[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy

Subject: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 08 Feb 2014 01:12:50 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 07 Feb 2014 20:12:41 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#10836: Enable mail account autoconfig dialog in TorBirdy
-------------------------+---------------------
 Reporter:  ben          |          Owner:  ben
     Type:  enhancement  |         Status:  new
 Priority:  normal       |      Milestone:
Component:  TorBirdy     |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+---------------------
 Currently, TorBirdy entirely blocks the mail account autoconfig dialog in
 Thunderbird. It requires the user to manually configure the mail account
 servers.

 -----

 This is suboptimal, because the declared goal of TorBirdy is to reach
 common users (not geeks), and common users have massive problems with this
 configuration. This is why they use webmail, and why we write this dialog
 to help them with Thunderbird - they simply *can't* do it alone.

 Furthermore, if they try to find the settings themselves on the web, they
 * expose themselves to similar or worse phishing attempts (if you can
 serve a bad config XML file, you can serve a bad HTML documentation page)
 * more importantly, the mail configs published by the ISPs are often
 without encryption.

 With the ISPDB, I took great care to find and use the best config that an
 ISP offers, esp. SSL and encrypted passwords, even if that config is
 undocumented and not officially supported. In a way, you could compare the
 ISPDB with HTTPS Everywhere, because it performs a similar function (use
 SSL where possible, even if not advertized by site) and even similar means
 (HTTPS Everywhere communicates with some central servers, just like the
 Mozilla ISPDB).

 Thus, I think disabling the autoconfig dialog does users a dis-service not
 only in convenience and usability (in the literal sense of the word), but
 more importantly in security, because we know about SSL configs that users
 might not know or find.

 -----

 The reason why the autoconfig dialog was disabled were some HTTP (without
 SSL) calls and direct socket calls.
 Thus, in Mozilla bug 669282 [1], I attached a patch to disable them. I
 wrote this patch specifically for TorBirdy.
 [1] https://bugzilla.mozilla.org/show_bug.cgi?id=669282

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10836>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #10834 [BridgeDB]: Configurable reCAPTCHA remoteip
Next by Author: Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
Previous by thread: Re: [tor-bugs] #10737 [BridgeDB]: POST arguments to bridges.torproject.org are dropped if entering a CAPTCHA fails
Next by thread: Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
Index(es):
- Author
- Thread