Tempests email guide -> Whonix wiki

That’s great tempest.

PS Based on this →

https://securityinabox.org/en/guide/thunderbird/windows/

I think we can add the following little sections to your guide so it is even more thorough:

  • 3.1 Disable HTML email (display as plain text) section
  • 3.3 Configuring Thunderbird’s privacy preferences (disable support for cookies completely; also defends against email web beacons)
  • Include the optional section on changing the passphrase for a private key
  • Importing a public key that is sent to you as an attachment in an email.
  • Maybe a link to validating and signing keys section of that guide.

If you agree, I’ll go ahead and do that.

1 Like

@torjunkie. part 3.1 is already handled by torbirdy. with torbirdy installed, the view and send message setting is plain text.

part 3.3. can’t think why disabling cookies completely would be an issue. so, probably fine. however, since messages are viewed in plain text and remote content is already disabled, probably not a major risk. but, will add step to disable since thundrbird is only being used for email, not rss or anything else.

for the optional part of changing the passphrase of the gpg private key, i’m a bit confused about the threat model suggested by the guide you link. it says one may want to do this in case the private key has been compromised without one’s knowledge. but, i cannot think of a scenario where changing the passphrase of a compromised key truly helps in a meaningful way. the key should simply be revoked and retired.

for importing a public key sent as an attachment, not opposed.

the section on verifying and signing keys is more problematic since we’re dealing with anonymous users. main issue will be that, for other anonymous users, a true verification may never be a reality. but not opposed to it.

2 Likes

I’ve been using thunderbird for rss as a least-bad option (Best OpSec(?) for browsing/reading? [RSS] - #4 by entr0py). No cookies please!

@entr0py. it appears that accepting cookies is hard set by torbirdy for some reason. for whatever reason, when i played with the e-mail chapter set up and disabled cookies, accepting cookies was always re-enabled on next boot up, which shouldn’t happen. so, i disabled torbirdy and then disabling of cookies remained persistent.

i’m hesitant to do another hack of torbirdy again. the current set up it enforces is to allow cookies, reject third party cookies, and erase them on shut down. i could look into hacking the code to allow for disabling cookies. but i’m curious as to why this method was implemented. don’t know if there is a concern i’m missing.

1 Like

Thanks for looking into that. That’s actually the same behavior as Tor Browser. (And as our wiki notes, a good reason for not using the “New Tor Circuit for this Site” function - to switch between identities).

  1. not accepting cookies reduces anonymity set [1]
  2. breaks website functionality [1]
  3. many other options exist for storing identifiers (cache, dom storage, etc) [2]

[1] How Tor handles cookies? - Tor Stack Exchange
[2] The Design and Implementation of the Tor Browser [DRAFT]

Sure. I have no idea what the implications are for accepting cookies from rss sources. I would hope that cookies are isolated between origins / domains. The real worry is that cookies are used somehow to reveal information from the email side of the app. That may be a good enough reason to use a dedicated rss reader.

@entr0py. i meant i was curious as to why it was hard coded into torbirdy. in tor browser, if one wants to block all cookies, the option is there.

regardless, this may be moot for the moment. the eff is recomending everyone to immediately cease using a thunderbird + enigmail set up due to a yet to be published vulnerability that exposes encrypted email.

edit: already being called fud. Efail or OpenPGP is safer than S/MIME

apparently someone broke the embargo on publishing the paper, so it’s been published early by the authors. it’s mainly an html exploit. but, they say there may be other ways. thus, the initial hype of this appears to very much be fud. i have a feeling the authors may be in for a rough week.

https://efail.de/

keep calm and carry on. :wink:

Here’s a more sane take: Errata Security: Some notes on eFail

Summary
It only works if attackers have already captured your emails (though, that’s why you use PGP/SMIME in the first place, to guard against that).

It only works if you’ve enabled your email client to automatically grab external/remote content.

It seems to not be easily reproducible in all cases.

Instead of disabling PGP/SMIME, you should make sure your email client hast remote/external content disabled – that’s a huge privacy violation even without this bug.

11 posts were split to a new topic: torbirdy deprecated - replacement required

OK - email entry all fixed with @tempest latest text and figures. Also removed all TorBirdy and other steps no longer needed. Please check there are no silly mistakes.

So “just” the manual config changes to Thunderbird now required ala Tails and other changes. Hoping you will help with that. Then I’ll test it from A to Z that it is functional and working as intended.

2 Likes

Encrypted Email with Thunderbird: Difference between revisions - Whonix

where to find the new fingerprint

81934E7B83E89CFD8C25F3D67FBD040886EC5FE0

?

1 Like

http://keys.gnupg.net/pks/lookup?op=vindex&fingerprint=on&search=0xE61A9E7987F6C85E

and

http://keys.gnupg.net/pks/lookup?op=vindex&fingerprint=on&search=0x7FBD040886EC5FE0

it’s my key. you can see it from there. here’s the history of it.

vfemail.net had issues at one point. onion kept going down. onion no longer exists after last attack i believe.

switched to mainly using bitmessage.ch. that service has now closed.

been using danwin210.me since. you can see the cross signing from the accounts in the above links.

@hulahoop thanks for the work. iam about to tackle the email section for the new version of the guide i am working on. so, you saved me some work i think. :slight_smile: however, given the torbirdy issues, which i haven’t fully explored yet, the email chapter is in flux for me. i’m debating if it is worth exploring a new minimal client.

edit: at this point, i am debating whether or not it is worth focusing on email at all. could use it as a small instructional chapter for registering with various services, but dropping the gpg and regular usage issues. instead, point out that email is inherently problematic and recommend users to use a suitable messaging client, which opens the entirely separate problematic issue of “what constitutes a suitable messaging client?” for the most part, the wire client has been easy and works as advertised with tor. but, it is not in the debian repos and, due to the fact that they offer their own debian compatible repo, i am not sure they are ever going to submit versions of the software for inclusion in the official debian distros.

1 Like

An easy to use minimal email client written in a high level lang is always a welcome addition. Meanwhile Thunderbird + privacy mods is the best we have.

Email is here to stay unfortunately and is usually the only way to contact certain people and endpoints. Having a secure as possible default option is mandatory to minimize the privacy damage. Meanwhile we should advise users to use alternative ways like OMEMO chat clients, but this is an open problem for desktop and we’ve yet to find a single client that readily works out of the box.

I did a write-up about Wire and I have to go back and read it to see what the obstacles were.

a fair point. i’ll keep the email instructions i work on as is, minus torbirdy, until i find a better client. as for instant messaging, i guess it’s just time to bite the bullet and go with the gajim instructions i have. it appears to be one of the few working clients in the debian repos at the moment.

torbirdy is still good to go so far. I’m using it without problems, but it won’t work forever because it’s abandonware at this point. Hopefully we can include Tails’ optimizations as an alternative by then.

are you using the most recent thunderbird client? because, it will not even load in my client now.

1 Like

I stand corrected. It doesn’t show up anymore though it seemed to work initially