make use of stream isolation

TorBirdy should not use the same circuit that any other torified applications may use. Streams should get isolated.

A different circuit should also be used for each account, similar to what Tor Browser does when isolating different domains.

added component::applications/torbirdy owner::sukhbir priority::medium severity::normal status::assigned type::defect labels

As first "simple" implementation: Does ThunderBird support socks authentication? I really haven't found it. If it had you could use IsolateSOCKSAuth by using "TorBirdy" as socks auth.

More comprehensive implementation: Use the accountname (or any other identifies or the hash of it) of the mail account as socks auth for IsolateSOCKSAuth. That way all mail accounts get stream isolated from each other.

What's left: http traffic... Not sure how this fits in. The blog and news feed reader, updates, addon search, install and updates go over http. What else?

Replying to proper:

As first "simple" implementation: Does ThunderBird support socks authentication?

I don't think so.

More comprehensive implementation: Use the accountname (or any other identifies or the hash of it) of the mail account as socks auth for IsolateSOCKSAuth. That way all mail accounts get stream isolated from each other.

As far as I know there is only one proxy per Thunderbird instance, if you want to isolate different accounts you currently have to run multiple Thunderbird instances with different proxy settings. Did someone try proxy addons that allow more specific proxy settings? (or you can do some iptables/TransPort redir tricks based on destination IP/port - but that is just a hack)

What's left: http traffic... Not sure how this fits in. The blog and news feed reader, updates, addon search, install and updates go over http. What else? HKP... but everything uses the same specified proxy anyway.

Replying to proper:

TorBirdy should not use the same circuit that any other torified applications may use.

Although that is an adorable goal I wouldn't know of a way that application A can prevent application B from using the same Socks/TransparentPort or same SOCKS auth. cred.

We can try but TorBirdy probably can't guarantee that nobody else is using the same stream.

If the user has Tor 0.2.3.x, they get basic stream isolation. It should be good enough for most users with a single email account...

Until Thunderbird supports SOCKS username/passwords, we can't really do anything about this issue. Please file a bug with Thunderbird and we'll implement it in TorBirdy when they support it.

Trac:
Status: new to closed
Resolution: N/A to wontfix

Replying to tagnaq:

Replying to proper:

TorBirdy should not use the same circuit that any other torified applications may use.

Although that is an adorable goal I wouldn't know of a way that application A can prevent application B from using the same Socks/TransparentPort or same SOCKS auth. cred.

We can try but TorBirdy probably can't guarantee that nobody else is using the same stream.

No need to guarantee that, which is not possible indeed. However, TorBirdy using socks 127.0.0.1:9150 while another application is using the same socks 127.0.0.1:9150 is bad. Not that unlikely, since it is the default TBB socks port that users and other applications tend to re-use.

I suggest TorBirdy should use socks 127.0.0.1:9150 with socks auth TorBirdy_<small random string>. Then it would be stream isolated from another arbitrary application using plain socks 127.0.0.1:9150.

Trac:
Severity: N/A to Normal
Reviewer: N/A to N/A
Sponsor: N/A to N/A

Replying to ioerror:

If the user has Tor 0.2.3.x, they get basic stream isolation.

Please briefly explain why/how.

Until Thunderbird supports SOCKS username/passwords, we can't really do anything about this issue. Please file a bug with Thunderbird and we'll implement it in TorBirdy when they support it.

I don't think it is reasonable to close this ticket and to leave it to chance if a Thunderbird socks username support feature request is posted against Mozilla.

Trac:
Resolution: wontfix to N/A
Status: closed to reopened

Trac:
Cc: proper to proper, adrelanos

https://bugzilla.mozilla.org/show_bug.cgi?id=1200802 is now marked as fixed in upstream Mozilla. How does that affect the feasibility of implementing stream isolation in TorBirdy?

Tor Browser now uses SOCKS username/password to use different circuits for each domain. Does Thunderbird now support using SOCKS username password as well? Would it be complicated to get a different circuit for each account now that it's a reality?

One corner case to be aware of is POP before SMTP. I don't know if these kind of setups are still in use, but they were popular at some point. It would probably be best if the same circuit can be used in such a case, as I believe some implementation would ensure that the same IP is in use for both POP and subsequent SMTP. This is still a minor use case and should not block getting proper isolation between accounts.

Thanks!

Trac:
Description: TorBirdy should not use the same circuit that any other torified applications may use. Streams should get isolated.

to

TorBirdy should not use the same circuit that any other torified applications may use. Streams should get isolated.

A different circuit should also be used for each account, similar to what Tor Browser does when isolating different domains.
Status: reopened to new

Replying to lunar:

Tor Browser now uses SOCKS username/password to use different circuits for each domain. Does Thunderbird now support using SOCKS username password as well? Would it be complicated to get a different circuit for each account now that it's a reality?

One corner case to be aware of is POP before SMTP. I don't know if these kind of setups are still in use, but they were popular at some point. It would probably be best if the same circuit can be used in such a case, as I believe some implementation would ensure that the same IP is in use for both POP and subsequent SMTP. This is still a minor use case and should not block getting proper isolation between accounts.

Thanks!

Yes, Thunderbird supports SOCKS authentication now. The Tor Browser patch against Firefox to support SOCKS authentication was upstreamed to Mozilla in this bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1200802 ; it was merged by Mozilla on 2015 Nov 26.

As far as I can tell, Icedove in Debian Jessie includes this support, see https://sources.debian.net/src/icedove/1:45.2.0-1~deb8u1/mozilla/netwerk/base/nsIProxyInfo.idl/#L53 .

So as far as I can tell, it should be straightforward to use this in TorBirdy -- use the standard Mozilla hooks for setting proxy settings per connection (I assume these API's are identical between Firefox and Thunderbird), and set the "username" and "password" fields of the nsProxyInfo instance that you generate to whatever you want them to be.

Trac:
Cc: proper, adrelanos to proper, adrelanos, jeremy@veclabs.net

Trac:
Owner: ioerror to sukhbir
Status: new to assigned

mentioned in issue #6360 (closed)