You are here

Thunderbird and encryption of profile, account infos, addressbook

10 posts / 0 new
Last post
stn21
Offline
Last seen: 17 years 9 months ago
Joined: 2006-08-13 05:40
Thunderbird and encryption of profile, account infos, addressbook

Hi,

this topic has been discussed before and always seemed to run into a dead end.

Thunderbird allows the encryption of account-login-name and password.

All other info is still available unencrypted in the files in the folder profile. This includes my email-addresses and mail-providers, address book and at least some of the mail-headers and subjects in the folders.

The latter can be resolved by (securely) deleting all the mailboxes (*.msf) or better still the folders .../ImapMail and .../Mail after shutting down thunderbird. These folders are then recreated once thunderbird is started again.

Obviously the other infos cannot be deleted. That means that if someone finds/steals my USB-drive he will have lots of information he could use to try to access my mail or send mails in my name or hassle my contacts etc.

IHMO this is serious and means that thunderbird cannot be used on a USB-drive.

Encryption as with truecrypt is not an option because it does work unless you have admin-rights. And these you will usually _not_ have if you really go portable.

The only real solution I can imagine would be to have thunderbird itself encrypt the data.

Is there some other mail-client around that supports IMAP and multiple accounts and locally encrypts the data?

Stefan

Bruce Pascoe
Offline
Last seen: 12 years 5 months ago
Joined: 2006-01-15 16:14
...

Thunderbird wasn't really designed to be the Fort Knox of email clients in the first place. I consider it more of a casual-use email client, like Outlook Express. Heaven knows that's who Mozilla is marketing it to.

As for your question: no, I don't know of any email clients that offer such functionality.

-
< ExplosivePrincess 1.5 Atomic Bomb Edition >
warning: keep explosiveprincess away from children

Teuchtlurm
Offline
Last seen: 15 years 3 months ago
Joined: 2006-07-25 19:17
Ritlabs Voyager does

Voyager from Ritlabs is the "mobile version" from their mailclient "The Bat". Complete database is password protected. Unfortunately "The Bat!" and Voyager aren't opensource and free. This and some other reasons made me change to Thunderbird...

Teuchtlurm

stn21
Offline
Last seen: 17 years 9 months ago
Joined: 2006-08-13 05:40
Yes, quite obviously

Yes, quite obviously Thunderbird is not very secure in the local environment, including USB-stick. That is exactly why I posted on this forum.

Allow me to rephrase.

Thunderbird is not very suitable for use as a portable application because it leaves far too much valid information to anyone who happens to get his hands on someone else's USB-drive. This is the request-thread, so I would like to request not a completely new application but instead a thunderbird that optionally encrypts the addressbook and the mailbox-files (and the login+password of course, but that is already done).

Stefan

gjjh25
Offline
Last seen: 2 months 3 weeks ago
Joined: 2006-04-03 07:38
is it not possible to

is it not possible to encrypt the folders when you have finished with it. i know this is a bit messy but i think it may be one solution

Graham Yates

lazyart
Offline
Last seen: 17 years 8 months ago
Joined: 2006-08-13 11:53
Look at this batch file

Check the notes in this thread: https://portableapps.com/node/2605

I was concerned with the same thing since I keep many passwords and account numbers in email. Decrypt when launching Tbird (prompts for the key), then encrypt when closing PStart. Admin rights are not needed.

Teuchtlurm
Offline
Last seen: 15 years 3 months ago
Joined: 2006-07-25 19:17
Mobility Project

Have a look at http://www.mobilityemail.net/
Using portable Thunderbird with GPG and enigmail included, it's possible do encrypt data.

Teuchtlurm

stn21
Offline
Last seen: 17 years 9 months ago
Joined: 2006-08-13 05:40
Hi, thanks for the

Hi, thanks for the hint.

Unfortunately it does not work Sad

- it requires administrative priviledges: the encryption-process tries to access files on C:\, which is only allowed for admins:
gpg: keyblock resource `c:/gnupg\secring.gpg': file open error
gpg: keyblock resource `c:/gnupg\pubring.gpg': file open error

- the concept is very weak (even if it would work, see below): the profile is encrypted AFTER ending thunderbird. That means that if you log off before ending thunderbird or if the PC crashes or if someone steals your stick while the profile is unlocked your privacy is blown.

- it does not encrypt anything: after running the encryption-procedure I could still find every bit of personal information I had entered, meaning mail-headers, addressbook and the accountdata in prefs.js. No idea what that is about, but if you rely on it you may as well post your infos on the internet.
(Additional remark: I did read the docs and activated encryption by setting "Lock=on" in settings.ini)

Stefan

Teuchtlurm
Offline
Last seen: 15 years 3 months ago
Joined: 2006-07-25 19:17
I've written a mail to the

I've written a mail to the projectowner and told him about this thread...

Teuchtlurm

[Bei Interesse mehr evtl. per Mail oder Jabber, mein Englisch ist grauenhaft]

lazyart
Offline
Last seen: 17 years 8 months ago
Joined: 2006-08-13 11:53
Ignore this. Didnt read

Ignore this. Didnt read enigmail fully.

Topic locked