this post was submitted on 03 Nov 2024
242 points (95.5% liked)

Open Source

31396 readers
58 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
all 35 comments
sorted by: hot top controversial new old
[–] [email protected] 64 points 3 weeks ago (2 children)
[–] [email protected] 20 points 3 weeks ago (1 children)
[–] [email protected] 8 points 3 weeks ago (1 children)

Nope. They initially added some data scraping parts, and apparently still use some form of telemetry without proper disclosure.

[–] [email protected] 2 points 3 weeks ago (2 children)

What telemetry is enabled? Is there a way to disable it?

[–] [email protected] 3 points 3 weeks ago

This hasn't been proven in any way. Original op in link states it could be discovery for email domains.

[–] [email protected] 0 points 3 weeks ago (1 children)
[–] [email protected] 6 points 3 weeks ago (1 children)

What they're saying there is that when trying to auto detect the server configurations, there are unexpected connections to cloudfare IPs, which didn't usually happen with K9. Who posted the concern associated this to telemetry, but the answers are pointing a different direction. But at this point it just guesses, :(

I guess some more formal traffic inspection needs to happen to understand if truly there's unexpected traffic, where it is directed to, and hopefully infer somehow its purpose. The guesses about what's happening suggest it's just about the auto connection, but again, just guesses.

I explored the configurations, and I didn't find anything about telemetry, and so neither how to disable it. K9 does not have an about:config advanced configuration like desktop Thunderbird does, so if there's truly telemetry or some other sort of information leakage, then after proving it, perhaps developers realize they can do better. But so far nothing really proving telemetry or information leakage.

[–] [email protected] 1 points 1 week ago (1 children)

Are there any updates on this?

[–] [email protected] 2 points 1 week ago

Not sure what updates you are expecting to happen.

I'm not aware of any effort trying to identify the traffic going in and out on Thunderbird under android. The guesses from the one reporting about what happens when configuring a new email account is of no use since it's easily associated to Thunderbird looking for ways to easy automation on new accounts settings.

Unless there's a throughout analysis of the traffic, I'm not aware of anything to be expected. You can try reaching the one reporting his concern, and ask if he has looked into how to report an actual issue/bug to Thunderbird, or if someone else has done it

[–] [email protected] 0 points 3 weeks ago
[–] [email protected] 38 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

FYI this is from 2022 but is relevant because Thunderbird (and K9 v8) just landed in F-Droid (and other android package managers I guess but I haven't checked).

The process of importing from K9 Mail worked without issue for me. There is also the option to import from desktop using a QR scanner (or some kind of scanner, again I didn't go down that rabbit hole).

[–] [email protected] 14 points 3 weeks ago (1 children)

I was surprised when in update menu I saw Thunderbird. Thought I accidentally downloaded it

[–] [email protected] 6 points 3 weeks ago

Same, oddly enough the app name and icon didn't change for me. Still K-9 in app settings too.

[–] [email protected] 25 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

Just FYI I installed the apk from the github repo (not the google play version) via Obtainium a few days ago and it tried to make a connection to 2 cloudflare IPs during setup of my account. Without prior consent or any mention. So just be aware that there is still some form of telemetry or unwanted connections happening, even though they removed the telemetry flowing to Mozilla's own telemetry endpoint. K-9 had zero of this, it just spoke with your mail servers and that was it. So be careful and block outgoing app connections by default. I did not analyze the data being sent, just that there were those 2 unwanted connectiins happening.

[–] [email protected] 12 points 3 weeks ago (1 children)

Isn't this part of the auto configuration stuff? Basically there's a standard where you can add some DNS records to your domain and/or a standard file on your website so e-mail clients can automatically prepopulate all the email settings so you only need to worry about entering your email and password.

[–] ghen 4 points 3 weeks ago

That might be it, Thunderbird works really well with auto configuration of domains that it doesn't know but has DNS entries.

[–] [email protected] 1 points 3 weeks ago

Did you get any mismatched IDs from Obtainium? Think I have to reinstall.

[–] [email protected] 17 points 3 weeks ago (1 children)

I think it's weird that they insisted all along that K-9 would remain its own branded version of the joint app. Yet according to f-droid, my newly updated K-9 (same app I've used for a decade and a half) is now one of two "Thunderbird for beta testers" listed...

It's still K-9 in my local app menu, the icon is the same, but I guess the Thunderbird project are sort of working out how to manage two differently branded versions of the same app?

[–] [email protected] 7 points 3 weeks ago

Apparently it's a metadata bug, K9 shouldn't be listed as Thunderbird. See comments ITT.

[–] [email protected] 9 points 3 weeks ago

Yeah, took me by surprise to see thunderbird on my phone. I remember talks about K9 planning to join the Thunderbird project and got excited, but completely forgot about it until I saw it on my phone.

[–] [email protected] 8 points 3 weeks ago (2 children)

Why post an article from 2022? Did something happen lately about K9/Thunderbird?

[–] [email protected] 7 points 3 weeks ago

Thunderbird is finally out of beta so you can get it through the play store or F-Droid. K-9 itself was also updated so it's now basically a K-9 branded version of Thunderbird.

[–] [email protected] 3 points 3 weeks ago

Idk about other sources, but I get my apk directly from GitHub via Obtainium, and my app recently changed from K-9 Mail to Thunderbird. Icon, app name, and app theming changed. This has been in the works for a while but seems like they're officially switched the apk.

[–] [email protected] 7 points 3 weeks ago

Just a note that it's now also available on F-Droid

https://f-droid.org/packages/net.thunderbird.android/

[–] [email protected] 3 points 3 weeks ago

So in confused. Do I need to install thunderbird or...?

[–] [email protected] 1 points 3 weeks ago (1 children)
[–] Reverendender 3 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

What is the deal with this anyway? Why has this not happened yet?

[–] [email protected] 10 points 3 weeks ago (3 children)

Mozilla is non-profit. I wish they could sell it as a one-time or something as I dont mind supporting them if they're doing useful capitalistic things like that. Very few actually private mail client apps for iOS. I only know of two and Canary is not one of them

[–] [email protected] 5 points 3 weeks ago

Speaking as a Canary user, what am I missing?

[–] RmDebArc_5 2 points 3 weeks ago (1 children)

Which clients do you recommend for IOS?

[–] [email protected] 0 points 3 weeks ago

I've got my eye on Airmail Business, only one that doesnt collect data besides Preside

[–] Reverendender 1 points 3 weeks ago

Define “actually private” for me.

[–] [email protected] 2 points 3 weeks ago

K-9 is probably an Android only client? They'd have to either find an open source iOS app to build on, or build a new one from scratch.

[–] [email protected] -1 points 3 weeks ago