add a security feature to randomize the fetch schedule
Bug #1924622 reported by
Bill Yikes
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
fetchmail (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Suppose you have ~6-12 accounts all fetched over Tor. If they all fetch at the same time, the accounts could easily be correlated together -- which is particularly problematic if you hold multiple accounts at the same provider. And even if you only have one account, having a fixed delay between fetches is also compromizing.
The "interval" option doesn't cut it because the first fetch still hits all servers at once and the schedule is still predictable. I therefore propose expanding the "interval" parameter to fetch at random times if a range is given. E.g. "interval 5.3-25" means fetch as early as 5.3 min & no later than 25 min since the last fetch, randomized after each fetch.
To post a comment you must log in.
Hi Bill,
Thanks for taking out time to report the bug and help make Ubuntu server better.
We appreciate the suggestions of new features but I am afraid that we work on the packaging of upstream source[1] for Ubuntu.
Such new feature requests and suggestions are worth reporting upstream and once they're added upstream, we can pick it from there in the packaging we provide. So if it's not too much to ask, do you think you can rather report this upstream[1] instead and have their opinion on this?
[1]: https:/ /gitlab. com/fetchmail/ fetchmail
Since this isn't a bug or something Ubuntu-specific but a feature request from the upstream, I am marking this as "Invalid", but should you feel differently, please let us know and we can work something out.
Thanks, again.