Leak control!

Thunderbird work is all about leaks these days, of various kinds:

  • A study at CMU to test an extension that suggests people you might have forgotten to include in an email, and whether you might be leaking something to people you didn’t intend to include (via Shawn Wilsher),
  • A related post I’ve been meaning to refer to for a while from David Teller about adding MLS (multi-level security) to Thunderbird.
  • Only linguistically related work from Mark Banner on adding metrics to detect memory leaks in the Mail/News code that Thunderbird relies on.


  1. MLS is for military, where incentives are somewhat more fierce. For the rest of us, it is in general too expensive to use, because it creates a drag on communication, interoperation, sharing, etc. Even if the technical implementation is perfect (never happens!) the result is too slow for people to work with. It’s far better to accept the risk of an occasional leak than place a drag on all communications!


  2. @lang: Actually, our approach is not to prevent any MLS-breaking communication (which is not possible anyway, unless we can plant TPM chips in people’s brains) but only to issue warnings whenever a communication violates the MLS.

    We’re waiting for feedback to know if this is convenient enough.

    In addition, this extension is actually part of a work related to our DoD. So, yes, they do need MLS.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s