Bug #16186

Disable Autocrypt by default

Added by hefee 2018-12-03 16:16:13 . Updated 2018-12-16 13:20:57 .

Status:
Resolved
Priority:
Elevated
Assignee:
Category:
Target version:
Start date:
2018-12-03
Due date:
% Done:

100%

Feature Branch:
bugfix/16186-thunderbird-disable-autocrypt
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

Currently Autocrypt breaks workflows.

There are currently two settings, we should update:

  • Disable Autocrypt for Tails users by default.
  • And if users enable Autocrypt “Prefer encrypted emails from the people you exchange email with.” should be enabled by default in Tails. Autocrypt communicate with this setting, that the Recipient should use prefer encryption.

Subtasks


Related issues

Related to Tails - Feature #16299: Disable Autocrypt even for existing persistent Thunderbird profiles Rejected 2019-01-14
Blocks Tails - Feature #15506: Core work 2018Q4: Foundations Team Resolved 2018-04-08

History

#1 Updated by intrigeri 2018-12-03 16:39:38

#2 Updated by intrigeri 2018-12-03 16:39:55

  • Status changed from New to Confirmed
  • Priority changed from Normal to Elevated

#3 Updated by anonym 2018-12-05 14:17:48

  • Status changed from Confirmed to In Progress
  • Assignee changed from anonym to hefee
  • % Done changed from 0 to 50
  • QA Check set to Ready for QA
  • Feature Branch set to bugfix/16186-thunderbird-disable-autocrypt

hefee wrote:
> Currently Autocrypt breaks workflows.
>
> There are currently two settings, we should update:
> * Disable Autocrypt for Tails users by default.

Yes; I am immediately skeptical of the whole Autocrypt feature given the catastrophic issue found in Feature #15923. We should disable it unconditionally until upstream makes it less error-prone and more fail-safe by implementing your suggestions.

> * And if users enable Autocrypt “Prefer encrypted emails from the people you exchange email with.” should be enabled by default in Tails. Autocrypt communicate with this setting, that the Recipient should use prefer encryption.

Since the default is to have it enabled, there is no way we can learn if that was intentional or not by users. At best we can change the default (by patching /usr/share/xul-ext/enigmail/modules/preferences/defaultPrefs.js) in the next Tails release, and document that users can enable Autocrypt if they really want. We would make enabling Autocrypt safer by changing the default of mail.server.default.acPreferEncrypt to true (i.e. enable “Prefer encrypted emails from the people you exchange email with”). I bet there are ugly edge cases, though, so I am not advocating for this.

I don’t think Autocrypt is ready for Tails, so I propose that we just disable it until Feature #15293 is resolved and do nothing else. The feature branch does just this.

Note that the feature branch is based on the one for Bug #16113 — if there is a problem in Bug #16113 so you don’t want to merge that one, but you want to merge this tickets one, let me know and I remove the dependency.

#4 Updated by anonym 2018-12-07 12:49:15

Just pinging that we’d like to have this in Tails 3.11, so a review would be appreciated ASAP! The latest that can happen for this to make it in time is Sunday (2018-12-08) afternoon, so I can merge it before Monday.

#5 Updated by hefee 2018-12-07 18:54:17

  • Assignee changed from hefee to anonym
  • QA Check changed from Ready for QA to Pass

anonym wrote:

> Since the default is to have it enabled, there is no way we can learn if that was intentional or not by users. At best we can change the default (by patching /usr/share/xul-ext/enigmail/modules/preferences/defaultPrefs.js) in the next Tails release, and document that users can enable Autocrypt if they really want. We would make enabling Autocrypt safer by changing the default of mail.server.default.acPreferEncrypt to true (i.e. enable “Prefer encrypted emails from the people you exchange email with”). I bet there are ugly edge cases, though, so I am not advocating for this.

Yes enabling mail.server.default.acPreferEncrypt by default would help our users.
But as we disable Autoencrypt by default now I think it is fine to not touch this setting with this patch.

> I don’t think Autocrypt is ready for Tails, so I propose that we just disable it until Feature #15293 is resolved and do nothing else. The feature branch does just this.
+1

> Note that the feature branch is based on the one for Bug #16113 — if there is a problem in Bug #16113 so you don’t want to merge that one, but you want to merge this tickets one, let me know and I remove the dependency.

fine for me :D

#6 Updated by anonym 2018-12-08 15:56:31

  • Status changed from In Progress to Fix committed
  • % Done changed from 50 to 100

Applied in changeset commit:tails|be23c117bdcf982b531c335d63dddfd30acf2a92.

#7 Updated by CyrilBrulebois 2018-12-08 17:46:48

Thanks for the commit.

#8 Updated by anonym 2018-12-08 19:57:12

  • Assignee deleted (anonym)

#9 Updated by CyrilBrulebois 2018-12-16 13:20:57

  • Status changed from Fix committed to Resolved

#10 Updated by sajolida 2019-01-05 18:17:39

  • related to Feature #16299: Disable Autocrypt even for existing persistent Thunderbird profiles added