[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Towards a Torbutton for Thunderbird (torbutton-birdy)
On 05/07/2012 11:33 AM, anonym wrote:
> 05/06/2012 03:57 PM, Jacob Appelbaum:
>>> A few Tor hackers (Sukhbir, tagnar, myself, etc) are working on a
>>> plugin for Thunderbird that attempts to Torify it properly. The
>>> codename for now is 'torbutton-birdy' and it is based largely on
>>> the seminal analysis[-1] by tagnaq. Two core goals in addition to
>>> Torification is the integration with MixGUI and of course
> This sounds awesome! In Tails we have had plans to move to
> Thunderbird/Icedove  for some time and this seems like a must have.
>  https://tails.boum.org/todo/Return_of_Icedove__63__/
Great - I agree. It would basically be installed and then any account in
use will be configured to go over Tor by default.
>>> DNS and other connections leak during account creation (when
>>>> is trying to work out how to connect), but after that I can
>>>> receive (IMAP w/STARTTLS, IMAPS) and send (Submission
>>>> w/STARTTLS, SMTPS) without seeing any leaks, including no DNS
>>>> leaks. I can also see the connections showing up in the Vidalia
>>>> Network Map.
>> These issues should be listed in the TODO file - I'm sorry to say
>> that Thunderbird and the Mozilla team seems to refuse to Do The
>> Right Thing with the account setup wizard. The bugs on this topic are
>> a depressing read - it's not really possible to override this and
>> fail closed - which seems like an unreasonable stance...
> In January I worked a bit on securing Thunderbird's autoconfiguration
> wizard to make it suitable for Tails. What I did was the following:
> * When probing a mail provider for an xml config, first try HTTPS,
> then http (old behaviour: http only).
> * When using a fetched xml config, prefer using TLS/SSL over plaintext
> (old behaviour: use whatever is defined first in the xml file).
> * Introduce a boolean pref called `mailnews.auto_config_ssl_only`
> (that has a checkbox in the autoconfiguration wizard) that does the
> following when true:
> - Only allow HTTPS when fetching xml configs from mail provider.
> - Only allow HTTPS when fetching xml configs from Mozilla's database
> (luckily the default URL is using HTTPS).
> - Don't check DNS MX records for mail configurations. (This may need
> some rethinking for DNSSEC.)
> - Only accept fetched xml configs that use safe email protocols
> (SSL/TLS for SMTP/IMAP/POP).
> - Only probe the mail server for safe email protocols (SSL/TLS for
> These changes are implemented in the `secure_account_creation` branch
> in a git repository that can be cloned as follow:
> git clone git://labs.riseup.net/tails_icedove.git
All of those need to go upstream, please. They do not belong in
Torbutton-birdy, they belong in TB proper, I think.
> (Since the repo is huge (and there's no gitweb AFAIK) I also attached
> the commits as git patches. This were written for Thunderbird 8, but I
> know they apply cleanly to TB 10 as well.)
Nothing attached here...
> Comments on the above described approach (and the implementation) are of
> course highly welcome.
> The idea is to at least try to get this merged upstream (if not in
> Mozilla, perhaps at least in Debian) in some form, otherwise we're
> gonna ship an Icedove built from sources with these changes applied in
Yes, I agree.
> It's unclear to me if you've done (or plan to do) some work on the
> autoconfig wizard in torbutton-birdy. I'd appreciate if you could
> elaborate on this.
We haven't touched it - please check out the TODO.
All the best,
tor-talk mailing list