wiki:torbirdy

Version 46 (modified by sukhbir, 6 years ago) (diff)

--

Codename: TorBirdy

TorBirdy is Torbutton for Thunderbird, Icedove and related Mozilla mail clients. It may also work with other non-web browser Mozilla programs such as Sunbird.

Status

TorBirdy is experimental. Use at your own risk! Please read our design goals document to understand what we're trying to accomplish with TorBirdy for our users.

Quick Setup Guide

This short guide should help you to setup your Thunderbird email client to send and fetch email via Tor. It can be used for new or already existing email accounts.

Please bear in mind that email accounts that have been used without Tor before offer less privacy/ anonymity/ weaker pseudonyms than email accounts that have been created using TorBrowser and have never been accessed without Tor. But TorBirdy is still useful for exiting accounts or real name email addresses; for example if you are looking for location anonymity, i.e., you travel a lot and don't want to disclose all your locations by sending emails.

TorBirdy works with SMTP and IMAP/POP3 but POP3 is recommended over IMAP because POP3 is a much simpler protocol and less likely to have or introduce any new sketchy features.

This guide does not cover email account configuration (inserting the correct mailserver domain, port, username, ...). JonDo has a guide that details configuring your email accounts for use with TorBirdy, among other helpful information.

Before using TorBirdy

The preferences TorBirdy changes are documented here.

Please note that when you use TorBirdy, there are some settings you will not be able to change. Some simple examples of this are: all email you send and receive will be in plain text and not HTML, your email accounts will not check for messages automatically, etc. Please understand that this is expected and by design: we believe that you, as a user who is using TorBirdy, should not be changing these settings as they can compromise your anonymity. If you find that you are changing a preference and it is not preserved after restart, TorBirdy is probably enforcing that preference. There are some preferences that can be changed and those can be accessed through TorBirdy's preferences dialog (Tools > Add-ons > TorBirdy (right-click) > Preferences or click on TorBirdy Enabled in the status bar). If you are not an advanced user, you should not change these settings.

The settings that TorBirdy changes are restored to their default on uninstall. In case you find some settings that are not being restored, please file a bug report.

If you are a new user, the following three settings should be most important to you out of the many settings that are changed:

Automatic checking of emails:

Default Behaviour: Disabled (for both IMAP and POP accounts)
Can Change: Yes

To enable automatic checking of emails, go to TorBirdy's preferences and change the following preferences:

Privacy Settings:

  • check "Enable push email support for IMAP accounts [default: disabled]" (first option)
  • check "Select last accessed mail folder on startup [default: disabled, select Local Folders]" (third option)

Then go to "Account-Specific" options, choose your email account and enable the account-specific settings you want. If you want the default Thunderbird settings, check both the options in the account configuration window that is opened.

HTML email:

Default Behaviour: Disabled
Can Change: No

HTML email is disabled both for sending and receiving mail. This is because HTML emails are unsafe and can compromise your identity; emails you send will be in plain text and HTML emails you receive will be sanitized and converted to plain text. You cannot change this behavior.

Time zone:

Default Behaviour: Set to UTC
Can Change: Yes

The time zone is set to UTC so that your location is not revealed in the email header when sending a message. As a side-effect, Thunderbird converts the time zone for all received messages also. If this is an issue, you can change this setting in TorBirdy's preferences (but we don't recommend it). Note that you have to close Thunderbird and restart it for this setting to take effect.

Required Software

  • Tor
  • Thunderbird
  • TorBirdy

TorBirdy does not require a running instance of the TorBrowser Bundle (TBB) or a HTTP proxy.

Setup Steps

  1. Install Tor as a daemon:
  • On Windows and OSX download and install the Vidalia Bundle and make sure Vidalia starts automatically at system boot.
  • On Unix, Linux and BSD you should use your distributor's packages or if available the ones provided by the torproject.
  • Regardless of the OS, make sure Tor is running with default client settings (SocksPort is listening on 127.0.0.1:9150).
  1. Install the TorBirdy extension:
  • Open Thunderbird's Add-ons configuration (Tools -> Add-ons) and type "torbirdy" into the search box on the right hand side.
  • Then click "Install"

Now you should be ready to go, there is no further configuration required.

Troubleshooting

If things don't work for you:

  1. Make sure Tor is running and listening on 127.0.0.1 (localhost) on port 9150.
  2. Use Vidalia's "Tor Network Map" to confirm that something is trying to use the Tor instance to connect to an SMTP/ POP3/ IMAP port while sending/fetching emails. If nothing is using your running Tor instance, Thunderbird is not connecting to your running Tor instance correctly. This could have the following reasons:
    • tor is not running
    • tor's SocksPort is not running on the expected port 127.0.0.1:9150.
    • TorBirdy was configured to connect to something else then 127.0.0.1:9150
  3. If you see Thunderbird connecting to Tor and it is still not working, try hitting the "New Identity" button in Vidalia; it might be the case that the mailserver you are trying to connect to does not like your source IP address (bad exit node)

TorBirdy with Gmail

TorBirdy works fine with Gmail and there should be no issues, except in rare cases where certain exit nodes cause Gmail to lock an account (and therefore POP/IMAP access) until the user logs in through the web interface and enters a CAPTCHA.

Mike Hearn from Google addressed this issue on tor-talk:

Access to Google accounts via Tor (or any anonymizing proxy service) is not allowed unless you have established a track record of using those services beforehand. You have several ways to do that:

1) With Tor active, log in via the web and answer a security quiz, if any is presented. You may need to receive a code on your phone. If you don't have a phone number on the account the access may be denied.

2) Log in via the web without Tor, then activate Tor and log in again WITHOUT clearing cookies. The GAPS cookie on your browser is a large random number that acts as a second factor and will whitelist your access.

Once we see that your account has a track record of being successfully accessed via Tor the security checks are relaxed and you should be able to use TorBirdy.

Known TorBirdy Issues

Info Leaks

  • #6314 leak via Date header field (local timestamp disclosure)
  • #6315 leak via Message-ID header field (local timestamp disclosure)

Usenet

Only relevant for Usenet / NNTP users.

  • If you want to use connection security, aka SSL, you have to manually enable it. It will not get automatically set for you. Note: For NNTP accounts that were created before TorBirdy was installed, NNTPS is enabled, but if you create a NNTP account after installing TorBirdy, please enable SSL manually.
  • #8069 Connections over SSL to NNTP servers are failing (with or without TorBirdy installed). We don't know why. Try, tell us if it works for you.

Additional Add-Ons

Enigmail (OpenPGP GPG for Thunderbird)

Enigmail is supported in TorBirdy 0.0.13, but Enigmail traffic is fail-closed, until we find a HTTP -> SOCKS5 shim. In most setups, GnuPG requires a HTTP proxy to properly work (not leak) on your system. If you are lucky and you are running gpg with curl (>= 7.21.7) support, gpg can be used without http proxy (gpg on Windows has no curl support).

To determine if your gpg installation has that kind of curl support you can run gpg with debug options and look for "curl version". The version number must be >= 7.21.7:

gpg --keyserver-options debug --search-keys somethingnonexisting

Note that if gpg returns gpgkeys: curl version = GnuPG curl-shim, then SOCKS is not supported. If you are running Debian/ Ubuntu, installing the gnupg-curl package will alleviate this issue.

mixgui (mixminion remailer for Thunderbird)

(Source: #6020) MixMinion isn't really ready for prime time. While we'd love to hear feedback about use with TorBirdy, I'm skeptical that MixMinion itself works very well. So for now, I'd suggest that you do not mix that plugin and TorBirdy unless you've got some good data or good feedback.

Lightning (Calendar for Thunderbird)

See #6319.

Other Add-Ons

Please do not install random Add-Ons. If they have not been reviewed by the TorBirdy developers, they could harm your anonymity. Open a ticket it the Add-On is not listed here.

Acknowledgements

This project is by Jacob Appelbaum, Sukhbir Singh and tagnaq. JonDo support by Karsten N.

source code on github
tickets