Tell me about the configuration process of Thunderbird email client that is very unfriendly to users.
Note: Thunderbird here refers to a well-known open source email client, not an AR vendor.
preface
At the beginning of 2023, Gmail will tighten its security policy and force three parties to use the new OAuth process for authentication. Clients using old authentication methods such as OAuth OOB can no longer bind/receive Gmail mail. The prompt for rebinding an account is as follows:
Cannot sign in because the request sent by "Foxmail" is invalid. You can try again later or ask the developer for help. Learn more about this error If you are the developer of "Foxmail", please refer to the error details. Error 400: invalid_request
See:
https://support.google.com/accounts/answer/12379384?hl=zh -Hans
https://developers.google.com/identity/protocols/oauth2/resources/oob-migration
Since Foxmail no longer supports Gmail, I have changed to Thunderbird, which has been used for more than half a year, and I feel very good.
But when I recommended Thunderbird to a friend, our two "new era Internet surfers" got stuck in the same problem: how to change Thunderbird's global data/configuration folder from the default C drive to another path.
As two (self styled) "new era Internet surfers", I think I have experienced many battles, such as:
- Skillfully exclude ads and content farms from a stack of search results
- Skillfully find the correct download button from the colorful buttons on the download station
- Judge the file format, hex file header keyword query
- Skillfully judge whether the software is correct through multi-dimensional comprehensive judgment of package signature, size, attributes, etc
- Be familiar with various software configurations, such as changing various INI
- Skilled in using all kinds of messy "black windows" (command line, terminal cloud)
But we have been looking for a solution on the setup page for a long time; Later, it was solved by searching the search engine.
Normal mail client
For normal mail clients, the setting process is generally as follows:
Settings ->Storage ->Set global storage location/current user storage location ->Pop up window: whether to migrate old data.
This process is very user friendly, and the location of each menu is within the user's cognitive range.
Wonderful Thunderbird
Looking back at Thunderbird, you need to do this:
Click the three horizontal lines in the upper right corner:
Expand the menu and click help :
Help submenu, click Troubleshooting information :
Pull to the bottom of the page to find configuration file :
click about:profiles , enter the configuration file page:
Click Create New Configuration File and select a new configuration folder:
You must enter the name of the configuration file first, and then select the folder, otherwise the selected path will be replaced by the modification of the configuration file name
Set it as the default configuration file (the default setting of the new version), and click New Instance to start:
Close the old window and open the configuration folder page again in the new instance in the above order;
Processing old configuration files;
Restart the APP.
What's the problem
Thunderbird architecture is no problem: each user has a configuration file and folder to store their own mailbox data.
But why doesn't it put the "profile" page in the settings?
Ordinary users never expected to enter the configuration file page from the troubleshooting information page.
User: How can the four words "troubleshooting information" be associated with modifying the configuration file
In addition, although there is a shortcut to access this page, the ease of use of ordinary users is not considered:
Through the/p parameter of the APP, you can easily open the Profile Manager and create or switch profiles
./thunderbird.exe -p
Ordinary user:?
About security
Some old mailbox clients/mail service providers may have security risks, such as:
- SSL encryption is not selected by default, and clear text is used for communication with SMTP and other protocols;
- The client stores the user name/password locally.
OAuth2.0 uses HTTPS/TLS encrypted web authentication pages to apply for Tokens, and the client uses Tokens to communicate with the server. Mailboxes and passwords no longer need to be placed in the header.
Therefore, even if the Token is disclosed, the scope of influence is limited (at least, the user password will not be associated).
Of course, if a carefully constructed fake client is used, the user password can still be caught (eg: embedding stealing code in the authentication interface through the embedded browser kernel; HTTPS man in the middle attack, etc.)
It is the most secure to use a tamper free browser to access the mailbox site in the form of Web, and always pay attention to whether the certificate matches/is trusted/valid.
References
