Hi,
this topic has been discussed before and always seemed to run into a dead end.
Thunderbird allows the encryption of account-login-name and password.
All other info is still available unencrypted in the files in the folder profile. This includes my email-addresses and mail-providers, address book and at least some of the mail-headers and subjects in the folders.
The latter can be resolved by (securely) deleting all the mailboxes (*.msf) or better still the folders .../ImapMail and .../Mail after shutting down thunderbird. These folders are then recreated once thunderbird is started again.
Obviously the other infos cannot be deleted. That means that if someone finds/steals my USB-drive he will have lots of information he could use to try to access my mail or send mails in my name or hassle my contacts etc.
IHMO this is serious and means that thunderbird cannot be used on a USB-drive.
Encryption as with truecrypt is not an option because it does work unless you have admin-rights. And these you will usually _not_ have if you really go portable.
The only real solution I can imagine would be to have thunderbird itself encrypt the data.
Is there some other mail-client around that supports IMAP and multiple accounts and locally encrypts the data?
Stefan
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on BlueSky
Follow us on Facebook
Follow us on LinkedIn
Follow us on Mastodon
Follow us on Twitter
Thunderbird wasn't really designed to be the Fort Knox of email clients in the first place. I consider it more of a casual-use email client, like Outlook Express. Heaven knows that's who Mozilla is marketing it to.
As for your question: no, I don't know of any email clients that offer such functionality.
-
< ExplosivePrincess 1.5 Atomic Bomb Edition >
warning: keep explosiveprincess away from children
Voyager from Ritlabs is the "mobile version" from their mailclient "The Bat". Complete database is password protected. Unfortunately "The Bat!" and Voyager aren't opensource and free. This and some other reasons made me change to Thunderbird...
Teuchtlurm
Yes, quite obviously Thunderbird is not very secure in the local environment, including USB-stick. That is exactly why I posted on this forum.
Allow me to rephrase.
Thunderbird is not very suitable for use as a portable application because it leaves far too much valid information to anyone who happens to get his hands on someone else's USB-drive. This is the request-thread, so I would like to request not a completely new application but instead a thunderbird that optionally encrypts the addressbook and the mailbox-files (and the login+password of course, but that is already done).
Stefan
is it not possible to encrypt the folders when you have finished with it. i know this is a bit messy but i think it may be one solution
Graham Yates
Check the notes in this thread: https://portableapps.com/node/2605
I was concerned with the same thing since I keep many passwords and account numbers in email. Decrypt when launching Tbird (prompts for the key), then encrypt when closing PStart. Admin rights are not needed.
Have a look at http://www.mobilityemail.net/
Using portable Thunderbird with GPG and enigmail included, it's possible do encrypt data.
Teuchtlurm
Hi, thanks for the hint.
Unfortunately it does not work
- it requires administrative priviledges: the encryption-process tries to access files on C:\, which is only allowed for admins:
gpg: keyblock resource `c:/gnupg\secring.gpg': file open error
gpg: keyblock resource `c:/gnupg\pubring.gpg': file open error
- the concept is very weak (even if it would work, see below): the profile is encrypted AFTER ending thunderbird. That means that if you log off before ending thunderbird or if the PC crashes or if someone steals your stick while the profile is unlocked your privacy is blown.
- it does not encrypt anything: after running the encryption-procedure I could still find every bit of personal information I had entered, meaning mail-headers, addressbook and the accountdata in prefs.js. No idea what that is about, but if you rely on it you may as well post your infos on the internet.
(Additional remark: I did read the docs and activated encryption by setting "Lock=on" in settings.ini)
Stefan
I've written a mail to the projectowner and told him about this thread...
Teuchtlurm
[Bei Interesse mehr evtl. per Mail oder Jabber, mein Englisch ist grauenhaft]
Ignore this. Didnt read enigmail fully.