[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Towards a Torbutton for Thunderbird (torbutton-birdy)

Jacob Appelbaum wrote:
> Hi,
> A few Tor hackers (Sukhbir, tagnar, myself, etc) are working on a plugin
> for Thunderbird that attempts to Torify it properly. The codename for
> now is 'torbutton-birdy' and it is based largely on the seminal
> analysis[-1] by tagnaq. Two core goals in addition to Torification is
> the integration with MixGUI[0] and of course Enigmail[1].

Nice. I didn't even realise that MixMinion was still a going concern.

> At the moment the code is entirely un-reviewed and is not ready for real
> use. If you'd like to test it, we'd very much appreciate it. We have not
> uploaded the extension to Mozilla's addon site - I'm not sure we'll ever
> do that as a result of data retention issues and other stuff.

Some very early feedback ...

DNS and other connections leak during account creation (when Thunderbird
is trying to work out how to connect), but after that I can receive
(IMAP w/STARTTLS, IMAPS) and send (Submission w/STARTTLS, SMTPS) without
seeing any leaks, including no DNS leaks. I can also see the connections
showing up in the Vidalia Network Map.

When sending via IMAP (even when using STARTTLS) there is a pop up to
notify you that you're sending in the clear, and the warning goes away
when you switch to IMAPS. No such warning appears when using Submission
w/STARTTLS. (Or when using SMTPS, as expected.)

This was all performed using a clean Thunderbird 12.0.1 profile, no
other addons, 64-bit Debian 6.0.4, Tor Browser 2.2.35-11 with a static
SOCKS port.
tor-talk mailing list