Thunderbird and end-to-end email encryption – should this be a priority?

kent

70

In the last few weeks, I’ve had several interesting conversations concerning email encryption. I’m also trying to develop some concept of what areas Thunderbird should view as our special emphases as we look forward. The question is, with our limited resources, should we strive to make better support of end-to-end email encryption a vital Thunderbird priority? I’d appreciate comments on that question, either on this Thunderbird blog posting or the email list tb-planning@mozilla.org.

"I took an oath to defend the constitution, and I felt the Constitution was being violated on a massive scale" SnowdenIn one conversation, at the “Open Messaging Day” at OSCON 2015, I brought up the issue of whether, in a post-Snowden world, support for end-to-end encryption was important for emerging open messaging protocols such as JMAP. The overwhelming consensus was that this is a non-issue. “Anyone who can access your files using interception technology can more easily just grab your computer from your house. The loss of functionality in encryption (such as online search of your webmail, or loss of email content if certificates are lost) will give an unacceptable user experience to the vast majority of users” was the sense of the majority.

Woman In HandcuffsIn a second conversation, I was having dinner with a friend who works as a lawyer for a state agency involved in white-collar crime prosecution. This friend also thought the whole Snowden/NSA/metadata thing had been blown out of proportion, but for a very different reason. Paraphrasing my friend’s comments, “Our agency has enormous powers to subpoena all kinds of records – bank statements,  emails – and most organizations will silently hand them over to me without you ever knowing about it. We can always get metadata from email accounts and phones, e.g. e-mail addresses of people corresponded with, calls made, dates and times, etc. There is alot that other government employees (non NSA) have access to just by asking for it, so some of the outrage about the NSA’s power and specifically the lack of judicial oversight is misplaced and out of proportion precisely because the public is mostly ignorant about the scope of what is already available to the government.”

So in summary, the problem is much bigger than the average person realizes, and other email vendors don’t care about it.

There are several projects out there trying to make encryption a more realistic option. In order to change internet communications to make end-to-end encryption ubiquitous, any protocol proposal needs wide adoption by key players in the email world, particularly by client apps (as opposed to webmail solutions where the encryption problem is virtually intractable.) As Thunderbird is currently the dominant multi-platform open-source email client, we are sometimes approached by people in the privacy movement to cooperate with them in making email encryption simple and ubiquitous. Most recently, I’ve had some interesting conversations with Volker Birk of Pretty Easy Privacy about working with them.

Should this be a focus for Thunderbird development?

Thunderbird 38 Released

kent

57

Thunderbird 38 is now released (actual initial version is 38.0.1 to maintain compatibility with equivalent Firefox releases). This release has some significant new features, as well as many, many bug fixes. Some of the new features include:

  • Calendaring is now shipped by default. This continues to be implemented as the Lightning extension, but that is now enabled and installed by default.
  • Chat now supports Yahoo Messenger.
  • Messages can be filtered when sent and when archived.
  • You can now search multiple address books.
  • Gmail users can now authenticate using Google’s preferred OAuth2 authentication (which means that new GMail users should work with Thunderbird without special configuration).

This is a significant milestone for the Thunderbird team, as it is the first release that has been fully managed by our volunteer team rather than by Mozilla staff.

Mozilla is still heavily involved with this release, as we still use Mozilla infrastructure for the build and release process. Thanks to the many Mozilla staff who helped out to fix issues!

Thanks to all of the volunteers who have contributed to make this release possible!

(Note that while general comments on Thunderbird 38 are welcome, please do not use the comment section of this blog as a place to make bug reports, or to request support for specific issues).

Thunderbird 38 goes to beta!

kent

15

The next major release of Thunderbird, version 38, is now in beta and available for testing. You may download Thunderbird 38.0b1 here.

This version of Thunderbird is the first that is mostly managed by volunteer community members rather than by Mozilla staff. We have many new features, including:

  • Message filtering when a message is sent or archived
  • File-per-message local storage available for new accounts (maildir)
  • Contact search over multiple address books
  • Internationalized domain names for RSS feeds
  • Allow expanded columns to the folder pane for folder size and counts

Release notes are available here.

There are still a couple of features missing from this beta that we hope to ship in the final version of Thunderbird 38. Those are:

  • Ship Lightning calendar addon with Thunderbird with an opt-out dialog
  • Use OAUTH authentication with Gmail IMAP accounts

 

Thunderbird Usage Continues to Grow

kent

98

We’re happy to report that Thunderbird usage continues to expand.

Mozilla measures program usage by Active Daily Installations (ADI), which is the number of pings that Mozilla servers receive as installations do their daily plugin block-list update. This is not the same as the number of active users, since some users don’t access their program each day, and some installations are behind firewalls. An estimate of active monthly users is typically done by multiplying the ADI by a factor of 3.

To plot changes in Thunderbird usage over time, I’ve picked the peak ADI for each month for the last few years. Here’s the result:

Thunderbird Active Daily Installations, peak value per month.

Germany has long been our #1 country for usage, but in 4th quarter 2014, Japan exceeded US as the #2 country. Here’s the top 10 countries, taken from the ADI count of February 24, 2015:

Rank Country ADI 2015-02-24
1 Germany 1,711,834
2 Japan 1,002,877
3 United States 927,477
4 France 777,478
5 Italy 514,771
6 Russian Federation 494,645
7 Poland 480,496
8 Spain 282,008
9 Brazil 265,820
10 United Kingdom 254,381
All Others 2,543,493
Total 9,255,280

Country Rankings for Thunderbird Usage, February 24, 2015

The Thunderbird team is now working hard preparing our next major release, which will be Thunderbird 38 in May 2015. We’ll be blogging more about that release in the next few weeks, including reporting on the many new features that we have added.

Thunderbird Reorganizes at 2014 Toronto Summit

kent

20

In October 2014, 22 active contributors to Thunderbird gathered at the Mozilla office in Toronto to discuss the status of Thunderbird, and plan for the future.

Toronto Contributors at 2014 Toronto Summit

Thunderbird contributors gather in Toronto to plan the future.

As background, Mitchell Baker, Chair of the Mozilla Foundation, posted in July 2012 that Mozilla would significantly reduce paid staff dedicated to Thunderbird, and asked community volunteers to move Thunderbird forward. Mozilla at that time committed several paid staff to maintain Thunderbird, each working part-time on Thunderbird but with a main commitment to other Mozilla projects. The staff commitment in total was approximately one full-time equivalent.

Over the last two years, those individuals had slowly reduced their commitment to Thunderbird, yet the formal leadership of Thunderbird remained with these staff. By 2014 Thunderbird had reached the point where nobody was effectively in charge, and it was difficult to make important decisions. By gathering the key active contributors in one place, we were able to make real decisions, plan our future governance, and move to complete the transition from being staff-led to community-led.

At the Summit, we made a number of key decisions:

  • A group of seven individuals were elected to comprise a Thunderbird Council with the authority to make decisions affecting Thunderbird. I (Kent James) am currently the Chair of this council.
  • For our next major release, Thunderbird 38 due in May 2015, we set this roadmap:
    • Folders: allow >4GByte mbox folders, plus finish support for maildir
    • Instant Messaging: Support WebRTC
    • Calendaring: Merge Lightning into Thunderbird as a shipped addon
    • Accounts: Merge the New Account Types binary addon into core, allowing new account types to be defined using addons in the future.
    • IMAP: support OAUTH authorization in GMail.
  • We agreed that Thunderbird needs to have one or more full-time, paid staff to support shipping a stable, reliable product, and allow progress to be made on frequently-requested features. To this end, we plan to appeal directly to our users for donations.
  • The Thunderbird active contributors are proud to be part of Mozilla, expect to remain part of Mozilla for the foreseeable future, and believe we have an important role to play in fulfilling the goals of the Mozilla Manifesto.

There is a lot of new energy in Thunderbird since the Summit, a number of people are stepping forward to take on some critical roles, and we are looking forward to a great next release. More help is always welcome though!

Updated Thunderbird released today

standard8

Mozilla, a global, nonprofit organization dedicated to making the Web better, today released new versions of Mozilla Thunderbird, its free and open source email application, available for Windows, Mac, and Linux.

We are happy to announce that the new Thunderbird release includes several new features and improvements, such as improved message thread management options, as well as the support of email addresses using the newly adopted standard for international domain names.

Thunderbird is now more accessible with the ability to magnify the compose window. This release is also comprised of many bugs and security fixes. More details can be found in the release notes.

To get the latest versions of Thunderbird for Windows, Mac or Linux download Thunderbird from getthunderbird.com or go into the About dialog to upgrade to the latest version.

Thunderbird menu bar facelift, ESR new release, new governance implementation…

Anne-Marie Bourcier

This release of Mozilla Thunderbird comes with a new button on the right hand side, at the top of the window; called the Menu Button it provides more options to customize the user interface.

The Menu Button allows users to remove the Menu Bar from the top of the window in order to grant more real estate to read and manage emails. A right click on this same Menu Button gives access to the “customize” command and entitles the user to add, remove and re-arrange many icons on the bar. It really empowers the user to build its own personal interface.

Beyond this mainstream Thunderbird release and as planned, we are releasing the second Thunderbird Extended Support Release (ESR) targeted at large organizations. This ESR version is not only a security and bugs fix, but it contains all the great features that have been added to Thunderbird since January 2012. Please download here.

This release is also a milestone release and marks the beginning of the new governance model for Thunderbird. As mentioned in Mitchell’s blog post back in July, “Mozilla is focusing its efforts towards important web and mobile projects, such as Firefox OS, while Thunderbird remains a pure desktop-only email client.” Therefore, we proposed “to adapt the Thunderbird release and governance model in a way that allow both on-going security and stability maintenance, as well as community-driven innovation and development for the product.”.

This has been actively discussed with the community during the last few months, and now is the time to implement the plan. If you are interested in more details, please have a look at the wiki pages describing our collective work.

If you are a developer, a translator or just want to join the Thunderbird project, please click on this link.

Click here to download the up-to-date version of Thunderbird for Windows, Mac or Linux, or go to the About dialog and click ‘Check for Updates’.

Updated Thunderbird release today

Anne-Marie Bourcier

Thunderbird keeps on expanding the list of partners for Thunderbird Filelink: we are pleased to announce that Box.com now joins YouSendIt and UbuntuOne in the list of tightly integrated online storage service partners. With Thunderbird Filelink, sending large files is no longer a pain. Simply select the file you want to attach and tell Thunderbird you want to link it: as soon as the file is uploaded to Box.com, you are ready to send this big file that would never have made it through. Even better, we believe that Box.com online document collaboration services will nicely enhance the way you share files over email, and as a Thunderbird user you’ll get 25GB storage space for free.

Also, Thunderbird is permanently updated with new features and security improvements. To make the update experience even smoother, Thunderbird now supports silent background update. As soon as an update becomes available, Thunderbird downloads it and apply updates in the background. You’ll be up and running very quickly with the latest and greatest Thunderbird the next time you start. If you are curious,  the silent background update  eliminates the need for the update progress dialog on all platforms  and eliminate the nagging  User Access Control dialog on Windows.

We hope you will enjoy it and do let us know your comments!

Click here to download the up-to-date version of Thunderbird for Windows, Mac or Linux, or go to the About dialog and click ‘Check for Updates’.

Reminder: The Thunderbird 3.1.x series and earlier versions are no longer supported and therefore are becoming more exposed to Internet security threats. We recommend that all Thunderbird users of previous versions upgrade to the latest release as soon as possible.

 

New Thunderbird: Chat, Do Not Track and much more…

Anne-Marie Bourcier

1

In addition to many other features, this new version of Thunderbird supports Chat: you now can enjoy real time conversation with your contacts, right from your favorite messaging application. On top of this, Thunderbird makes it easy to search through both past conversations and received emails.

Let’s say that a week ago, I sent you an email asking you for lunch, and that you answered my email saying that you’d love to take me to your favorite restaurant next to the Eiffel tower. Yesterday, while we were connected on Facebook chat, you confirmed that you booked a table for 12:30. This morning, I simply typed Eiffel in Thunderbird search box, and both the email and Facebook chat threads appear instantly, showing the address exchanged over email on one side and the time we will meet on Facebook chat on the other side. This level of integration allows you to bring all your messaging together in one place.
The supported Chat networks are Facebook, Gtalk, IRC, Twitter, and any XMPP network.

A few months ago we added Search the web to Thunderbird. We are pleased to announce the implementation of the Do Not Track option associated to Search the Web, as at Mozilla we are convinced that Web users can signal that online advertizing targeting companies should leave them alone when searching the Web. It’s an option that you decide to turn On or Off, but we want to make sure this is your choice.

While announcing Thunderbird Filelink early June, the feature that allows you to upload large files to an online storage service and to send links to your friends instead of large attachments,  we have got many requests to integrate a broader offering of online service providers. This Thunderbird release introduces Ubuntu One in complement of YouSendIt.

Last but not least is the implementation of a brand new menu and toolbar design. Thunderbird is replicating the new look and feel of Mozilla Firefox in an effort to provide a similar user experience across all Mozilla software desktop or mobile and all platforms.

As you can see integration is the word that best describes this new Thunderbird: integrated Chat, Mozilla newest user interface design integration, integrated email and chat search, integrated Do not track option for Search the web, new integrated Filelink partners with Ubuntu One.

We hope you will enjoy it and do let us know your comments!

To get the latest versions of Thunderbird for Windows, Mac or Linux download Thunderbird from http://www.mozilla.org/thunderbird or go into the About dialog to check your latest version

Reminder: The Thunderbird 3.1.x series and earlier versions are no longer supported and therefore are becoming more exposed to Internet security threats. We recommend that all Thunderbird users of previous versions upgrade to the latest release as soon as possible.

The community is standing behind Thunderbird

Anne-Marie Bourcier

Thunderbird is an absolutely core tool used by 20 million people to manage one of the most important areas of their internet life: their email.

When Mozilla recently announced some big changes to our Thunderbird strategy (link: https://blog.lizardwrangler.com/2012/07/06/thunderbird-stability-and-community-innovation/) we knew that there would be an uproar. We knew that it would be interpreted by many as Thunderbird’s death knell.

It gives us extreme pleasure to provide proof that the doom-sayers are wrong.

As the storm swirled around us last week, as we were alternately pilloried and praised in the media, as our long-standing loyal contributors questioned our decision and their future, we worried. And then a little thread started on the “tb-planning” mailing list (the forum where we discuss Thunderbird development plans). Some of our most loyal and long-standing contributors started talking about how the community might take on a development project (nicknamed “papercuts”) that we’ve long wanted to do. How they might organize around that project. How they might engage new contributors around that project.

At last count, the original thread had 48 posts and had spawned other threads where people – Thunderbird community contributors – were figuring out the action plan. There were commitments, ideas and a bubbly sense of enthusiasm and creativity.

Something all the doom-sayers seem to have forgotten is that Thunderbird is an open source project. And that means that Thunderbird is only as good as it’s community. Mozilla is not abandoning Thunderbird. We’re going to continue releasing security updates and providing the infrastructure for Thunderbird development, QA, support and documentation. But it’s the Thunderbird community who are going to drive improvements and innovation. Thunderbird has a very bright future.

Do you believe in Thunderbird? Do you love Thunderbird? Then contribute to Thunderbird. Check out the Up For Grabs page to see the available projects. Click on this link to join Support or on this link to join Documentation. Join our community.