* Nurmi, Juha:
> Hi,
>
> Yesterday, when I was using Tor Messenger, I detected that Off-the-Record
> Messaging fingerprints are not matching!
>
> There seems to be a man-in-the-middle attack. The attacker probably is an
> exit node.
>
> I was comparing public key fingerprints through a secure
* karste...@mailbox.org:
> Hi,
>
> On December 8, 2015 at 6:05 AM Sukhbir Singh <az...@riseup.net> wrote:
> > Before upgrading to the new release, you will need to backup your OTR
> > keys
>
> If you were using a Tor Hidden Services of your Jabber ser
We are pleased to announce another public beta release of Tor Messenger. This
release addresses a number of stability and usability issues, and includes the
default bridge configurations for pluggable transports.
The initial public release [0] was a success in that it garnered a lot of
useful
> Select Turn On Chat or Turn Off Chat
Should be:
> Select Turn On Chat
--
Sukhbir
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
* Qaz:
> Damn the Facebook .onion is s slow! :(
Wait, onion? No, there is no onion for the chat. We are connecting to
chat.facebook.com on port 5222. (We have asked FB if they can provide that or
are even thinking of supporting XMPP.)
--
Sukhbir
--
tor-talk mailing list -
Hi,
> Hi guys!
>
> Are there any updates regarding Facebook chat not being able to work
> properly on Tor Messenger?
>
> Thanks a lot! Looking forward to hear from you guys!
We are finalizing the FAQ, but till then, here is what you should try:
If you are having trouble getting Tor
> Have you got a Tor Messenger ID or something? Do you mind? :D
Sorry, no FB. If you were able to connect to it, then it worked. Do note that
the other person has to have Tor Messenger or another OTR-enabled client that
supports FB (like Pidgin) if you want to chat with them.
--
Sukhbir
--
* Michael McConville:
> Facebook stopped supporting XMPP and recently broke XMPP compatability.
> This is likely the problem, and there isn't an easy solution. James
> Geboski's libpurple plugin is the main open source implementation of
> their new proprietary protocol, IIUC.
This is also true.
Hi,
Today we are releasing a new, beta version of Tor Messenger, based on
Instantbird [0], an instant messaging client developed in the Mozilla
community.
* What is it?
Tor Messenger is a cross-platform chat program that aims to be secure by
default and sends all of its traffic over Tor. It
or on IRC.
Thanks,
Arlo Breault, Nicolas Vigier, Sukhbir Singh
signature.asc
Description: Digital signature
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
I have noticed that when I try to login to my Gmail or Hotmail accounts with
Tor, I invariably get asked to validate myself (e.g. receive an SMS). This
is understandably due my IP being in a different country from the usual
IPs that I use to sign in.
However, I have experimented with
This was still better than what some other users who used Tor over Gmail
reported -- in some cases, Gmail would force them to provide a phone
Er, Gmail over Tor.
--
Sukhbir
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
* Runa A. Sandvik:
On Thu, Mar 12, 2015 at 4:11 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
We're looking for assistance with Translations - if you'd like to
translate TorBirdy, we'd gladly accept a patch that prepares TorBirdy
for translation work. We now have an amazing number of
Two small updates to this release:
1. Mozilla has fully reviewed TorBirdy (thanks Mozilla for doing this so
quickly!) and version 0.1.4 is now available from the add-ons website.
https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/
2. We forgot to mention in the changelog, but this
Hi,
I have now been able to reproduce this issue thanks to a hint by an
anonymous user on ticket #14099 (https://bugs.torproject.org/14099).
I think we have an idea as to what is preventing Thunderbird from
starting (in some cases) with TorBirdy 0.1.3. To confirm whether the
hypothesis is
://github.com/arlolra/ctypes-otr
[5] - http://rbm.boklm.eu/
Thanks,
Arlo Breault and Sukhbir Singh
signature.asc
Description: Digital signature
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman
* l.m:
Hi, It would be useful to know how the email account is setup in
general. Whether POP, IMAP, SMTP is used. SSL (TLS Wrapper) or
STARTTLS. Have any changes been made to default configuration of
Torbirdy preferences or non-default tor ports.
Yes, SSL/TLS is enforced for all accounts
and #13982.
Yeah, it's a huge problem - happened to a friend, and ultimately led to me
not redistributing TorBirdy.
But solving this bug is not as straightforward as it seems, as Jake points
out. Especially for Windows, it's not always easy to know what else the
user is running
I just tried TorBridy 0.1.2 (https://dist.torproject.org/torbirdy/) and it
works fine with Thunderbird 31.3.0. And I see there few changes for
TorBirdy v0.1.3
(https://github.com/ioerror/torbirdy/commit/714252d242dc967204215063ec300fcf24886890),
so maybe not too hard to figure out
The plugin on AMO has been preliminarily reviewed and we are still in
the review process. It is again possible (Hooray!) to install TorBirdy
directly from Thunderbird or by downloading the extension in a web
browser from Mozilla's website:
TorBirdy 0.1.3 is now available from Mozilla Add-ons.
* Imran Ahmad:
Can some one tell me about available simulators for Tor network.?
Shadow.
https://shadow.github.io/
--
Sukhbir
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
Hi can any one tell me how i can find my first peer hop usin tor bowser, I
academically need it to know
You can do this with Stem:
https://stem.torproject.org/
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
Have I written, that there is anything creepy about that?
The basic question is, in how the tor project can be trusted if we look
on suspicious activities of tor developers (e.g. choosing worse design
decisions).
I am not sure what you mean by choosing worse design decisions?
The timing
Hi,
Griffin Boyce:
Hey all,
So Satori is this app for Google Chrome that distributes circumvention
software in a difficult-to-block way and makes it easy for users to
check if it's been tampered with in-transit. I've been kind of
obsessive about it, and now that it's been released, I'd
nb.linux:
When I opened that email and set View/Message Body As/Original HTML,
Torbirdy did not prevent the tab to load nor refuse to display the HTML.
(Maybe this is intended, because Torbirdy only focuses on normal email
accounts(?))
No, this is not related to the type of emails accounts
form and thus were able to reproduce this behaviour. If TorBirdy is
enabled, it will convert the HTML to plain text (sanitizing it) before
displaying it.
Just to clarify: Thunderbird does the HTML sanitization, not TorBirdy.
TorBirdy just makes sure that the relevant preferences are enabled
This issue does not affect TorBirdy as it disables HTML emails. From [0]:
emails you send will be in plain text and HTML emails you receive
will be sanitized and converted to plain text.
(I have tried to reproduce this leak and can confirm that Thunderbird
+ TorBirdy is not vulnerable.)
[0] -
Hi,
An error occurred during a connection to imap.aol.com:993.
Peer attempted old style (potentially vulnerable) handshake.
(Error code: ssl_error_unsafe_negotiation)
That explains it! TorBirdy is preventing Thunderbird from connecting
to imap.aol.com because it does not support secure
nb.linux:
I was thinking whether it could be a good idea to have the
--hidden-recipient
option for GnuPG set in torbirdy by default? (if at all possible [*])
`man gpg2' says
--hidden-recipient name
-R Encrypt for user ID name, but hide the key ID of this user’s
key.
And I think I should make it clear just for the record that you should
not use Transparent Torification in TorBirdy if yo don't know what it
is or without understanding what it does. Please make sure you read
about it [1] before enabling it; there is a reason the label for it is
in red colour :-)
Hi,
I am using torbirdy in Thunderbird in linux mint 16.I have two mails
account aol and riseup. Riseup works good with torbirdy but cannot
receive and send emails from aol. Help me so I can use both accounts
or tell me procedure to disable torbirdy for aol and keep using it
Mix+TB Test:
Running TB 24.1.0 with TorBirdy 0.1.1 under Linux. No issues. Default
settings, no other extensions.
It probably works, but I expect it to be broken for some preference
settings (not the important ones) and the account manager because of the
changes introduced in TB 24. Long story
antispa...@sent.at:
If TorBirdy 0.1.2 has support for Thunderbird 24, can I just leave my
current configuration and just upgrade the TorBirdy plugin? As far as I
can tell, all the connections of Thunderbird 24 are made through Tor,
less the DNS part.
When you say configuration, which
antispa...@sent.at:
I downloaded TorBirdy 0.1.1. Than I installed clean Thunderbird from
PortableApps.com. Made sure nothing is called or installed before
TorBirdy. Than I have set up my account. A few of them actually. Than I
installed some extra extensions. TorBirdy is not used for
Gerardo:
I was referring to add the capability for the user to change the
SocksPort in the recommended proxy settings (at least at the config
editor), not in the Use custom proxy setting, where is too clear it
can be changed.
I don't know why you want to change it through the config editor or
Hi,
While you are talking about the torbrowser patches
(https://gitweb.torproject.org/torbrowser.git/tree/HEAD:/src/current-patches/firefox),
I'm referring to the Thunderbird Message-ID problem:
https://trac.torproject.org/projects/tor/ticket/6315
In all fairness, I agree with Mark Banner's
anonymous coward:
I start Tor with Vidalia. And I use TorBirdy with Thunderbird.
Sometimes I see a message from Vidalia:
This is from the Vidalia log:
Jul 02 22:34:44.907 Application request to port 143: this port is
commonly used for unencrypted protocols. Please make sure you don't
anonymous coward:
You should use port 993 (SSL/TLS) for all IMAP accounts if you want to
connect to your mail server over Tor. That is why it is the default
setting :)
Thunderbird try to circumvent Tor? Isn´t it just normal, TB tries
to connect to the imap server on its port?
No, it's not
Bry8 Star:
I manually change mailnews.wraplength inside about:config of TB
(Thunderbird), from 72 to 68, but when TB is restarted it goes back
to 72 again ! why it is not honoring my custom settings ! ?
Yup, lots of people have asked for this and we should allow users to set
their own custom
Hi,
Anthony Papillion:
Hello Everyone,
Is Thunderbird safe to use with Tor?
Use TorBirdy -- Torbutton for Thunderbird [0]. Do read the installation
notes before using it [1].
From the 0.0.13 release notes [2]:
It's still quite experimental - of course. Use at your own risk and
especially if
Hi,
Mix+TB Test:
+ Message pane is on
+ Quick filter is on
No, we don't change these. Any reason we should be closing them?
No reason to close them, I was just expecting them to remain in the same
position as they were when TB was closed, like regular TB. Not a big
problem, just
Hi,
Mix+TB Test:
All appears to be working well from TorBirdy. But there are a few
unexpected happenings from within Thunderbird (Debian 6.0.6, 64-bit).
All occur at start-up, regardless of how settings were left when closing
down:
+ Message pane is on
+ Quick filter is on
No, we don't
Hi,
adrelanos:
Hi,
While you are deeply into the gpg/Tor/socks/DNS topic...
Could you recommend a gpg.conf for use with Tor please?
In TorBirdy 0.0.13, Enigmail traffic is fail-closed but Enigmail is
still supported. However, even if you were to use a gpg.conf file, all
configuration
Hi,
adrelanos:
System: Debian Wheezy
gpg --keyserver-options debug --search-keys somethingnonexisting
gpg --keyserver-options debug --search-keys somethingnonexisting
gpg: searching for somethingnonexisting from hkp server
2eghzlv2wwcq7u7y.onion
gpgkeys: curl version = GnuPG curl-shim
Hi,
antispa...@sent.at:
Also, please use 0.0.13 and not 0.0.11, there are many important bug
fixes. 0.0.13 will be available from Mozilla add-ons soon (we have
submitted it for review) [2].
Sukhbir, could you make a small tutorial on how to test TorBirdy? I'm
willing to create one or two
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
TorBirdy 0.0.13 has passed preliminary review and is now available
from Mozilla Add-ons. You can install TorBirdy 0.0.13 directly from
Thunderbird or by downloading the extension in a web browser from:
Hi,
A. Kong:
I forgot, there was:
https://accounts.google.com/DisplayUnlockCaptcha
Sign in using the application you want to authorize access to your
account within the next ten minutes. Google will remember the
application after it signs in, and will allow it to access your
account in
Hi,
antispa...@sent.at:
We suggest using 0.0.13 - we've fixed a lot of bugs. It is pending
approval from Mozilla - so download it here:
https://www.torproject.org/dist/torbirdy/torbirdy-0.0.13.xpi
https://www.torproject.org/dist/torbirdy/torbirdy-0.0.13.xpi.asc
Thank you Jacob!
Still,
Hi,
Akagi Kong:
Yes, its been a headache -- out of the box; I've had to change passwords
several times on several Gmail accounts. I still can't get this setup to
work.
Yes we are aware of this issue. But once your account is locked, you
_have to_ log in via the web interface (and possibly
Hi,
Rejo Zenger:
I have added a Dutch translation for the files at [...]
I have added a pull request for this change in GitHub.
If you have any questions, feel free to ask.
Pull request merged and Dutch translation added.
Thank you!
--
Sukhbir
Hi,
A. Kong:
Hello,
I lost track of TorBirdy, but today I realised it was complete and
available, although it isn't even mentioned on the main Tor site.
Gmail works fine when I disable TorBirdy. Which free email providers
currently allow the use of TorBirdy?
TorBirdy works
Hi,
tor user22:
Hi all,
My GMail account configured on Thunderbird,whether TORBirdy is enabled or
not I can't send any message but receiving is ok, SMTP error screen
appears, even ask me to enter my account password.
Please let us know the exact error message and the TorBirdy version you
Hi,
SnakTaste:
Tanks Sukhbir and Roger, I'll give Torbirdy a tray and see what to do
about Firefox.
TorBirdy requires that you have Tor installed. So, the best solution for
you is to use the Tor Browser Bundle, ignore the browser if you don't
need it, and use Thunderbird + TorBirdy.
We don't
Hi,
You should also be aware that you're probably screwing up your privacy at
the application layer if you use Thunderbird with Tor. The new Torbirdy
extension is a good start, but it sure isn't a complete solution yet.
Right, TorBirdy is not completely ready yet. But if you are using
Hi,
Ethan Lee Vita:
Could someone share some advice on where to look for a solution? I've
not seen any mention via online searches, this list, or the bug tracker
regarding anyone else having this problem, so I suspect its something on
my end.
To add to what Jake said, either try accessing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Mix+TB Test:
the auto-configuration wizard leaks, so we disabled it
Confirmed.
the timezone is now UTC and does not leak your actual timezone
Confirmed.
That's good to know!
Just the Message-ID from what I can see. No leaks
Hi,
Karsten N.:
I would recommend the following settings to use English reply headers in
the mail to hide personal language preferences of the user:
mailnews.reply_header_authorwrote%s wrote
mailnews.reply_header_ondate On %s
mailnews.reply_header_locale
Hi,
/* instead of sending/leaking your local ip-address, add a word like
mailproxy in helo/ehlo field */
user_pref(mail.smtpserver.default.hello_argument, mailproxy);
Done.
/* when portable-thunderbird runs first time, then allow/partially-force
to go via Tor-proxy. The Polipo will be
Hi,
I didn't see the Message ID as harmful, but I'm more than happy to be
educated on this front. I do see the timezone leakage as a problem.
The Message-ID used by Thunderbird consists of two parts: the Unix
timestamp in hexadecimal format (which matches the time in the 'Date'
header) and a
59 matches
Mail list logo