ProtonMail Bridge: use ProtonMail accounts in desktop clients

ProtonMail Bridge is a standalone program for Windows, Linux and Macintosh devices to integrate ProtonMail accounts into desktop email clients.

The client runs in the background on the system to encrypt and decrypt emails for use in third-party clients. Setup requires installation and configuration of the ProtonMail Bridge client on the system and configuration of the desktop email client to integrate the ProtonMail account.

ProtonMail Bridge should work with all desktop clients; the company has published guides for Thunderbird and Outlook 2010/2013/2016, as well as Apple Mail on Mac OS X.

install add account

First thing that needs to be done is download the latest version of ProtonMail Bridge to the local system. Install the program and run it afterward to start the configuration.

Complete the following steps in order to add a new ProtonMail account to the Bridge application:

  1. Select “Add Account” in the program interface.
  2. Type your username and on the next screen the account password.
  3. The account should now be successfully connected. The default mode is combined address mode which means that all emails from all ProtonMail addresses will be sent and received together.
  4. You can switch modes with a click on “address configuration”.
  5. Credentials for adding IMAP and SMPT settings to the desktop email client are provided by the application.
  6. Just add a new account in the email client of your choice to use the ProtonMail account in that email client. As an example, here is the guide for Thunderbird on Windows.

Bridge functions as a local Mail server that ProtonMail flows through once configured. The client decrypts and encrypts the data locally and in the background.

It is important to note that ProtonMail emails are readable in the email client. System encryption, e.g. by using VeraCrypt full system encryption, or other security protections need to be used to protect the data against third-parties.

Closing Words

ProtonMail customers who prefer to use a local email client may use ProtonMail Bridge to integrate their addresses into the local client. Setup is straightforward and should not be difficult, even for inexperienced users.

Now You: Which email provider / program do you use?

Thank you for being a Ghacks reader. The post ProtonMail Bridge: use ProtonMail accounts in desktop clients appeared first on gHacks Technology News.

Google tries to persuade Edge users to use Chrome

Microsoft’s new Chromium-based Edge browser offers several advantages over the classic Edge browser. Since it is based on the same core as Google Chrome, one of these advantages is the ability to head over to the Chrome Web Store to install pretty much any extension offered there.

The feature is not unique to the new Microsoft Edge browser as other Chromium-based web browsers, Opera and Vivaldi being two, support the same functionality.

The Chrome Web Store hosts thousands of browser extension which is massive compared to Microsoft’s own extensions store for the new Edge browser which sits at around 100 extensions at the time of writing.

While it is a good idea to check Microsoft’s own store first before you pay a visit to the Chrome Web Store, there is nothing wrong with downloading and installing extensions from that store.

google recommends chrome


Google is probably not that happy about that option. If you visit the Chrome Web Store using the new Chromium-based Edge browser, you get a notification at the top by Google that more or less states that extensions may only be used securely if Chrome is used.

Google recommends switching to Chrome to use extensions securely.

A download link is placed prominently as well. A click on the x-icon closes the notification for the active page but it is displayed again when you reload or load a different page on the site.

Google does not provide an explanation for the claim that it makes and it is targeting only the new Microsoft Edge browser and not other Chromium-based browsers that supported the installation of extensions from the Chrome Web Store for years.

Google and Microsoft have been trying various strategies to get users to use their browsers. Microsoft displays a notification in the Windows 10 Start Menu recently to some Firefox users suggesting they should try the new Edge browser. Google is known for limiting access to certain features to Chrome initially.  Both companies use their widely popular services and applications to push their browsers.

Closing Words

If there is indeed a security issue involved when running Chrome extensions in other Chromium-based browsers, it would be appreciated by many if Google would provide details on the issue at hand. For now, it seems more like an attempt to scare Edge users into switching to Chrome.

Now You: What is your take on this?

Thank you for being a Ghacks reader. The post Google tries to persuade Edge users to use Chrome appeared first on gHacks Technology News.

Thunderbird has a new owner

The open source email client Thunderbird has finally found a new home. The team announced today that the Thunderbird project will be “operating from a new wholly owned subsidiary of the Mozilla Foundation” called MZLA Technologies Corporation.

When Mozilla announced plans in 2015 to drop Thunderbird from the list of applications that it maintains actively, many users of the email client feared that it could be the end of the popular desktop email program.

Mozilla wanted to free up engineers for Firefox and focus its attention on the core product (which made money).  The organization pledged to support Thunderbird for the time being to ensure that the client would remain up to date with security patches and fixes. Thunderbird development slowed down considerable at first as the search for a new home began.

In 2017, Thunderbird was moved under the umbrella of Mozilla Foundation, a not-for-profit organization that is best known for the Firefox web browser. Thunderbird development would be independent of Firefox for the most part but still supported by Mozilla.

Donations increased in that time, as did staff and plans to improve Thunderbird further. The announcement published on the official Thunderbird blog reveals that the Thunderbird project remains a part of Mozilla Foundation but operates under MZLA Techologies Corporation from now on.

According to the announcement, the change won’t impact day-to-day activities or mission, the free open source nature of Thunderbird, people that contribute to the project or the email client’s release schedule. All of that remains as is.

The team hopes that the move will give the project “more flexibility and agility”, and that it also paves the way for “new products and services that were not possible under the Mozilla Foundation”. The Thunderbird Project may “collect revenue through partnerships and non-charitable donations” which would be used to “over the costs of new products and services”.

The overall focus won’t change according to the announcement.

Thunderbird’s focus isn’t going to change. We remain committed to creating amazing, open source technology focused on open standards, user privacy, and productive communication. The Thunderbird Council continues to steward the project, and the team guiding Thunderbird’s development remains the same.

The team plans to share information about the future direction and plans in the coming months.

Now You: What do you expect from this ownership change?

Thank you for being a Ghacks reader. The post Thunderbird has a new owner appeared first on gHacks Technology News.

Thunderbird add-on developer launches Kickstarter campaign to ensure continued compatibility

The extension system of the Thunderbird email client is changing. The email client is based on Firefox code to a large degree and since Mozilla changed the extension system to WebExtensions, it was only a matter of time before Thunderbird’s extension system would be switched over as well.

The process started with the release of Thunderbird 68. Extension developers had to update their extensions so that users could continue to use them in the new version of the email client. Some extensions, those not updated by their developers, are not compatible with Thunderbird 68 already.

The development team plans to finalize the add-on system changes in Thunderbird 78 (expected to be released in June 2020). The team notes that developers of legacy extensions have two options going forward:

  1. Convert the extension to a MailExtension.
  2. Convert the extension to a Web Extension Experiment.

MailExtensions are WebExtensions but with “some added features specific to Thunderbird”. Thunderbird developers should prefer the system “to ensure future compatibility”.

thunderbird extensions kickstarter

Thunderbird extension developer Jonathan Kamens maintains eleven add-ons for the email client currently. Extensions like Send Later, Reply to Multiple Messages, userchromeJS, or IMAP Received Data have either been created by him directly or taken over to ensure that they remain available for users of the email client.

Kamens created a Kickstarter campaign to support continued development of the extensions and to ensure that the extensions will remain compatible with Thunderbird 78 and future versions of the email client.

He decided to use a subscription model but with the option of acquiring a perpetual license for all current and future add-ons.

Interested users may pay $5, $10 or $25 per year to gain access to one, three or all extensions for the period of 2 years. The perpetual license is available for $50 and guarantees access to all add-ons for one user (including new add-ons).

Paid means that the extensions will no longer be available for free when Thunderbird 78 launches. Kamens notes that he would be pleased equally if other extension developers would take over some of the extensions to ensure that they remain compatible with Thunderbird 78 and future versions of the email client, and that this is also an option to keep these extensions free of charge.

This Kickstarter campaign may actually help me find people willing to take over my add-ons and maintain them for free. If this campaign succeeds, and some of my add-ons do get adopted by new maintainers, then I’ll pay them from the proceeds of the campaign. Having that on offer may help me attract new maintainers for my add-ons, so you may get to keep using the add-ons for free even after the licenses I’m offering in this campaign would have expired.

With 56 days to go, €18,530 has already been collected. The goal of the campaign has been set to €45,340.

Now You: What is your take on the Kickstarter campaign?

Thank you for being a Ghacks reader. The post Thunderbird add-on developer launches Kickstarter campaign to ensure continued compatibility appeared first on gHacks Technology News.

Thunderbird 68.4.1 is a security update

Thunderbird 68.4.1 was released a couple of days ago. The new version is a security update for the email client that patches a security vulnerability that is exploited in the wild as well as other security issues in the program.

Thunderbird users who are running a 68.x version of the email client should receive the update automatically provided that automatic updating has not been turned off in the client. A manual check for updates via Help > About Thunderbird in the client should pick up the new update right away so that it can be installed.

thunderbird 68.4.1

As far as security is concerned, Thunderbird 68.4.1 fixes a total of seven different security vulnerabilities; one of them rated critical, the highest severity rating, others high or moderate, the second and third highest severity rating available.

  1. CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
  2. CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows
  3. CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
  4. CVE-2019-17017: Type Confusion in XPCVariant.cpp
  5. CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows
  6. CVE-2019-17022: CSS sanitization does not escape HTML tags
  7. CVE-2019-17024: Memory safety bugs fixed in Thunderbird 68.4.1

The critical security vulnerability is the same that Mozilla patched earlier this month in Firefox. Since Thunderbird relies on Firefox code, it is often affected by issues that affect the web browser.

Thunderbird 68.4.1 comes with improvements in regards to setting up Microsoft Exchange servers. The development team lists better support for IMAP/SMTP, better detection of Office 365 accounts, and re-run configuration after password change.

The new version of the email client fixes five issues that were detected in previous versions of the application:

  • Fixed an issue that prevented attachments with at least one space in the name to be opened under certain circumstances.
  • Fixed an issue that showed garbled content in the message display pane after changing view layouts under certain circumstances.
  • Fixed an issue that caused tags to be lost in shared IMAP folders under certain circumstances.
  • Theme changes to “achieve ‘pixel perfection'”.
  • Fixed the event attendee dialog in calendar.

Thunderbird users who run Thunderbird 68.x and have not updated yet to the new version are encouraged to do so right away to protect the client from attacks.

Now You: Which email client do you use currently and why?

Thank you for being a Ghacks reader. The post Thunderbird 68.4.1 is a security update appeared first on gHacks Technology News.