Opened 3 years ago

Closed 3 years ago

#10309 closed enhancement (fixed)

TorBirdy - IMAP issue

Reported by: arkmd Owned by: sukhbir
Priority: High Milestone:
Component: Applications/TorBirdy Version:
Severity: Keywords: IMAP, Enigmail, issue
Cc: arkmd, ioerror Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Part of discussion on tor-dev mail list.


Accessing an email server via IMAP may leak data by saving a draft on
the remote server.

Using Thunderbird+Enigmail+Torbirdy.

While writing a message on Thunderbird, it is automatically saved as a
draft, which by default is sent to the IMAP server. So the server will
be able to read that message.

That's a big problem when the message should be encrypted before sent.
So the email provider will be able to read sensitive data on those
drafts in cleartext and the user probably won't notice.

To solve this the user need to manually set the account drafts
settings (in Copies & Folders) to keep drafts on Local Folders.

I think Torbirdy should do it by default.

This info should be added to known issues on Torbirdy wiki.

I know Torbirdy developers recommend POP over IMAP, but as a
mailtor.net user I don't have any other option.


I've checked it again. Write, wait it to be saved, close and open your
email via web-mail. And thats my draft in cleartext on mailtor.net server:

Testing draft.

Icedove 17.0.10 Enigmail 1.6 TorBirdy 0.1.2

That's it.

Nima Fatemi:

It doesn't have anything to do with TorBirdy.

I did not say it is TorBirdy fault.

But yes it has everything to do with TorBirdy. It is an anonymity and
security tool and tries avoid leaks. Maybe you just don't see it as a
leak.

Anyway the users must know it may happen.

All you really have to do, is to have Encryption on by default in
Enigmail. Your drafts are now going to be encrypted. Problem
solved!

Sukhbir Singh:

By default, Enigmail saves an encrypted copy of the message. This
is the default setting [1] and I think it also confirms this when
it saves an encrypted message for the first time. TorBirdy does
not modify this setting so it should be enabled by default for
Enigmail.

Enigmail asks to save an encrypted draft *only when you enable
encryption* to that message. If you forget to set the encryption and
write it will be saved in cleartext without asking anything.

When you are sending the email Enigmail asks if you really wanna send
unencrypted, but the draft already have been sent unencrypted on the
IMAP server.

Enigmail should ask *always* when saving a draft remotely. Even
locally it should.

And TorBirdy should help prevent this to happen.

griffin@…:

Now Thunderbird is set to *not* automatically create/save drafts.
Works like a charm. =)

That should be default set by both Enigmail and TorBirdy.
Also should set to save locally, instead of remotely, if the user
wants to save a draft.

Child Tickets

Change History (7)

comment:1 Changed 3 years ago by sukhbir

  • Owner set to sukhbir
  • Status changed from new to assigned

comment:2 Changed 3 years ago by sukhbir

Let's debug this. Open the Error Console (Tools > Error Console or Ctrl+Shift+ J) and then paste and run this:

var prefs = Components.classes["@mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefBranch); alert(prefs.getIntPref("extensions.enigmail.saveEncrypted"));

(This outputs the value of the saveEncrypted Engimail preference)

What is the output?

comment:3 Changed 3 years ago by arkmd

Output: 0

comment:4 Changed 3 years ago by sukhbir

This is weird. I am using the exact same versions and cannot reproduce this. With a value of 0 for the above preference, Enigmail confirms before saving the message.

Anyways, I am going to ask someone else also to test this because Enigmail should not allow this to happen and we are not touching this preference at all.

If you can try this meanwhile: set the value of the above preference to 1 and then observe what happens.

comment:5 Changed 3 years ago by sukhbir

  • Cc ioerror added

comment:6 Changed 3 years ago by ioerror

I'm not using IMAP with TorBirdy, so I'm the last person to test this, I think.

comment:7 Changed 3 years ago by sukhbir

  • Resolution set to fixed
  • Status changed from assigned to closed

This is now fixed. (commit). Note that I have not been able to reproduce the Enigmail bug; our motivation for fixing is independent of that.

For IMAP accounts (and all related identities) messages will be saved in Local Folders/Drafts instead of being saved locally. This is true for both existing IMAP and new IMAP accounts (accounts created with TorBirdy's manual configuration wizard.)

This setting is not enforced by TorBirdy so the user is free to change this and set it to their preferred default value.

If you have additional identities for an account, please note the following:

  • For all accounts and identities that exist prior to TorBirdy's installation, this will be activated.
  • If you create a new account after TorBirdy is installed, this setting will be activated.
  • But, if you create an additional identity (other than the default one) for that account after TorBirdy is installed, this will not be activated. You have to configure it manually for the new identity. This is because doing this automatically involves capturing the am-identity-edit.xul overlay and I am not motivated enough to undertake this at the moment and this is probably not required as most users TorBirdy users should not have multiple identities for a single account anyways.

I am closing this for now. You can try it out from the repository if you want but please do so in a new profile/VM because I have not tested this extensively.

Note: See TracTickets for help on using tickets.