Attentive Otter: Analysis of Instantbird/Thunderbird

This outline was a collaborative effort between me and Sukhbir Singh. Code and package URLs: Packages: http://instantbird.com/download-all.html Nightlies: http://nightly.instantbird.im/ Instantbird Code: http://hg.instantbird.org Thunderbird Code: https://github.com/mozilla/releases-comm-central FAQ: http://instantbird.com/faq.html Instantbird Overview: + Cross-platform (Windows, OS X, Linux). + Based on XUL+XPCOM (specifically Thunderbird). + Many existing Thunderbird addons should be easy to port. + Periodically syncs its codebase with Thunderbird: - https://bugzilla.mozilla.org/show_bug.cgi?id=920801 + Thunderbird can be used as combined secure Chat+Email communications software. + One piece of software for all secure communications is a usability win + Leveraging the work done on TorBirdy, we can distribute Instantbird and Tor (and related components) in a single package, or as a combined addon. + Use Tor Launcher as the controller (sukhe recently added Thunderbird support) + Will allow seamless zero-configuration Tor usage for normal case, and will share Tor Browser's future Pluggable Transport support with no additional effort. + See the TorBirdy manual for more information: https://trac.torproject.org/projects/tor/wiki/torbirdy#TorBirdywithTorandTor... + Good protocol support: Currently Instantbird supports by default: AIM, Bonjour, Facebook Chat, Gadu-Gadu, Google Talk, Groupwise, ICQ, IRC, MSN, MySpaceIM, Netsoul, Odnoklassniki, QQ, Simple, Twitter, VKontakte, XMPP, Yahoo and Yahoo JAPAN. + Supports "portable version". + InstantBird is available in 14 languages; Thunderbird is available in ~65 + Clean and easy to use interface. + We are amassing a fair amount of in-house expertise with Mozilla/XPCOM, which we can use for code review, UI design, etc. + Can also leverage our existing relationship with Mozilla to share workload Security Properties: * Currently based on libpurple, but Mozilla is working to replace libpurple with pure JS implementations (due to both licensing and code quality/security issues with libpurple). Instantbird nightlies have this code but it must be enabled via about:config. Seems to work. + http://clokep.blogspot.com/2013/10/yahoo-protocol-google-summer-of-code.html + http://lxr.instantbird.org/instantbird/source/chat/protocols/ + http://lxr.instantbird.org/instantbird/source/chat/protocols/xmpp/ - No OTR support yet + OTR support tickets: https://bugzilla.instantbird.org/show_bug.cgi?id=877 https://bugzilla.mozilla.org/show_bug.cgi?id=779052 + For a stopgap/prototype: We can use the js-ctypes wrapper of libotr along with the message observer API + Example observer API use w/ rot13: http://hg.instantbird.org/addons/file/tip/rot13 + JS-Ctypes wrapper for native libotr: http://gitorious.org/fireotr/fireotr/blobs/master/chrome/content/otr_wrapper... + The ctypes wrapper can be converted to an XPCOM wrapper later. + According to sshagarwal #maildev on irc.mozilla.org, Mozilla is also working towards implementing all of the primitives needed for OTR (and OTR itself) in NSS. These are listed in this comment: https://bugzilla.mozilla.org/show_bug.cgi?id=779052#c17 + We could also rely on the ctypes wrapper until native support is available, and possibly skip an XPCOM libotr wrapper entirely. + Solid proxy support. JS XMPP implementation allows you to omit DNS SRV and since everything goes through nsIChannels, proxy support is easy to verify and audit. + Messaging window is jailed to type=content (unlike cryptocat) and is additionally XSS filtered immediately prior to display: https://mxr.mozilla.org/comm-beta/source/chat/modules/imContentSink.jsm Summary of Goals Met: Release a secure, portable chat program that sends all traffic over Tor: + Yes. Can be used with a wide variety of chat networks: + Yes, even without libpurple Uses off-the-record encryption of conversations by default: - Not yet, but support is coming, and it's not too hard to deploy a stopgap French, Spanish, and Arabic support: * Partly yes. Full support for French and Spanish, but Instandbird has no translations for Farsi or Arabic (however Thunderbird does support these locales and can also be used as a chat client). -- Mike Perry

Mike Perry:
+ Leveraging the work done on TorBirdy, we can distribute Instantbird and Tor (and related components) in a single package, or as a combined addon. + Use Tor Launcher as the controller (sukhe recently added Thunderbird support) + Will allow seamless zero-configuration Tor usage for normal case, and will share Tor Browser's future Pluggable Transport support with no additional effort. + See the TorBirdy manual for more information: https://trac.torproject.org/projects/tor/wiki/torbirdy#TorBirdywithTorandTor...
I'd like to add that we can probably also leverage the work done on using Mozilla's updater in TBB to perform automatic updates of an Instantbird bundle. -- Lunar <lunar@torproject.org>

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So the lack of OTR support in Instantbird is nearly a dealbreaker for me, as it makes it a bit more likely than a rogue exit could intercept a user's communications. Though this depends in part on SSL/TLS support and whether a user *actually enables* it in their settings. Would the plan be to create and test a reliable OTR patch for Instantbird? Pidgin's big issue before was DNS leaks. How is this addressed by Instantbird? (okay, there are a few big issues with Pidgin but...) I like Instantbird's UI, but we should come up with a plan to set proper defaults. ~Griffin Mike Perry & Sukhbir Singh wrote:
- No OTR support yet + OTR support tickets: https://bugzilla.instantbird.org/show_bug.cgi?id=877 https://bugzilla.mozilla.org/show_bug.cgi?id=779052 + For a stopgap/prototype: We can use the js-ctypes wrapper of libotr along with the message observer API + Example observer API use w/ rot13: http://hg.instantbird.org/addons/file/tip/rot13 + JS-Ctypes wrapper for native libotr:
http://gitorious.org/fireotr/fireotr/blobs/master/chrome/content/otr_wrapper...
+ The ctypes wrapper can be converted to an XPCOM wrapper later. + According to sshagarwal #maildev on irc.mozilla.org, Mozilla is also working towards implementing all of the primitives needed
for OTR (and OTR
itself) in NSS. These are listed in this comment: https://bugzilla.mozilla.org/show_bug.cgi?id=779052#c17 + We could also rely on the ctypes wrapper until native support is available, and possibly skip an XPCOM libotr wrapper entirely.
- -- "Cypherpunks write code not flame wars." --Jurre van Bergen #Foucault / PGP: 0xAE792C97 / OTR: saint@jabber.ccc.de My posts are my own, not my employer's. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJSVcVCAAoJEOMx/SmueSyX/T4QALZ3WzbxxNtOj/FbDciYb3t5 B793kSDIrezwZ/lhYtfgAxP9TKGZ2K5yCBf5CtAPWoBSp4vXmscdfkI+1jE2aU6E rBCTgjDpw+r27hrmU6rm78awhzrg6jpTrBpiMFuEKmCT0ZREdt/1xj9cJCLYjUId 50fmz7uv6/8MeLvy+yUJTYMbxwLfTbLRMWY7OzipJTozuot3+13I6qh4zh9N5qnq qahxu2cpE+oe8MuWSHdGv14pHziKs+r9ebIh4WKcrP4dRq4hixagSRbS078XN9fR BEV+JFsHrtLXLjvfaxxBZor4lhoK3Zt1GmgPFOB+LiMZh5X9LdsVlLSha04+084z JmMkYVruPYAJo0uaxOQU0pTTKJmzSwxzB3xebw+oGBzrLP5rdO85oOOv6ND+mOFv EymTo6exsbQiFg7bmFuT2pF9npJsqpKuNEM+Pinrxx1JZrzPTBBD0wDMZs6jh7Z3 vE7cyFYI5qIfv5uAyDQyF1UENX8L7HIQIf9N4TmagksdEsM/wAn9w8ZswSsUwUHO xOzaJwC/4NnUQODlI/YYzI+9E6vaXJ2RxWtiCeCGHSbDkXiAdUTPps6se4I/jdGW t2G6DPFM+k9BZDA8Wz+ulH10rlaYOPuhTmBHvuf+cXZpZRyLpse4bTqCcSOAfL8p PZbvZukOi83RQ4ThJv0C =5/Gh -----END PGP SIGNATURE-----
participants (3)
-
Griffin Boyce
-
Lunar
-
Mike Perry