TorBirdy 0.2.2 is released
We are pleased to announce the eighth beta release of TorBirdy: TorBirdy 0.2.2. This release adds support for Thunderbird 52 and also features improved security configuration settings for Thunderbird. All users are encouraged to update.
If you are using TorBirdy for the first time, visit the wiki to get started.
There are currently no known leaks in TorBirdy but please note that we are still in beta, so the usual caveats apply.
Here is the complete changelog since v0.2.1:
0.2.2, 03 April 2017
* Bug 20751: Enforce stronger ciphers in TorBirdy
* Bug 6958, 16935, 19971: Add support for already torified keyserver
communication using modern GnuPG
* The minimum supported Thunderbird version is 45.0 and the maximum is 52.*
* Update default keyserver to OnionBalance hidden service pool
We offer two ways of installing TorBirdy: by visiting our website (GPG signature; signed by [geshifilter-code]<a href="https://www.torproject.org/docs/signing-keys.html.en">0xB01C8B006DA77FA…]) or by visiting the Mozilla Add-ons page for TorBirdy.
Please note that there may be a delay -- which can range from a few hours to days -- before the extension is reviewed by Mozilla and updated on the Add-ons page.
The TorBirdy package for Debian GNU/Linux will be uploaded shortly by Ulrike Uhlig.
Comments
Please note that the comment area below has been archived.
Great to see that TorBirdy
Great to see that TorBirdy is still taken care of, thank you!
Thank you!
Thank you!
shouldn't this be part of
shouldn't this be part of Thunderbird and Enigmail ,aka upstream instead ?
Do you mean the extension
Do you mean the extension itself or the settings we are changing? The former is unlikely but the latter is a long-term goal.
Anyone have good
Anyone have good "about:config" rules for Thunderbird lock down
TorBirdy already does that,
TorBirdy already does that, if that was the question? See https://gitweb.torproject.org/torbirdy.git/tree/components/torbirdy.js#…
I updated the birdie from
I updated the birdie from inside tb but the refferred page was not reacheable without a security exception from TB
Your connection is not secure
The owner of support.mozilla.org has configured their website improperly. To protect your information from being stolen, Tor Browser has not connected to this website.
Learn more…
support.mozilla.org uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.
Error code: SEC_ERROR_UNKNOWN_ISSUER
Lamers from Mozilla teaching
Lamers from Mozilla teaching others how to deal with security can't configure their own servers properly, lol:
This server's certificate chain is incomplete.
https://www.ssllabs.com/ssltest/analyze.html?d=support.mozilla.org
PS This is the address that
PS This is the address that gives a certificate error. Even after the exception it was not reacheable
https://support.mozilla.org/1/firefox/45.8.0/Linux/en-US/unsigned-addons
Seems to be an issue with
Seems to be an issue with support.mozilla.org... Maybe try from https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/
When I used tb addons to
When I used tb addons to search for tor-birdie it did not find anything, although the main add-on page opened up. When I clicked on "check for upgrades" it found an upgrade and once restarted it was on 0.2.2
The web-page itself seemed to be having certification issues but it could be a transition problem. I was just reporting the issue, my upgrade worked.
Thanks, for all your work on
Thanks, for all your work on Torbirdy.
Has someone thought of activating the new Enigmail feature that allows to encrypt the subject line, References, etc. ("Memory Hole Protected E-mail Headers"[1]), too? It works fine for me, maybe it's time too push this feature a bit by enabling it by default;-)
---------------------------------------
extensions.enigmail.protectHeaders true
Protect sensitive headers of encrypted messages, such as the subject. The original header is moved into the encrypted message and replaced by a dummy value (such as "Encrypted Message"). This is part of the Memory Hole standard that is currently being developed.
extensions.enigmail.protectedSubjectText Encrypted Message
Text to use as replacement for the subject, following the Memory Hole standard. If nothing is defined, then "Encrypted Message" is used. [2, 3]
[1] https://github.com/ModernPGP/memoryhole
[2] https://enigmail.wiki/Advanced_Operations
[3] https://privacy-handbuch.de/handbuch_32w.htm
Thanks for reporting this!
Thanks for reporting this! Someone opened a ticket with this comment (https://trac.torproject.org/projects/tor/ticket/21880) so we will continue the discussion there.