TorBirdy 0.2.2 is released

We are pleased to announce the eighth beta release of TorBirdy: TorBirdy 0.2.2. This release adds support for Thunderbird 52 and also features improved security configuration settings for Thunderbird. All users are encouraged to update.

If you are using TorBirdy for the first time, visit the wiki to get started.

There are currently no known leaks in TorBirdy but please note that we are still in beta, so the usual caveats apply.

Here is the complete changelog since v0.2.1:

0.2.2, 03 April 2017
* Bug 20751: Enforce stronger ciphers in TorBirdy
* Bug 6958, 16935, 19971: Add support for already torified keyserver
communication using modern GnuPG
* The minimum supported Thunderbird version is 45.0 and the maximum is 52.*
* Update default keyserver to OnionBalance hidden service pool

We offer two ways of installing TorBirdy: by visiting our website (GPG signature; signed by 0xB01C8B006DA77FAA) or by visiting the Mozilla Add-ons page for TorBirdy.

Please note that there may be a delay -- which can range from a few hours to days -- before the extension is reviewed by Mozilla and updated on the Add-ons page.

The TorBirdy package for Debian GNU/Linux will be uploaded shortly by Ulrike Uhlig.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Great to see that TorBirdy is still taken care of, thank you!

Thank you!

shouldn't this be part of Thunderbird and Enigmail ,aka upstream instead ?

Do you mean the extension itself or the settings we are changing? The former is unlikely but the latter is a long-term goal.

Anyone have good "about:config" rules for Thunderbird lock down

TorBirdy already does that, if that was the question? See https://gitweb.torproject.org/torbirdy.git/tree/components/torbirdy.js#n29

I updated the birdie from inside tb but the refferred page was not reacheable without a security exception from TB

Your connection is not secure

The owner of support.mozilla.org has configured their website improperly. To protect your information from being stolen, Tor Browser has not connected to this website.

Learn moreā€¦

support.mozilla.org uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.

Error code: SEC_ERROR_UNKNOWN_ISSUER

Lamers from Mozilla teaching others how to deal with security can't configure their own servers properly, lol:
This server's certificate chain is incomplete.
https://www.ssllabs.com/ssltest/analyze.html?d=support.mozilla.org

PS This is the address that gives a certificate error. Even after the exception it was not reacheable

https://support.mozilla.org/1/firefox/45.8.0/Linux/en-US/unsigned-addons

Seems to be an issue with support.mozilla.org... Maybe try from https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/

When I used tb addons to search for tor-birdie it did not find anything, although the main add-on page opened up. When I clicked on "check for upgrades" it found an upgrade and once restarted it was on 0.2.2
The web-page itself seemed to be having certification issues but it could be a transition problem. I was just reporting the issue, my upgrade worked.

Thanks, for all your work on Torbirdy.

Has someone thought of activating the new Enigmail feature that allows to encrypt the subject line, References, etc. ("Memory Hole Protected E-mail Headers"[1]), too? It works fine for me, maybe it's time too push this feature a bit by enabling it by default;-)

---------------------------------------

extensions.enigmail.protectHeaders true

Protect sensitive headers of encrypted messages, such as the subject. The original header is moved into the encrypted message and replaced by a dummy value (such as "Encrypted Message"). This is part of the Memory Hole standard that is currently being developed.

extensions.enigmail.protectedSubjectText Encrypted Message

Text to use as replacement for the subject, following the Memory Hole standard. If nothing is defined, then "Encrypted Message" is used.
[2, 3]

[1] https://github.com/ModernPGP/memoryhole
[2] https://enigmail.wiki/Advanced_Operations
[3] https://privacy-handbuch.de/handbuch_32w.htm

Thanks for reporting this! Someone opened a ticket with this comment (https://trac.torproject.org/projects/tor/ticket/21880) so we will continue the discussion there.

Post new comment

  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <em> <strong> <cite> <code> <ul> <ol> <li> <b> <i> <strike> <p> <br>

More information about formatting options

Syndicate content Syndicate content