just make 0.3.1 when it's resolved.