torbirdy replacement

configure_locale() {
    # Thunderbird will set the locale based on the environment when
    # this pref is empty, but will then save the result to this pref
    # disabling this "guess" for the next time. We want Thunderbird to
    # always match the locale of the Tails session.
    set_mozilla_pref "${PROFILE}/prefs.js"   \
                     "intl.locale.requested" \
                     '""'                    \

We don’t do anything about locale yet. Not related to torbirdy replacement.

disable_autocrypt() {
    # Disable Autocrypt since it is not safe (#15923).
    set_mozilla_pref "${PROFILE}/prefs.js"                 \
                     "mail.server.default.enableAutocrypt" \
                     "false"                               \

Worthwhile if we share the premise #15923. Do you?
If so, why not disable autoconfig in Thunderbird config same as other changes? Why do it dynamic with a script?

configure_default_incoming_protocol() {
    # For extensions.torbirdy.defaultprotocol, POP = 0, IMAP = 1
    local default_protocol
    if thunderbird_config_is_persistent; then
    set_mozilla_pref "${PROFILE}/prefs.js"                 \
                     "extensions.torbirdy.defaultprotocol" \
                     "${default_protocol}"                 \

If persistent Tails -> POP
If non-persistent Tails -> IMAP
I don’t see any reason to ever default to IMAP. POP was default protocol all the way.

Could you check please if POP is already default protocol? If so, no changes required.

# Suppress Enigmail's configuration wizard by pretending that the current
# version was already configured. Only do this on first run though:
# once we've done this we let Enigmail manage this setting itself
# so it can run any migration code it wants to on upgrades.

Suppress Enigmail’s configuration wizard at first start might be safe to Tails but I think we better avoid the extra complexity of this since then we would also require a shell wrapper (or another implementation) to start Thunderbird.


What would that be useful for?

export GNOME_ACCESSIBILITY=1 probably not important for now since we don’t have any accessibility support yet

Could you look up please SESSION_MANAGER environment variable? (generally and on Tails website)

thunderbird --class "Thunderbird" -profile ~/.thunderbird/profile.default

Why start thunderbird with that command rather than just simple, default thunderbird?

In summary: worth consideration but looks mostly like Tails specific changes unrelated to torbirdy replacement. Some details worth looking up.

1 Like

Debian already ships file /etc/thunderbird/pref/thunderbird.js.
Therefore we cannot easily ship file /etc/thunderbird/pref/thunderbird.js in anon-apps-config.


/etc/thunderbird/pref/ is a drop-in folder.

Do we need to get rid of /etc/thunderbird/pref/thunderbird.js?
If not required, meanwhile I renamed to /etc/thunderbird/pref/40_thunderbird.js.

This is now in Whonix testers repository.

1 Like

Yes I agree after reading the related tickets. Autocrypt causes unencrypted emails to be sent regardless of Enigmail usage:

The way it works is also vulnerable to MitM apparently:

Good point, I will add to the pref.js

Indeed. For most privacy/anonymity purposes Email should be ephemeral as much as possible. However it is still useful to ensure IMAP does not harm privacy as much as possible when it is used and saves Drafts locally. IMAP would be totally unecessary is users have an easy way to archive/backup their inbox when using POP as a VM environment is considered transient and erases any important messages they might want to keep and refer to in the future. Perhaps a script or wiki steps to do this would be enough.


Alright this can be removed

Seems to be Gnome specific not applicable to Xfce so safe to ignore?

The gnome-session program starts up the GNOME desktop environment. This command is typically executed by your login manager (either gdm, xdm, or from your X startup scripts). It will load either your saved session, or it will provide a default session for the user as defined by the system administrator (or the default GNOME installation on your system).


This variable is used by session-manager aware clients to contact gnome-session. 

My guess is to force Thunderbord to always use the customized privacy settings in all cases even if the user creates or imports their own profile


When you install Thunderbird it creates a profile called “default”. This profile will be used automatically unless you invoke the Profile Manager and create a new profile.

1 Like

/etc/thunderbird/pref/40_thunderbird.js already includes:

// Disable Autocrypt by default for new accounts (#16222).
// This does not change anything for accounts that were created before.
pref("mail.server.default.enableAutocrypt", false);

Duplication inside https://gitlab.tails.boum.org/tails/tails/-/blob/master/config/chroot_local-includes/usr/local/bin/thunderbird could be legacy from previous implementation / a bug? Or perhaps their function set_mozilla_pref allows users to not-enforce this setting? Either way. Seems done.

1 Like

Tested updated anon-apps-config

Problems I saw:

  • Account wizard has IMAP pre-selected by default. Maybe this pref doesn’t take effect until the patched Thunderbird lands in Debian?
    I want to include the non-scripted pref version in pref.js meanwhile.
    Does the scripted pref translate to pref("extensions.torbirdy.defaultprotocol", 0); ?

  • Drafts are not saved locally when IMAP is used. thundebird.cfg seems to be overrode with the string value in about:config showing mail.identity.id1.draft_folder;imap://RemoteServer.com/Drafts and not mail.identity.id1.draft_folder;mailbox://nobody@Local%20Folders/Drafts

1 Like

Turns out I have to reinstall Thunderbird from scratch on a fresh snapshot, every time I want to play with config settings otherwise they would not take effect even after an apt-get purge.

I removed the settings that block Enigmail from working and this resolves the main blocker I ran into.

Now I have to troubleshoot the prefs that would make local drafts work.

1 Like

(For persistent Tails.)
(But we should always default to POP therefore this is good.)

Please do.

Possible. I don’t know how often that folder is parsed. Only first start vs every start. Perhaps even a setting influences this.

Fresh snapshot is a bit too much effort. Can be easier.
In abstract terms “Any previous state of Thunderbird must be deleted.”
“If it requires a fresh snapshot then you don’t know all the places yet where the application stores state.”
Exceptions [1] (which don’t apply here) aside, the only place where non-root applications can write data is the home folder. [2]
In practical terms: terminate thunderbird + delete thunderbird user data folder.

WARNING: deletes all Thunderbird user data

rm -r .thunderbird

In case you don’t know what the user data folder is… How would I know where XFCE stores any settings? I don’t. I am not an oracle either. Even if I’d know, I’d forget in a year from now.
abstract: “Make a snapshot of the home folder and compare before/after first start of application.”
practical: I recommend to Put home folder under Git Version Control.

[1] Exceptions would be suid and sudoers exceptions which there is no need for in case of browser / mail client user data.
[2] And /tmp and perhaps folders chown’ed to user during package installation but any sane design won’t persist settings from there

1 Like

Now in Whonix testers repository.

1 Like

Discovered that the thunderbird.cfg file had to be activated from pref.js. I tested it and local Drafts now work:

// Loading the lock file: http://kb.mozillazine.org/Lock_Prefs
pref("general.config.filename", "thunderbird.cfg");

Tails activate the lock prefs in /usr/share/thunderbird/defaults/pref/autoconfig.js vs prefs/thunderbird.js. Which one should we go with?


In this ticket about default POP, they say the default protocol patch never worked and they removed the code. Let me know if this is your interpretation. Probably I should rip it out because it is obsolete:


Also what port number for socks proxy should I assign TB? OK to leave the proxy IP at

Commit of major rewrite of custom Tails Thunderbird code:


1 Like

Since we already have /etc/thunderbird/pref/40_thunderbird.js using same file would make sense.

Or keep /etc/thunderbird/pref/40_thunderbird.js as is (original by Tails) and add /etc/thunderbird/pref/40_anon-apps-config-something.js. (replace something)

Other answer: whatever works.


( https://gitlab.com/whonix/anon-gw-anonymizer-config/-/blob/master/usr/share/tor/tor-service-defaults-torrc.anondist#L103 )


This is now in Whonix testers repository.

1 Like

Done. We now have a functional and private Torbirdy successor TB.


This is now in Whonix testers repository.

Awesome! Great work!


Also in stable-proposed-updates Whonix repository for a few days now.


How can I download the thunderbird package with torbirdy from the Whonix repository?

This is available in all Whonix repositories.

Quote Whonix / Kicksecure - for VirtualBox - Point Release!

Thunderbird protocol level leak prevention. Replacement for what previously was done by torbirdy. See torbirdy deprecated - replacement required . Ported from Tails to anon-apps-config. Credits: Thanks to Tails for the torbirdy replacement. Thanks @HulaHoop for the port to anon-apps-config.

I at first posted this into the support section - but I don’t need support for this and as the wiki points for reports to the forum in general and I’m not sure about usual practice, I decided to repost it here, as it seems related.

The standard Thunderbird network configuration should be redirected by anon-ws-disable-stacked-tor to, but it isn’t in for me.

UWT_DEV_PASSTHROUGH=1 curl responds with curl: (7) Failed to connect to port 9102: Connection refused

No file for the 9102 port in /lib/systemd/system/ gets created.

So Thunderbird doesn’t work with the pre-configured settings. Setting it to obviously ‘fixes’ it. As the redirection got added in this thread, I thought it might be relevant.

If you deem my current other problems causing this (Flushing iptables once, else no connection), then please feel free to delete/ignore this post.

1 Like

No it’s its own problem. I’ve seen reports about it on Twitter. @Patrick is there a better option that disabling this option altogether? I’d prefer getting stream isolation sorted out for it if possible.

1 Like

Temporary fix which users can run inside Whonix-Workstation:

sudo /usr/lib/anon-ws-disable-stacked-tor/systemd-unit-files-generator

Package fix will come later through upgrades:

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]