Re: [tor-talk] Towards a Torbutton for Thunderbird (torbutton-birdy)

[Jacob Appelbaum <jacob@xxxxxxxxxxxxx>]

On 05/06/2012 03:52 AM, Mix+TB Test wrote:
> Jacob Appelbaum wrote:
>> Hi,
>>
>> A few Tor hackers (Sukhbir, tagnar, myself, etc) are working on a plugin
>> for Thunderbird that attempts to Torify it properly. The codename for
>> now is 'torbutton-birdy' and it is based largely on the seminal
>> analysis[-1] by tagnaq. Two core goals in addition to Torification is
>> the integration with MixGUI[0] and of course Enigmail[1].
> 
> Nice. I didn't even realise that MixMinion was still a going concern.

I think it's clear that we need MixMinion for the near future and well,
the present for everyday of people. :(

> 
>> At the moment the code is entirely un-reviewed and is not ready for real
>> use. If you'd like to test it, we'd very much appreciate it. We have not
>> uploaded the extension to Mozilla's addon site - I'm not sure we'll ever
>> do that as a result of data retention issues and other stuff.
> 
> Some very early feedback ...
> 
> DNS and other connections leak during account creation (when Thunderbird
> is trying to work out how to connect), but after that I can receive
> (IMAP w/STARTTLS, IMAPS) and send (Submission w/STARTTLS, SMTPS) without
> seeing any leaks, including no DNS leaks. I can also see the connections
> showing up in the Vidalia Network Map.
> 

These issues should be listed in the TODO file - I'm sorry to say that
Thunderbird and the Mozilla team seems to refuse to Do The Right Thing
with the account setup wizard. The bugs on this topic are a depressing
read - it's not really possible to override this and fail closed - which
seems like an unreasonable stance...

> When sending via IMAP (even when using STARTTLS) there is a pop up to
> notify you that you're sending in the clear, and the warning goes away
> when you switch to IMAPS. No such warning appears when using Submission
> w/STARTTLS. (Or when using SMTPS, as expected.)

That is to be expected, yes.

> 
> This was all performed using a clean Thunderbird 12.0.1 profile, no
> other addons, 64-bit Debian 6.0.4, Tor Browser 2.2.35-11 with a static
> SOCKS port.

Great. So as it stands, I found the following meta-data in your email
that may be harmful to your privacy:

Message-ID: <4FA5D959.4010902@xxxxxxxxxx>
Date: Sun, 06 May 2012 11:52:25 +1000

Your raw email is impressive in how many systems it seems to touch - it
routes over Tor through the Noisebridge exit, it traverses some ipv6
SMTP servers and so on. There's a lot of stuff in there - can you look
through it and tell me if any of it is harmful to your privacy other
than the two lines listed above?

All the best,
Jacob
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk