Commit d72ed15e authored by intrigeri's avatar intrigeri

Design doc: update wrt. the loss of Torbirdy; better organize the whole...

Design doc: update wrt. the loss of Torbirdy; better organize the whole Thunderbird section (refs: #17259)
parent ca2b6939
......@@ -1054,36 +1054,49 @@ configuration.
### 3.6.14 Thunderbird
Thunderbird, in combination with TorBirdy, sends email through Tor.
Thunderbird sends email through Tor.
Thunderbird itself leaks a lot of data and makes DNS requests, for example by
retrieving mail server configurations from a remote server over an insecure
channel. This is prevented by the TorBirdy extension as well as by custom
patches for Thunderbird in Tails, which we are currently in the process of
upstreaming ([[!tails_ticket 6156]]). Until they are upstreamed, we patch
Thunderbird (from Debian) while building Tails images:
Thunderbird leaks a lot of information by default. This is mitigated
in Tails by a set of preferences, that were initially inherited from
the now defunct *TorBirdy* add-on. For example:
- [[!tails_gitweb_dir config/chroot_local-includes/usr/share/tails/build/thunderbird-patches]]
- [[!tails_gitweb config/chroot_local-hooks/11-patch-thunderbird]]
- [[!tails_gitweb config/chroot_local-includes/usr/share/tails/build/patch-thunderbird]]
- Thunderbird is configured to generate `Message-ID` headers using
the hostname part of the sender's email address, which does not
leak usage of the PELD nor any user location information.
Thunderbird generates `Message-ID` headers using the hostname part of
the sender's email address, which does not leak usage of the PELD nor
any user location information.
- Thunderbird is configured to say `EHLO[127.0.0.1]` to the SMTP
server instead of disclosing the real IP address and hostname.
It also always says `EHLO[127.0.0.1]` to the SMTP server instead of
disclosing the real IP address and hostname.
- We disable HTML email and inline attachments in order to get rid of
a whole class of privacy concerns.
Torbirdy disables HTML email and inline attachments
in order to get rid of a whole class of privacy concerns.
Furthermore, when setting up an IMAP account, the drafts folder, instead
of being remote, is set to `~$HOME/.thunderbird/Local Folders`.
- When setting up an IMAP account, the drafts folder, instead
of being remote, is set to `~$HOME/.thunderbird/Local Folders`.
The original TorBirdy extension disables automatic email configuration
through Thunderbird's email configuration wizard. This wizard is enabled in
Tails. This is possible because our patches allow using only secure protocols
for the domain and ISPDB lookups as well as for the actual mail account
configuration. In detail this means:
Implementation:
- [[!tails_gitweb config/chroot_local-includes/etc/thunderbird/pref/thunderbird.js]]
- [[!tails_gitweb config/chroot_local-includes/usr/lib/thunderbird/thunderbird.cfg]]
- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/thunderbird]]
OpenPGP support is provided by the Enigmail add-on.
Thunderbird's email configuration wizard has security issues in its
default configuration. For example, it trusts the result of DNS
requests and may retrieve mail server configurations from a remote
server over an insecure channel. So in Tails, we patch Thunderbird to
solve these security problems. We are in the process of
([[!tails_ticket 6156 desc="upstreaming these patches"]]). Until they
are all upstreamed, we apply these patches, on top of Debian's
Thunderbird, while building Tails images:
- [[!tails_gitweb_dir config/chroot_local-includes/usr/share/tails/build/thunderbird-patches]]
- [[!tails_gitweb config/chroot_local-hooks/11-patch-thunderbird]]
- [[!tails_gitweb config/chroot_local-includes/usr/share/tails/build/patch-thunderbird]]
These account configuration wizard patches allow using only secure
protocols for the domain and ISPDB lookups as well as for the actual
mail account configuration. In detail this means:
1. we prevent all testing of plaintext protocols when guessing configurations.
2. we make autoconfiguration skip database lookups if `mailnews.auto_config_url`
......@@ -1097,13 +1110,6 @@ us prefer secure options if available.
This setting can be disabled (opt-out by the user). This also applies to
manual configuration.
OpenPGP support is provided by the Enigmail addon.
- [[!tails_gitweb config/chroot_local-includes/etc/thunderbird/pref/thunderbird.js]]
- [[!tails_gitweb_dir config/chroot_local-includes/etc/skel/.thunderbird]] is copied to
the user's `$HOME` at boot time
- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/thunderbird]]
### 3.6.15 Pidgin
Pidgin is configured in Tails to not log anything as well as not to reveal too
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment