Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T10:24:49Zhttps://gitlab.torproject.org/legacy/trac/-/issues/31341TorBirdy does not support Thunderbird 682020-06-13T10:24:49ZTracTorBirdy does not support Thunderbird 68TorBirdy 0.2.6 could not be installed because it is not compatible with Thunderbird 68. I tested this with Thunderbird 68.0b5.
**Trac**:
**Username**: ozozozTorBirdy 0.2.6 could not be installed because it is not compatible with Thunderbird 68. I tested this with Thunderbird 68.0b5.
**Trac**:
**Username**: ozozozSukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/30982Torbirdy preset keyserver2020-06-13T09:46:36ZcypherpunksTorbirdy preset keyserverThe preset keyserver must be removed. Nowhere can keys be manipulated more easy than on a key server. Through the preset the contact to a distinct keyserver is mandatory, which leads to identification of Torbirdy users, see Fingerprint, ...The preset keyserver must be removed. Nowhere can keys be manipulated more easy than on a key server. Through the preset the contact to a distinct keyserver is mandatory, which leads to identification of Torbirdy users, see Fingerprint, #30981, and a single point of attack.Sukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/30981Torbrowser/Torbirdy insecure settings2020-06-13T09:46:35ZcypherpunksTorbrowser/Torbirdy insecure settingsDescribed for Torbirdy, applicable in the same way to Torbrowser.
security.OCSP.enabled must be 0, after program restart 1
Leak of used https-certificates, also leak of certificates used to check signatures of e-mails, thus history of u...Described for Torbirdy, applicable in the same way to Torbrowser.
security.OCSP.enabled must be 0, after program restart 1
Leak of used https-certificates, also leak of certificates used to check signatures of e-mails, thus history of used certificates (i.e. website, signatures, keys, if tied to a certificate).
furthermore leak of fingerprint (in case of Torbirdy, should be secured with Torbrowser)
Accept:
Accept-Language:
Accept-Encoding:
...Sukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/30980Torbirdy changes config settings to insecure values2020-06-13T09:46:35ZcypherpunksTorbirdy changes config settings to insecure valuesnetwork.http.sendRefererHeader should be 0, after progam restart 2
permissions.default.image should be 2, after program restart 3
network.cookie.cookieBehavior; should be 2, according to torbirdy restore setting (extensions.torbirdy.re...network.http.sendRefererHeader should be 0, after progam restart 2
permissions.default.image should be 2, after program restart 3
network.cookie.cookieBehavior; should be 2, according to torbirdy restore setting (extensions.torbirdy.restore.network.cookie.cookieBehavior;2), after program restart 1Sukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/302482 Bugs (possibly related) - Mozilla addon Search & Cardbook CardDav-server co...2020-06-13T09:30:58ZTrac2 Bugs (possibly related) - Mozilla addon Search & Cardbook CardDav-server connection issueWhen torbirdy is active and working, for the first time if you try and connect Cardbook to a carddav server - it fails with "validation failed"
If you disable torbirdy - the connection to a carddav server from Cardbook works perfectly an...When torbirdy is active and working, for the first time if you try and connect Cardbook to a carddav server - it fails with "validation failed"
If you disable torbirdy - the connection to a carddav server from Cardbook works perfectly and connects successfully.
Looking at the logs of Cardbook, i have filed a similar bug on Cardbook issue tracker.
Please see here: https://gitlab.com/CardBook/CardBook/issues/573
It seems as if there is a secure connection issue "Connection status : Failed : SecurityUnsupportedTLSVersionError"
There is also a second bug that COULD be related to the carddav server bug.
When attempting to search in the addons search for any addon such as "Cardbook", it returns an error on Mozilla page with "Oops! We had an error. We'll get to fixing that soon." Now you would think this is a Mozilla issue, but its not. If you disable torbirdy it then returns search results successfully. This issue has been on-going for about 4 months now
PLEASE can you fix these two issues, especially the carddav secure connection issue.
I also tried contacting you on @tor but you were not available.
**Trac**:
**Username**: jovi234Sukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/29829Torbirdy is not updated for Thunderbird 60.5.x2020-06-13T09:22:39ZanonymTorbirdy is not updated for Thunderbird 60.5.xThunderbird 60.5.0 introduces a huge change to the automatic account configuration code. One of the XUL element id:s that Torbirdy references has changed, leading to breakage if you enable the automatic account configuration wizard, like...Thunderbird 60.5.0 introduces a huge change to the automatic account configuration code. One of the XUL element id:s that Torbirdy references has changed, leading to breakage if you enable the automatic account configuration wizard, like in Tails: https://redmine.tails.boum.org/code/issues/16573Sukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/29155TorBirdy privacy-friendly automatic refresh2020-06-13T09:08:43ZTracTorBirdy privacy-friendly automatic refreshIt would be nice if TorBirdy let you select which email accounts you want TorBirdy to refresh automatically, and then having TorBirdy refreshing them one-by-one separated at randomized intervals and being each account refreshed over a un...It would be nice if TorBirdy let you select which email accounts you want TorBirdy to refresh automatically, and then having TorBirdy refreshing them one-by-one separated at randomized intervals and being each account refreshed over a unique Tor circuit.
**Trac**:
**Username**: MaruSukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/28493Stop forcibly enabling protected headers (aka. Memory Hole) by default2020-06-13T08:30:26ZintrigeriStop forcibly enabling protected headers (aka. Memory Hole) by defaultLet's move the discussion from https://github.com/ioerror/torbirdy/issues/33 here.
I have three new arguments in favour of not Torbirdy not touching this pref anymore:
1. Enigmail now makes this feature visible to users in a better pla...Let's move the discussion from https://github.com/ioerror/torbirdy/issues/33 here.
I have three new arguments in favour of not Torbirdy not touching this pref anymore:
1. Enigmail now makes this feature visible to users in a better place
My understanding is that when #21880 was implemented, this feature was hidden behind a hidden pref so from the Torbirdy PoV, the simplest way to make it available to the masses was to do add UI in the Torbirdy prefs, but since most users won't go in the prefs to enable it, it was decided to enable it by default. Nowadays, things are very different: Enigmail itself prompts the user wrt. whether this pref should be enabled, so they get to choose; and it has UI to toggle it on/off. So it seems to me that the main reason that justifies why Torbirdy took ownership of this pref is gone.
Besides, having to go to the Torbirdy settings to change this pref is confusing: protected headers only make sense with encrypted email, so it makes sense that they're configurable via the Enigmail settings. Adding one more layer of indirection is bound to cause user confusion, and indeed, since 1+ year I've seen lots of Enigmail+Torbirdy users wondering why protected headers come back enabled after they've disabled it in the Enigmail prefs.
2. The corresponding code in Torbirdy seems to be unmaintained
The corresponding pref was renamed in Enigmail and its type changed in Enigmail 2.0. It seems that Torbirdy was not updated accordingly.
3. The strategy and timeline for protected headers adoption is unclear
Protected headers are currently a big pain for every email recipient, unless they use Thunderbird + Enigmail or K9. At Tails we would like to enable protected headers ASAP so our plan was to do some social media propaganda, announcing we would enable it at $DATE, and encouraging email client authors to support protected headers. But the Memory Hole spec is currently not good enough for us to point software developers to, and the timeline for updating it is unclear. For details, see https://redmine.tails.boum.org/code/issues/13649 and the email discussions linked from there. I also hope that at some point, the critical mass of users who send email with protected headers encourages email client authors to add such support, but this has not happened yet and I don't see it happening any time soon.
So all in all, my current position is that Torbirdy should stop interfering: it should let Enigmail do its thing (which it does pretty nicely) wrt. communicating to the user that this feature exists, and providing UI to toggle it on/off as desired.Sukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/27596Disable Submitting Crash to Mozilla by Default2020-06-13T08:12:42ZTracDisable Submitting Crash to Mozilla by DefaultThis should be disabled as we are using ThunderBird for anonymous usage outside of mozila development. and TBB disabled as well the browser feedback even to Torproject itself. so for security/anonymity sake its better to disable it.
*...This should be disabled as we are using ThunderBird for anonymous usage outside of mozila development. and TBB disabled as well the browser feedback even to Torproject itself. so for security/anonymity sake its better to disable it.
**Trac**:
**Username**: bo0odSukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/27570Stop ThunderBird Chat feature2020-06-13T08:12:18ZTracStop ThunderBird Chat featureIRC its better to be used with hexchat and gajim for jabber and tbb for any website. using ThunderBird not really recommended as there is no hardened version for its features.
![https://forums.whonix.org/uploads/default/optimized/2X/3/3...IRC its better to be used with hexchat and gajim for jabber and tbb for any website. using ThunderBird not really recommended as there is no hardened version for its features.
![https://forums.whonix.org/uploads/default/optimized/2X/3/35c8000187f253fb2dcd7f7fe371a695d4d55e8e_1_690x454.png](https://forums.whonix.org/uploads/default/optimized/2X/3/35c8000187f253fb2dcd7f7fe371a695d4d55e8e_1_690x454.png)
**Trac**:
**Username**: bo0odSukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/27569Stop bad feature of ThunderBird - Built-in browser2020-06-13T08:12:18ZTracStop bad feature of ThunderBird - Built-in browserThunderBird has a feature but its not for anonymity. it has built-in browser (as it seems) which makes requests that might cause a potential harmful action on user privacy. TBB handle that very well so need a built-in one.
steps to prod...ThunderBird has a feature but its not for anonymity. it has built-in browser (as it seems) which makes requests that might cause a potential harmful action on user privacy. TBB handle that very well so need a built-in one.
steps to produce:
* open thunderbird and make new email then follow the images
![https://forums.whonix.org/uploads/default/original/2X/d/d1bea8f9dc70ee16fc701440de923216a21c8465.png](https://forums.whonix.org/uploads/default/original/2X/d/d1bea8f9dc70ee16fc701440de923216a21c8465.png)
![https://forums.whonix.org/uploads/default/optimized/2X/3/36496c3c9b48f948d3074d6be0e56a0acb35b3be_1_690x363.png](https://forums.whonix.org/uploads/default/optimized/2X/3/36496c3c9b48f948d3074d6be0e56a0acb35b3be_1_690x363.png)
**Trac**:
**Username**: bo0odSukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/27092Torbirdy Disabled Still Needs Tor to Fetch Emails in Thunderbird 60+2020-06-13T08:01:57ZTracTorbirdy Disabled Still Needs Tor to Fetch Emails in Thunderbird 60+Just installed Thunderbird 60.0b10 and re-installed Torbirdy. After disabling it and shutting down Tor browser (OSX) I noticed that TB was not fetching any emails. Verified that Torbirdy was in fact disabled in add-ons. When I re-started...Just installed Thunderbird 60.0b10 and re-installed Torbirdy. After disabling it and shutting down Tor browser (OSX) I noticed that TB was not fetching any emails. Verified that Torbirdy was in fact disabled in add-ons. When I re-started Tor browser and tried again, it then fetched emails as normal. Restarted all applications and Mac, but problem persists.
**Trac**:
**Username**: Luigi-BSukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/26215Add an option to Proxy tab: "Do nothing"2020-06-13T07:45:36ZcypherpunksAdd an option to Proxy tab: "Do nothing"I need to use custom proxy, and your add-on change proxy settings
every time I launch Thunderbird.
Can you add an option "(O) Do nothing" to proxy tab, to force TorBirdy
not to mess up my proxy settings?
I really need it, and I'm think...I need to use custom proxy, and your add-on change proxy settings
every time I launch Thunderbird.
Can you add an option "(O) Do nothing" to proxy tab, to force TorBirdy
not to mess up my proxy settings?
I really need it, and I'm thinking about removing your add-on.Sukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/23143latest TorBirdy release 0.2.3 breaks split-gpg in Qubes OS2020-06-13T06:39:36ZTraclatest TorBirdy release 0.2.3 breaks split-gpg in Qubes OSIt worked for a couple of days, then I had to disable the Memory Hole functionality (because it breaks communications with encrypted ticketing systems that do not implement the Memory Hole spec), and things went downhill from there.
Tor...It worked for a couple of days, then I had to disable the Memory Hole functionality (because it breaks communications with encrypted ticketing systems that do not implement the Memory Hole spec), and things went downhill from there.
TorBirdy's interaction with Enigmail makes it such that Thunderbird cannot do any Enigmail-based functionality (decrypting, encrypting emails, viewing keyring, etc). Split-gpg continues to work fine outside Thunderbird.
I don't know if 0.2.3 includes assumptions about where gpg is? Or disabling Memory Hole doesn't bring Enigmail back to its previous state? In split-gpg the default gpg location is replaced with `/usr/bin/qubes-gpg-client-wrapper`. You can read more info about split-gpg here: https://www.qubes-os.org/doc/split-gpg/
In addition, on Fedora 25 I am unable to disable TorBirdy successfully, it crashes Thunderbird, and on re-starting Thunderbird TorBirdy is again enabled (and saying it will disable on re-start). That loop continues forever.
Disabling it in Thunderbird on Debian 9 works fine.
**Trac**:
**Username**: mfcSukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/22828UX: RSS Feed "Edit as new Message" has still Html bar2020-06-13T06:33:14ZcypherpunksUX: RSS Feed "Edit as new Message" has still Html barTorbirdy displays everything as plaintext, but if I choose to send an Rss Feed by click on `Edit as New Message` it start to show to me a Simple html view without external contend. Would it be a more consisted UX could just edit the mess...Torbirdy displays everything as plaintext, but if I choose to send an Rss Feed by click on `Edit as New Message` it start to show to me a Simple html view without external contend. Would it be a more consisted UX could just edit the message as plain text?
##Sukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/22639process to bring changes from tbb to torbridy2020-06-13T06:28:54Zcypherpunksprocess to bring changes from tbb to torbridyI'm aware that just by turning javascript (and other features) in thunderbird off the attack surface is reduced. But wouldn't it make sense to have process to bring the changes from tor browser's `about:config` to thunderbird? (like ask...I'm aware that just by turning javascript (and other features) in thunderbird off the attack surface is reduced. But wouldn't it make sense to have process to bring the changes from tor browser's `about:config` to thunderbird? (like asking gk, mikeperry etc to add to all relevant changes a torbirdy tag, eg in the categpory: keywords, so that the _might be relevant_ changes could be reviewed?)
Like ticket:22318, or other changes in tbb like `reader.parse-on-load.enabled false` ticket:18950 (https://gitweb.torproject.org/tor-browser.git/commit/?h=esr24&id=1344de9d3c90e3eac02dd13433ef8412a450df5a) or `dom.webaudio.enabled false` ticket:13017 (https://gitweb.torproject.org/tor-browser.git/commit/?h=esr24&id=ff923c1609c6bc4d9dd3a8b60f684d7c410a7399)Sukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/22524clear download history2020-06-13T06:26:24Zcypherpunksclear download historyMaybe it's a good idea to clear Thunderbird's download history (ctrl + j) at closing.Maybe it's a good idea to clear Thunderbird's download history (ctrl + j) at closing.Sukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/21433TorBirdy: Respect user preferences for header_type and message body type2020-06-13T06:03:13ZTracTorBirdy: Respect user preferences for header_type and message body type# Summary
Whenever Thunderbird restarts, TorBirdy resets the values for header_type and what type format to view emails, irrespective of user preference.
# Description
Something I noticed quickly after using TorBirdy is that it change...# Summary
Whenever Thunderbird restarts, TorBirdy resets the values for header_type and what type format to view emails, irrespective of user preference.
# Description
Something I noticed quickly after using TorBirdy is that it changes two settings forcibly whenever Thunderbird starts. The two settings I always change back after Thunderbird restarts are:
* _View > Message Body As… > Original HTML_: While I am aware there are potential security risks by enabling this, I prefer to view emails with the original HTML and subjectively choose to change this setting for a specific email as needed.
* _mailnews.reply_header_type_: After restarting, the value is adjusted to **1** from the default, **2**. I prefer to have the full reply header type when I reply to emails.
While I respect the reasons the TorBirdy developers have for changing these settings, it's annoying for me as the user to have my preferences overruled every time Thunderbird restarts, and then I have to go and change this manually every time it restarts.
# Implementation
1. Start Thunderbird
2. User changes settings from default TorBirdy configuration, e.g. message body type and reply_header_type
3. User closes Thunderbird
4. User restarts Thunderbird, adjustments to settings preserved
**Trac**:
**Username**: jflory7Sukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/20978shortkey "n" doesn't work any longer in Thunderbird2020-06-13T05:52:56Ztoralfshortkey "n" doesn't work any longer in ThunderbirdUsually I can go to the (n)ext unread message while pressing 'n'.
At TB 45.5.1 this doesn't work any longer since TorBirdy is installed.
Although I do get the popup window "Advance to next unread message" and pressing "Yes" TB doesn't d...Usually I can go to the (n)ext unread message while pressing 'n'.
At TB 45.5.1 this doesn't work any longer since TorBirdy is installed.
Although I do get the popup window "Advance to next unread message" and pressing "Yes" TB doesn't do it.
Deactivating that particular AddOn helps and the functionality is back.Sukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/19031Audit Thunderbird's RSS support2020-06-13T05:13:32ZSukhbir SinghAudit Thunderbird's RSS supportAudit Thunderbird's RSS feed reader. Some tasks to start with:
- Is automatic fetching disabled?
- Is HTML disabled?
- Is JavaScript disabled?
- Are proxy settings respected?
Are there other anonymity implications?Audit Thunderbird's RSS feed reader. Some tasks to start with:
- Is automatic fetching disabled?
- Is HTML disabled?
- Is JavaScript disabled?
- Are proxy settings respected?
Are there other anonymity implications?Sukhbir SinghSukhbir Singh