Project

General

Profile

Feature #17259

Feature #17219: Replace TorBirdy

Update Thunderbird design doc

Added by segfault 2 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
feature/17219-replace-torbirdy
Type of work:
Contributors documentation
Blueprint:
Starter:
Affected tool:

Description

The "3.6.14 Thunderbird" section of our design doc says that we use TorBirdy and describes what TorBirdy does. We will have to update that section.


Related issues

Related to Tails - Bug #17277: Check if the Thunderbird autoconfig wizard trusts the result of DNS requests Confirmed
Blocks Tails - Feature #16209: Core work: Foundations Team Confirmed

Associated revisions

Revision d72ed15e (diff)
Added by intrigeri 2 months ago

Design doc: update wrt. the loss of Torbirdy; better organize the whole Thunderbird section (refs: #17259)

Revision bb687de8 (diff)
Added by intrigeri about 2 months ago

Design doc: drop obsolete info (refs: #17259)

Since https://bugzilla.mozilla.org/show_bug.cgi?id=902580,
the timezone is not leaked in Message-ID anymore.

Revision f47e3279 (diff)
Added by segfault about 2 months ago

Design doc: drop obsolete info (refs: #17259)

Thunderbird uses the hostname part of the sender's email address in the
Message-ID by default.

History

#1 Updated by intrigeri 2 months ago

#2 Updated by intrigeri 2 months ago

  • Type of work changed from Code to Contributors documentation

#3 Updated by intrigeri 2 months ago

  • Assignee set to intrigeri

#4 Updated by intrigeri 2 months ago

  • Feature Branch set to feature/17219-replace-torbirdy

#5 Updated by intrigeri 2 months ago

  • Status changed from Confirmed to In Progress

#6 Updated by intrigeri 2 months ago

  • Status changed from In Progress to Needs Validation
  • Assignee changed from intrigeri to segfault

#7 Updated by segfault about 2 months ago

  • Status changed from Needs Validation to Confirmed
  • Assignee changed from segfault to intrigeri

Regarding this:

Thunderbird is configured to generate `Message-ID` headers using
the hostname part of the sender's email address, which does not
leak usage of the PELD nor any user location information.

IIUC, this is about this patch to Thunderbird:

https://bugzilla.mozilla.org/show_bug.cgi?id=902580

It does not require setting a preference, so I think it's incorrect to state that Thunderbird leaks this information by default. I would remove that paragraph.

Regarding "For example, it trusts the result of DNS requests", I'm not sure which of our patches you are referring to. Is this about the oauth2 thing?

#8 Updated by intrigeri about 2 months ago

  • Status changed from Confirmed to In Progress

#9 Updated by intrigeri about 2 months ago

  • Related to Bug #17277: Check if the Thunderbird autoconfig wizard trusts the result of DNS requests added

#10 Updated by intrigeri about 2 months ago

Regarding this:

> Thunderbird is configured to generate `Message-ID` headers using
> the hostname part of the sender's email address, which does not
> leak usage of the PELD nor any user location information.
> 

IIUC, this is about this patch to Thunderbird:

https://bugzilla.mozilla.org/show_bug.cgi?id=902580

I think there are two aspects:

  • That patch addresses the "user location information" aspect, as it avoids leaking the local time in the "local" part of the Message-ID (what's before the \@). So I've dropped this obsolete claim of ours.
  • That patch does not address the "usage of the PELD" aspect, because at least in this patch, the hostname is still leaked after the \@. To ensure we don't make erroneous claims and that we don't regress, I think we should:
    • Verify whether Torbirdy in Tails 4.0 indeed replaced this with "the hostname part of the sender's email address"; if it did not, stop here
    • Check what's happening in practice on this branch; if it's worse than 4.0, we have a regression
    • Ideally, check what's happening in practice with pristine Thunderbird 68 outside of Tails; that's in case we need to compare to support our claim that Thunderbird does not do what we want by default.

At this point, I'm fine with removing the claims we're not sure are correct.
What I'm more concerned about is the risk of regression compared to 4.0.

Regarding "For example, it trusts the result of DNS requests", I'm not sure which of our patches you are referring to. Is this about the oauth2 thing?

I think something went wrong, see #17277 :(

I'm inclined to leave the design doc as-is for now but I'm fine if you prefer to drop this probably erroneous claim of ours (and we may revert that after #17277 solves the problem).

#11 Updated by segfault about 2 months ago

intrigeri wrote:

  • That patch does not address the "usage of the PELD" aspect, because at least in this patch, the hostname is still leaked after the \@. To ensure we don't make erroneous claims and that we don't regress, I think we should:
    • Verify whether Torbirdy in Tails 4.0 indeed replaced this with "the hostname part of the sender's email address"; if it did not, stop here
    • Check what's happening in practice on this branch; if it's worse than 4.0, we have a regression
    • Ideally, check what's happening in practice with pristine Thunderbird 68 outside of Tails; that's in case we need to compare to support our claim that Thunderbird does not do what we want by default.

Makes sense. I will do that now.

At this point, I'm fine with removing the claims we're not sure are correct.

I see you did that already on the feature branch.

What I'm more concerned about is the risk of regression compared to 4.0.

Agreed.

Regarding "For example, it trusts the result of DNS requests", I'm not sure which of our patches you are referring to. Is this about the oauth2 thing?

I think something went wrong, see #17277 :(

Oh.

I'm inclined to leave the design doc as-is for now but I'm fine if you prefer to drop this probably erroneous claim of ours (and we may revert that after #17277 solves the problem).

Sure, lets leave it as is until we know what happened.

#12 Updated by intrigeri about 2 months ago

  • Assignee changed from intrigeri to segfault

#13 Updated by segfault about 2 months ago

  • Status changed from In Progress to Needs Validation
  • Assignee changed from segfault to intrigeri
  • Verify whether Torbirdy in Tails 4.0 indeed replaced this with "the hostname part of the sender's email address"; if it did not, stop here
  • Check what's happening in practice on this branch; if it's worse than 4.0, we have a regression
  • Ideally, check what's happening in practice with pristine Thunderbird 68 outside of Tails; that's in case we need to compare to support our claim that Thunderbird does not do what we want by default.

For all three of 4.0, an image built from this branch (commit f4df8536c19a81300915003cad332f9a101eeae4), and Thunderbird 68 from Sid without TorBirdy installed, the Message-ID is of the form <f53156f3-ccbc-d884-1cd7-a2742c19b15b@riseup.net>. So I removed the claim that Thunderbird leaks information in this header by default.

#14 Updated by intrigeri about 2 months ago

  • Status changed from Needs Validation to Resolved

For all three of 4.0, an image built from this branch (commit f4df8536c19a81300915003cad332f9a101eeae4), and Thunderbird 68 from Sid without TorBirdy installed, the Message-ID is of the form <f53156f3-ccbc-d884-1cd7-a2742c19b15b@riseup.net>. So I removed the claim that Thunderbird leaks information in this header by default.

Excellent :))

Also available in: Atom PDF