Tor at the Heart: TorBirdy

by ssteele | December 1, 2016

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!

TorBirdy

TorBirdy automatically connects you through the Tor network whenever you log into Thunderbird email. TorBirdy also enhances the privacy settings of Thunderbird and configures it for use over the Tor network. This makes it so your location is anonymous when you check and send your email, making it more difficult for companies or governments to assemble a profile of your online activity.

Under normal circumstances, your email provider can see your IP address whenever you check your email. In addition, your IP address is imprinted within the header of the message whenever you send an email, so the email recipient can see it. TorBirdy reroutes your email through the Tor network, effectively bouncing it around different computers across the globe before delivering it. Your email provider and the recipient of the email will see your IP address as being from a random location rather than your actual location. If you set up an email account over Tor and check your email using TorBirdy, your email can't be related back to you, greatly increasing your anonymity when it comes to using email.

TorBirdy is an extension for ​Mozilla Thunderbird that is still in beta, but it is already available in 27 languages. You can download it from the Tor Project's website. Tails also ships with TorBirdy.

Comments

Please note that the comment area below has been archived.

December 01, 2016

Permalink

Great extension! :)

Haven't tested it yet but does it have a similar feature like "Privacy and Security Settings" as in Tor browser? Thanks

December 01, 2016

Permalink

hi why isn't 0x4e2c6e8793298290 available for download on the main site?

I interpret the question to mean: how can I get started using Tor to improve my cybersecurity against corporate snoopers or even against intelligence services foreign or domestic?

Two easy ways to use Tor for something useful---even essential--- which would be dangerously insecure if you are not using Tor:

o download and use Tor Browser from torproject.org; this provides a standalone package enabling you to browse the web using Tor, essentially the same way you already use a non-Torified webbrowser,

o download and use Tails from tails.boum.org; this provides a complex Linux OS (closely based on Debian) which prevents traces of computer activity such as writing a whistleblowing letter from being written to your hard drive, which could get you fired or worse, and enables many other things described in their documentation page; Tails also comes with the latest version of Tor Browser so you can surf the web, use email, use Office type programs, and you can use mat to remove metadata from image files, etc, etc; see also the "Tor at Heart" post in this blog on Tails.

Hope this helps!

December 01, 2016

Permalink

Some ISPs downgrade STARTLS. Any possibility of something like HSTS or "HTTPS Only" addons to protect concerned citizens from brutal dictators?

i. You can enforce a stronger encryption (resp. prevent a downgrade) to your email provider but the from than your email provider the email provider of your contact a free to negotiate an outdated cipher

ii. torbirdy enforces tls 1.1 (the last rfc recommends ciphers that just available in tls 1.2, tls 1.1 still better than nothing)

iii. you can use torbirdy and it's setting without using Tor! -->
{{{open torbirdy}}} --> choose {{{Transparent Torification}}}

or

iii.set it manually in torbirdy's {{{about:config}}} (that works for tormessenger, too, in contrast to tbb tracking you in that much of an issue cos you already have an account, anyway),see https://trac.torproject.org/projects/tor/ticket/20751,

{{{
security.tls.version.min = 3 enforce tls v 1.2
security.ssl3.* false
security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 true
security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 true

prevent insecure recognition
security.ssl.require_safe_negotiation true
security.ssl.treat_unsafe_negotiation_as_broken true

strict key pinning [1]
security.cert_pinning.enforcement_level 2
}}}

December 07, 2016

In reply to arma

Permalink

Tokumei is a free, anonymous, self-hosted microblogging platform. The hosting docs encourage users to run Tokumei sites as Tor hidden services and the process is scripted and documented. Public Tokumei sites are indexed with a preference for hidden services and guides for end users to install a Tor browser and connect.

https://tokumei.co/hosting/public-tor
https://github.com/tokumeico/tokumei-www/blob/master/pubtor.sh#L79-L86
https://tokumei.co/sites/examplesite/