Project

General

Profile

Bug #16186

Feature #15923: Autocrypt forces unencrypted messages

Disable Autocrypt by default

Added by hefee 4 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Elevated
Assignee:
-
Category:
-
Target version:
Start date:
12/03/2018
Due date:
% Done:

100%

Spent time:
QA Check:
Pass
Feature Branch:
bugfix/16186-thunderbird-disable-autocrypt
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

Currently Autocrypt breaks workflows.

There are currently two settings, we should update:
  • Disable Autocrypt for Tails users by default.
  • And if users enable Autocrypt "Prefer encrypted emails from the people you exchange email with." should be enabled by default in Tails. Autocrypt communicate with this setting, that the Recipient should use prefer encryption.

Related issues

Related to Tails - Feature #16299: Disable Autocrypt even for existing persistent Thunderbird profiles Rejected 01/14/2019
Blocks Tails - Feature #15506: Core work 2018Q4: Foundations Team Resolved 04/08/2018

Associated revisions

Revision 929c9cb6 (diff)
Added by anonym 4 months ago

Thunderbird: unconditionally disable Autocrypt.

It is not safe in its current state (refs: #15923).

Will-fix: #16186

Revision be23c117
Added by anonym 4 months ago

Merge remote-tracking branch 'origin/bugfix/16186-thunderbird-disable-autocrypt' into stable

Fix-committed: #16186

Revision b193f5ac (diff)
Added by Sandro Knauß 2 months ago

Disable Autocrypt via global thunderbird configuration (refs: #16186).

History

#1 Updated by intrigeri 4 months ago

#2 Updated by intrigeri 4 months ago

  • Status changed from New to Confirmed
  • Priority changed from Normal to Elevated

#3 Updated by anonym 4 months ago

  • Status changed from Confirmed to In Progress
  • Assignee changed from anonym to hefee
  • % Done changed from 0 to 50
  • QA Check set to Ready for QA
  • Feature Branch set to bugfix/16186-thunderbird-disable-autocrypt

hefee wrote:

Currently Autocrypt breaks workflows.

There are currently two settings, we should update:
  • Disable Autocrypt for Tails users by default.

Yes; I am immediately skeptical of the whole Autocrypt feature given the catastrophic issue found in #15923. We should disable it unconditionally until upstream makes it less error-prone and more fail-safe by implementing your suggestions.

  • And if users enable Autocrypt "Prefer encrypted emails from the people you exchange email with." should be enabled by default in Tails. Autocrypt communicate with this setting, that the Recipient should use prefer encryption.

Since the default is to have it enabled, there is no way we can learn if that was intentional or not by users. At best we can change the default (by patching /usr/share/xul-ext/enigmail/modules/preferences/defaultPrefs.js) in the next Tails release, and document that users can enable Autocrypt if they really want. We would make enabling Autocrypt safer by changing the default of mail.server.default.acPreferEncrypt to true (i.e. enable "Prefer encrypted emails from the people you exchange email with"). I bet there are ugly edge cases, though, so I am not advocating for this.

I don't think Autocrypt is ready for Tails, so I propose that we just disable it until #15293 is resolved and do nothing else. The feature branch does just this.

Note that the feature branch is based on the one for #16113 -- if there is a problem in #16113 so you don't want to merge that one, but you want to merge this tickets one, let me know and I remove the dependency.

#4 Updated by anonym 4 months ago

Just pinging that we'd like to have this in Tails 3.11, so a review would be appreciated ASAP! The latest that can happen for this to make it in time is Sunday (2018-12-08) afternoon, so I can merge it before Monday.

#5 Updated by hefee 4 months ago

  • Assignee changed from hefee to anonym
  • QA Check changed from Ready for QA to Pass

anonym wrote:

Since the default is to have it enabled, there is no way we can learn if that was intentional or not by users. At best we can change the default (by patching /usr/share/xul-ext/enigmail/modules/preferences/defaultPrefs.js) in the next Tails release, and document that users can enable Autocrypt if they really want. We would make enabling Autocrypt safer by changing the default of mail.server.default.acPreferEncrypt to true (i.e. enable "Prefer encrypted emails from the people you exchange email with"). I bet there are ugly edge cases, though, so I am not advocating for this.

Yes enabling mail.server.default.acPreferEncrypt by default would help our users.
But as we disable Autoencrypt by default now I think it is fine to not touch this setting with this patch.

I don't think Autocrypt is ready for Tails, so I propose that we just disable it until #15293 is resolved and do nothing else. The feature branch does just this.

+1

Note that the feature branch is based on the one for #16113 -- if there is a problem in #16113 so you don't want to merge that one, but you want to merge this tickets one, let me know and I remove the dependency.

fine for me :D

#6 Updated by anonym 4 months ago

  • Status changed from In Progress to Fix committed
  • % Done changed from 50 to 100

#7 Updated by CyrilBrulebois 4 months ago

Thanks for the commit.

#8 Updated by anonym 4 months ago

  • Assignee deleted (anonym)

#9 Updated by CyrilBrulebois 3 months ago

  • Status changed from Fix committed to Resolved

#10 Updated by sajolida 3 months ago

  • Related to Feature #16299: Disable Autocrypt even for existing persistent Thunderbird profiles added

Also available in: Atom PDF