Photo by Adam Jones. License: CC-BY-4.0

TorBirdy is an extension for ​Mozilla Thunderbird that configures it to make connections over the Tor network. TorBirdy automatically enhances the privacy settings of Thunderbird and configures it for use over Tor -- think of it as ​Torbutton for Thunderbird.

We are pleased to announce the ninth beta release of TorBirdy: TorBirdy 0.2.3.

This release enables encrypted email headers in Enigmail (as defined by the Memory Hole standard) that helps prevent metadata leaks. Please see Bug 21880 for the general discussion on this topic and why we decided to enable this preference ( extensions.enigmail.protectHeaders ) in TorBirdy.

This Enigmail feature encrypts the Subject and References headers by moving them into the encrypted message body. The Subject header text is replaced with the dummy text "Encrypted Message" instead of the original text, which is decrypted automatically when the recipient opens the email if they are using Enigmail. If not, and because this feature is not implemented in other mail clients yet, they will see "Encrypted Message" instead of the subject. Note that the Subject header is not lost -- it is still a part of the message and can be decrypted manually if required. This seems to be a rather small trade off compared to sending the Subject header in plain text.

Note that it is possible to disable this from TorBirdy's preferences in case it breaks your email setup. (Please help us by filing a bug report in case this happens.) For an-easy-to-understand introduction to Memory Hole, please refer to this presentation (PDF) by Daniel Kahn Gillmor.

If you are using TorBirdy for the first time, visit the wiki to get started.

There are currently no known leaks in TorBirdy but please note that we are still in beta, so the usual caveats apply.

Here is the complete changelog since v0.2.2:

0.2.3, 04 Aug 2017

* Bug 21880: Enable encrypted email headers for Enigmail (Memory Hole)

* Bug 22569: Update Enigmail values for custom proxy settings

* Bug 22318, 22567: Disable Microsoft Family Safety and Google Safe Browsing

* Update keyserver port to 9150 (Tor Browser default)

We offer two ways of installing TorBirdy: by visiting our website (GPG signature; signed by 0xB01C8B006DA77FAA) or by visiting the Mozilla Add-ons page for TorBirdy.

Please note that there may be a delay -- which can range from a few hours to days -- before the extension is reviewed by Mozilla and updated on the Add-ons page.

The TorBirdy package for Debian GNU/Linux will be uploaded shortly by Ulrike Uhlig.