3

I'm using https://addons.thunderbird.net/en-US/thunderbird/addon/gcontactsync/ in Thunderbird to sync my contacts with Gmail. When ran, the extension asks for a token refresh and pops this window:

enter image description here

There is no address bar and no url anywhere. If I right-click, nothing happens. The font is not right.

So: this is a pretty high-rated extension but, never the less, I feed very uncomfortable entering my credentials in this window.

I can I know for sure that this is a legit window and not a spoofed one? Should I run Wireshark and inspect packets or does an easier solution exist?

Dr. Gianluigi Zane Zanettini
  • 1,890
  • 8
  • 28
  • 39

2 Answers2

1

You can find reviews of the gContactSync add-on on the Thunderbird Reviews for gContactSync page. While most reviews seem very positive, there are also many negative ones. A new version seems in the making, as tweeted by the developer Josh Geenen.

However, it seems to me that you could also use the Google Contacts add-on for syncing contacts, without using a third-party add-on. Google Contacts is described as:

Access bi-directionaly to Google contacts via address books. This extension detects gmail accounts which have already set up and creates address books for each of them. Cards in the address books are synchronized with Google contacts; they represent the current Google contacts contents and Google contacts will be modified when you modify the cards. TB's mailing lists and Google's contacts groups are synchronized in the same manner.

A description of the installation and limitations of Google Contacts are listed in the article How to Sync Thunderbird & Gmail Contacts, where some warnings are listed:

  • Thunderbird can only synchronize its contacts with Gmail if you have added your Gmail account to the program's email accounts list.
  • You cannot synchronize contacts that are created while the program is in offline mode.
harrymc
  • 498,455
0

I'm the author of gContactSync. The code is open source on GitHub and you can use Wireshark to verify the behavior. The OAuth client ID and "secret" are in the add-ons source code, so it directly contacts Google for authentication. You can research OAuth 2 for more details.

Your password is never handled by my site or add-on. I'll write an issue on github to improve the window. I've been planning to copy Thunderbird's OAuth dialog for Gmail.

enter image description here

Source: Improve the OAuth dialog

Ramhound
  • 44,080
LeftoverPi
  • 101