torbirdy replacement

HulaHoop · July 30, 2020, 12:02pm

Done. We now have a functional and private Torbirdy successor TB.

Patrick · July 31, 2020, 10:47am

This is now in Whonix testers repository.

Awesome! Great work!

Patrick · August 10, 2020, 11:07am

Also in stable-proposed-updates Whonix repository for a few days now.

u896265715 · August 26, 2020, 7:46pm

How can I download the thunderbird package with torbirdy from the Whonix repository?

Patrick · October 14, 2020, 10:44am

This is available in all Whonix repositories.

Quote Whonix / Kicksecure 15.0.1.4.8 - for VirtualBox - Point Release!

Thunderbird protocol level leak prevention. Replacement for what previously was done by torbirdy. See torbirdy deprecated - replacement required . Ported from Tails to anon-apps-config. Credits: Thanks to Tails for the torbirdy replacement. Thanks @HulaHoop for the port to anon-apps-config.

LavenderLevitator · October 18, 2020, 10:04pm

I at first posted this into the support section - but I don’t need support for this and as the wiki points for reports to the forum in general and I’m not sure about usual practice, I decided to repost it here, as it seems related.

The standard Thunderbird network configuration 127.0.0.1:9102 should be redirected by anon-ws-disable-stacked-tor to 10.152.152.10:9102, but it isn’t in 15.0.1.4.9.libvirt for me.

UWT_DEV_PASSTHROUGH=1 curl 127.0.0.1:9102 responds with curl: (7) Failed to connect to 127.0.0.1 port 9102: Connection refused

No file for the 9102 port in /lib/systemd/system/ gets created.

So Thunderbird doesn’t work with the pre-configured settings. Setting it to 10.152.152.10 obviously ‘fixes’ it. As the redirection got added in this thread, I thought it might be relevant.

If you deem my current other problems causing this (Flushing iptables once, else no connection), then please feel free to delete/ignore this post.

HulaHoop · October 19, 2020, 2:08pm

No it’s its own problem. I’ve seen reports about it on Twitter. @Patrick is there a better option that disabling this option altogether? I’d prefer getting stream isolation sorted out for it if possible.

Patrick · October 19, 2020, 3:36pm

Temporary fix which users can run inside Whonix-Workstation:

sudo /usr/lib/anon-ws-disable-stacked-tor/systemd-unit-files-generator

Package fix will come later through upgrades:

Patrick · August 17, 2022, 12:37pm

Is this file still useful/required? @HulaHoop (since you originally added that)

github.com

Whonix/anon-apps-config/blob/master/usr/lib/thunderbird/thunderbird.cfg

// IMPORTANT: Start your code on the 2nd line
lockPref("mail.identity.id1.draft_folder", "mailbox://nobody@Local\%20Folders/Drafts");
lockPref("mail.identity.id2.draft_folder", "mailbox://nobody@Local\%20Folders/Drafts");
lockPref("mail.identity.id3.draft_folder", "mailbox://nobody@Local\%20Folders/Drafts");
lockPref("mail.identity.id4.draft_folder", "mailbox://nobody@Local\%20Folders/Drafts");
lockPref("mail.identity.id5.draft_folder", "mailbox://nobody@Local\%20Folders/Drafts");
lockPref("mail.identity.id6.draft_folder", "mailbox://nobody@Local\%20Folders/Drafts");
lockPref("mail.identity.id7.draft_folder", "mailbox://nobody@Local\%20Folders/Drafts");
lockPref("mail.identity.id8.draft_folder", "mailbox://nobody@Local\%20Folders/Drafts");
lockPref("mail.identity.id9.draft_folder", "mailbox://nobody@Local\%20Folders/Drafts");
lockPref("mail.identity.id10.draft_folder", "mailbox://nobody@Local\%20Folders/Drafts");
lockPref("mail.identity.id11.draft_folder", "mailbox://nobody@Local\%20Folders/Drafts");
lockPref("mail.identity.id12.draft_folder", "mailbox://nobody@Local\%20Folders/Drafts");
lockPref("mail.identity.id13.draft_folder", "mailbox://nobody@Local\%20Folders/Drafts");
lockPref("mail.identity.id14.draft_folder", "mailbox://nobody@Local\%20Folders/Drafts");
lockPref("mail.identity.id15.draft_folder", "mailbox://nobody@Local\%20Folders/Drafts");
lockPref("mail.identity.id16.draft_folder", "mailbox://nobody@Local\%20Folders/Drafts");
lockPref("mail.identity.id17.draft_folder", "mailbox://nobody@Local\%20Folders/Drafts");
lockPref("mail.identity.id18.draft_folder", "mailbox://nobody@Local\%20Folders/Drafts");
lockPref("mail.identity.id19.draft_folder", "mailbox://nobody@Local\%20Folders/Drafts");

This file has been truncated. show original

(Came up due to [Resolved] Thunderbird mail.server.server1.check_new_mail Preference Locked in Whonix Workstations)

throwawayStowaway · August 17, 2022, 1:02pm

I think he just kanged it from https://gitlab.tails.boum.org/tails/tails/-/commits/stable/config/chroot_local-includes/usr/lib/thunderbird/thunderbird.cfg.

Commit log says @intrigeri on the Tails gitlab wrote that. Maybe ask him?

EDIT: Linked the relevant file

Patrick · August 17, 2022, 1:54pm

Tails still has config/chroot_local-includes/usr/lib/thunderbird/thunderbird.cfg · master · tails / tails · GitLab

Unlikely that someone from Whonix will do this. So if you don’t do it, most likely won’t happen.

HulaHoop · September 20, 2022, 12:16pm

Yes it is the setting that forces TB to use local drafts folders instead of those on the server. It’s an important privacy setting.

Patrick · September 21, 2022, 8:33am

But the enigmail settings can be removed?

github.com

Whonix/anon-apps-config/blob/master/usr/lib/thunderbird/thunderbird.cfg#L83-L106


      
          // Hide welcome message, which is not relevant in the context of Tails
          pref("mailnews.start_page.enabled", false);
          
          
// Original: https://gitlab.tails.boum.org/tails/tails/-/blob/stable/config/chroot_local-includes/usr/lib/thunderbird/thunderbird.cfg

HulaHoop · September 25, 2022, 9:41am

I need to see all of the thunderbird related configs. The repo search functions seem to have been messed up by MS lately. Then I have to see what the new options are for similar encryption settings set by Tails.

HulaHoop · September 25, 2022, 9:11pm

OK figured out all the changes needed and will commit soon.

Note that
/etc/thunderbird/pref/30_whonix.js may also be obsolete?

HulaHoop · September 26, 2022, 8:34am

Note for self: all TB files are in this package:

Patrick · September 26, 2022, 11:58am

Usability impact only:

/usr/lib/thunderbird/thunderbird.cfg was lacking

pref(“mailnews.start_page.enabled”, false);

but config/chroot_local-includes/usr/lib/thunderbird/thunderbird.cfg · stable · tails / tails · GitLab has it

Was this on purpose?

Added just now.

Patrick · September 26, 2022, 12:01pm

Yeah.

pref(“extensions.torbirdy.gpg_already_torified”, true);

Since torbirdy was deprecated, is no longer installed and torbirdy isn’t to be found in about:config we can be confident that it can be removed.

Best to remove the setting (minor cleanup) but keep the rest of the file just in case for the future?

HulaHoop · October 1, 2022, 6:40pm

Yes it was because it is already in the master settings file /etc/thunderbird/pref/40_thunderbird.js

I added this before they did

HulaHoop · October 1, 2022, 6:44pm

You mean you want this file dedicated to encryption settings? I think it is more work and redundancy since everything is just dumped in the main file. If you want to keep the comments around as a reference, just go ahead and move them in

/etc/thunderbird/pref/40_thunderbird.js

under one of the native encryption prefs