Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

secdir: document privacy/security considerations for third-party push #275

Closed
brong opened this issue Jan 5, 2019 · 0 comments
Closed

secdir: document privacy/security considerations for third-party push #275

brong opened this issue Jan 5, 2019 · 0 comments
Assignees
@neilj
Labels
Core

Comments

@brong
Copy link
Member

brong commented Jan 5, 2019

There was a good discussion in the secdir review about the privacy issue present in third party push that we need to document. The key part is this:

This document also has quite a lot of privacy concerns which are not
addressed by it. For example email delivery and event notifications can
leak lots of information even to passive attackers. I.e., if someone
can see that wikileaks smtp server sends email to corporate smtp
server, but the smtp traffic is encrypted so they do not know the
recipient of the email, but then few seconds later see push event
notification stream going to the Joe's laptop indicating something has
happened in his mail box, they can find out the who the recipient was.
@brong brong added the Core label Jan 5, 2019
@neilj neilj closed this as completed in a507436 Jan 8, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@neilj neilj

Labels
Core
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brong @neilj