Project

General

Profile

Feature #11798

Document usage of unfriendly email providers using Icedove in Tails

Added by u about 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
09/15/2016
Due date:
% Done:

100%

QA Check:
Pass
Feature Branch:
doc/11798-unfriendly-email-providers
Type of work:
End-user documentation
Blueprint:
Starter:
Affected tool:
Email Client

Description

see https://labs.riseup.net/code/issues/11536#note-10

We need to document that "some unfriendly E-mail providers, like GMail, don't work well in Icedove in Tails". Gmail used OAuth, Javascript and deems that using Thunderbird is "insecure". Furthermore their protection against connections from various places in the world sort of blocks Tor unless the user allows all this specifically and so on and so on.


Related issues

Related to Tails - Bug #11536: Icedove autoconfiguration is broken for ISPs serving a OAuth config Resolved 06/17/2016

Associated revisions

Revision 1fdac7ac (diff)
Added by anonym about 2 years ago

Document that there are unfriendly email providers for Icedove.

Thanks to u for the phrasing!

Fix-committed: #11798

History

#1 Updated by u about 2 years ago

  • Related to Bug #11536: Icedove autoconfiguration is broken for ISPs serving a OAuth config added

#2 Updated by u about 2 years ago

  • Target version set to Tails_2.6
  • Affected tool set to Email Client

#4 Updated by anonym about 2 years ago

  • Target version changed from Tails_2.6 to Tails_2.7

#5 Updated by intrigeri about 2 years ago

  • Status changed from New to Confirmed

#6 Updated by u about 2 years ago

  • Status changed from Confirmed to Resolved
  • % Done changed from 0 to 100
  • QA Check set to Pass

Peer reviewed during meeting.

#7 Updated by u about 2 years ago

  • Assignee deleted (u)

#8 Updated by sajolida about 2 years ago

  • Assignee set to sajolida
  • QA Check changed from Pass to Ready for QA

#9 Updated by intrigeri about 2 years ago

  • Status changed from Resolved to In Progress

(Since that's Ready for QA.)

#10 Updated by sajolida almost 2 years ago

  • Assignee changed from sajolida to u
  • QA Check changed from Ready for QA to Info Needed
  • Feature Branch set to doc/11798-unfriendly-email-providers

So I started improving the phrasing only of your note with f02222e..2b919d0. Please check that I didn't distorted any meaning.

Then I tried to configure my GMail account in Tails and failed. As I understand your note, it should be complicated but possible. Still, I couldn't make it. I also didn't understand how the Google page that you are linking would help. Still, the Thunderbird documentation seem to pretend that it's possible to use Thunderbird 38+ with GMail: https://support.mozilla.org/en-US/kb/thunderbird-and-gmail

So know I'm wondering how we could be more helpful and prevent people from failing like I did. For that I need to understand things better:

  • It is actually completely impossible to configure Thunderbird in Tails to use GMail? If so, then should be more explicit about that.
  • It is possible in Thunderbird outside of Tails but not inside of Tails? Where does the difference come from? Understanding this would help me know what to document.
  • If it is possible but complicated what do people have to do? Just quickly... I can do some more research and testing myself.

#11 Updated by sajolida almost 2 years ago

I investigated a bit more. If I understood correctly, OAuth is the mechanism to give app tokens but it's only required when 2-step authentication is activated for the Google account.

When I tried with 2-step verification turned on, I got an email notification saying that "less secure apps" were blocked with no other option when 2-step verification was turned on.

Then I tried to turned off 2-step verification and I also allowed "less secure apps" to connect. So this time my Google account was not expecting OAuth (if I understood correctly). But then I still got my password rejected in Icedove and with no email notification whatsoever.

#13 Updated by sajolida almost 2 years ago

I did some more testing today outside of Tails to understand the situation better:

  • I installed Thunderbird without Tor.
  • I configured GMail in the configuration assistant.
  • I got redirected to a login page in the browser (I understands that's OAuth).
  • Once logged in, I got to another web page to allow Thunderbird Email to view and manage my mail.
  • I clicked "Allow" and got back to Thunderbird with a working IMAP. I was happy.
  • I got a notification on my phone to which I answered that it was really me.

So OAuth is working fine for GMail in Thunderbird outside Tails and without Tor. And I understood wrongly yesterday and OAuth is not only used when using 2-step verification.

Then I tried outside Tails with TorBirdy:

  • I deconfigured the previous account.
  • I installed TorBirdy.
  • I had to configure my account manually because TorBirdy disables the assistant. But "OAuth2" was there as an authentication option and preselected for me.
  • I tried to connect and got a browser with the same OAuth web page.
  • I entered my password but the resulting page was like an error page saying that it needed JavaScript.
  • I closed this browser window and Thunderbird said that it failed connecting to my account.

So my understanding is that GMail from Thunderbird doesn't work with TorBirdy because TorBirdy blocks all JavaScript.

Now, in Tails I don't even get this browser window. So we did something else that blocks it. But it doesn't really matter because it's not working with TorBirdy in the first place.

My conclusion from all this testing is that it's impossible to use GMail from Tails (or from Thunderbird with TorBirdy) and not "might not work well". Sure, Google triggers tons of security verification when you try to use Thunderbird (or Tor Browser) but what's not working in Thunderbird + TorBirdy or Tails is OAuth and JavaScript because we block it. It's not Google preventing you to use this software combination.

If you confirm my analysis, then I'll propose a new phrasing for you note.

#14 Updated by sajolida almost 2 years ago

Reading #11536 (a bit late) seems to confirm what I tested today.

#15 Updated by u almost 2 years ago

sajolida wrote:

I did some more testing today outside of Tails to understand the situation better:

Thanks.

Do you think you could make one more test please? Like trying to use POP? According to https://autoconfig.thunderbird.net/v1.1/gmail.com (that's the official ISP database entry for Gmail) OAuth is not needed for POP. (But it is for SMTP still.) I'm just curious.

My conclusion from all this testing is that it's impossible to use GMail from Tails (or from Thunderbird with TorBirdy) and not "might not work well". Sure, Google triggers tons of security verification when you try to use Thunderbird (or Tor Browser) but what's not working in Thunderbird + TorBirdy or Tails is OAuth and JavaScript because we block it. It's not Google preventing you to use this software combination.

If you confirm my analysis, then I'll propose a new phrasing for you note.

That's very welcome.

Please also note that there are other email providers using OAuth, and those would be affected too.
(mail.ru, googlemail.com, inbox.ru, google.com, list.ru, jazztel.es, bk.ru, corp.mail.ru)

#16 Updated by u almost 2 years ago

  • Assignee changed from u to sajolida
  • QA Check changed from Info Needed to Dev Needed

Reassigning to you then.

#17 Updated by sajolida almost 2 years ago

  • Assignee changed from sajolida to u
  • QA Check changed from Dev Needed to Ready for QA

POP and SMTP are working without TorBirdy but stop working as soon as I activate TorBirdy.

So I rewrote your note in 2b919d0..c1a1e4b to make it clear that it's plain impossible. Please review.

I simplified the list to "GMail and Mail.ru" because all of the others are brandings of these two only.

#18 Updated by u almost 2 years ago

  • QA Check changed from Ready for QA to Pass

#19 Updated by u almost 2 years ago

  • Assignee changed from u to sajolida

Maybe you could merge it please?

#20 Updated by bertagaz almost 2 years ago

  • Target version changed from Tails_2.7 to Tails_2.9.1

#21 Updated by sajolida almost 2 years ago

  • Status changed from In Progress to Resolved
  • Assignee deleted (sajolida)

Merged.

Also available in: Atom PDF