You are here

Thunderbird and encryption of profile, account infos, addressbook (second)

9 posts / 0 new
Last post
stn21
Offline
Last seen: 15 years 11 months ago
Joined: 2006-08-13 05:40
Thunderbird and encryption of profile, account infos, addressbook (second)

Hi all,

this is getting a bit surreal.

Just check the Search before posting and you find this subject being discussed time and again without ever leading to anything even close to a solution nor any qualified explanation on what is so tough about it.

So here I try again: Thunderbird is at present absolutely unusable as a portable application, for security reasons. You can use it if and only if

- you are really happy about handing your personal information to everybody who gets anywhere near your USB-stick

- or if you are always admin. Then of course you are not portable anymore, you can only use the machines you own. You can then encrypt your profile with truecrypt or otfe. Not that you need encryption if you only work on your own PCs.

All that is very unfortunate because TB is a really excellent email-client, once you ignore the portablity-issues :-).

There are some well-intending people who try to find ways to somehow work around the obvious: the only solution is to have thunderbird encrypt the data.

So two remarks on the issue.

First it seems that this site has pretty good contacts with the developers of Thunderbird, so I would think it a good idea to tell them about this.

Second it would not really be such a big change in Thunderbird. It would be sufficient to put the relevant strings through a function that encrypts them just before writing to harddisk, and to decrypt when reading. It is not necessary to encrypt the whole profile nor would any definitions of the profile have to be changed. The relevant strings could be encoded and written base-64-armored so that there would not be any problems with line-breaks, quotes etc.

The whole format of the files could remain as it is, just some relatively small parts would have to be encrypted, but not otherwise moved or changed in any other way.

Examples for the strings to be encrypted would be
- the subject-lines in the mailbox-files (but not the line-breaks, just the contens of the line)
- Lines in prefs.js like
user_pref("mail.identity.id3.useremail", "myname@mymailprovider.com");
would have to be changed to something like
user_pref("mail.identity.id3.useremail", "Cr7MyYvdjNpZjvKqpFSTicobdDsL7CBsj");

As I said: The format of the file remains the same, only the relevant strings need to be encoded. That simply means one extra function-call when assembling the string "user_pref("mail.identity.id3.us....". The functions that parse and assemble the files could remain unchanged, they would not even "notice" any change.

This would therefore not get in the way of any discussion on new formats for the profiles or any future developments here. In fact if the encryption-function had an on/off-switch and was switched off, the profile would look exactly the same as before without encryption. The encryption would be completely transparent to the rest of the software and would only be noticed if someone tries to actually read the personal data without the password (which is of course the whole point).

This would solve one IMHO serious problem of a large number of portable users and at the same time cause only relatively minor changes to Thunderbird.

So, you people with contact to the TB-developers, wouldn't it help letting them know these concerns?

Cheers
Stefan

Bahamut
Bahamut's picture
Offline
Last seen: 10 years 8 months ago
Joined: 2006-04-07 08:44
you are really happy about

you are really happy about handing your personal information to everybody who gets anywhere near your USB-stick
Mail and personal info never go out of their directories.

I agree that there is a problem, though. The best way to fix it is to write an extension. If you really want to hide your mail, send it to yourself encrypted with GPG.

Vintage!

stn21
Offline
Last seen: 15 years 11 months ago
Joined: 2006-08-13 05:40
The contents of mails are

The contents of mails are not stored in the profile, at least not for IMAP-Accounts. And there is no need for the profile to leave its directory either. The problem arises when the directory itself gets into the wrong hands.

What is stored in the profile are infos like which mail-providers are used, what the email-adresses are, and the contacts in the addressbook. Also mail-headers are always stored in cleartext, even if you would encrypt the mails.

All these informations can be abused in numerous ways, as explained in the thread "Thunderbird and encryption of profile, account infos, addressbook" (last post there was August 23, 2006 - 5:12pm CET.)

This information can be compromised if your stick is lost or stolen, as can happen if you actually use it "portable" meaning in public places like internet cafes or university libraries. If "portable" means the same as "on your own computers", then this thread is not an issue.

An extension does not solve anything, as explained in http://kb.mozillazine.org/Protect_the_profiles_contents. That same page says that at present there is no way to protect your profile-information.

That means exactly what this thread is about: to make Thunderbird useable as a portable application TB itself has to encrypt the vital informations.

What is wrong here? Frankly I cannot see why that should be so difficult to explain. There is no solution other than asking the TB-developers to encrypt the relevant information. Before that TB is not portable. Quite simple.

Ryan McCue
Ryan McCue's picture
Offline
Last seen: 12 years 10 months ago
Joined: 2006-01-06 21:27
Try the MozillaZine forums

http://forums.mozillazine.org/
----
R McCue
PortaBlog Home and My Website
And before anyone complains about the grammar, I'm so jetlagged that my
hands aren't even in the same time zone...

"If you're not part of the solution, you're part of the precipitate."

stn21
Offline
Last seen: 15 years 11 months ago
Joined: 2006-08-13 05:40
Indeed.

Indeed.

Check out http://kb.mozillazine.org/Protect_the_profiles_contents. There is says exactly what I am saying. The profile-contents are at this time unprotectable except by some very weak measures that protect only in very special and limited contexts.

Unfortunately the mozilla-forums are mainly about use on a local PC. For portable use there are a number of considerations that are of no importance to non-portable users.

The portable-apps forum is the right place for these special questions.

Deuce
Offline
Last seen: 11 years 10 months ago
Developer
Joined: 2005-12-24 16:32
I do not belive...

This is the place for such questions to be asked, we can discuss, but not help in that way. PTB is nothing but a stock version of TB with a special launcher. if any such change to the local pc code of tb were implemented it would work with PTB as well, so you need to go to the mozillazine forums and ask there when they will include this.

Also, just because it is ion the local pc does not mean it isn't a problem, I can take a minute at somenes pcv and get the same info that you are talking about. That alone makes it a TB problem that the devs need to fix. So it benefits all local and portable if it can be fixed.

I would suggest you post to the mozillazine forums on this or start a bugtracker on it in TB's bugtracking system.

There is not much we can do for you here, sorry.

***********************************
Deuce {The Core}{Dev Blog}
Portable Software: Just the beginning.

Deuce
Portable Software: Just the beginning.

stn21
Offline
Last seen: 15 years 11 months ago
Joined: 2006-08-13 05:40
Exactly my point: people

Exactly my point: people saying "this is none of my business, you take care".

If this is really none of your personal business then you should not comment in this thread on safe portable thunderbird. As you can see for many previous discussions there many people around here whose business it is.

The problem is well recognized, but computer-savvy people have a way of going at everything with "hands on do-it-yourself solutions", as also previously discussed many times.

In this case unfortunately these "hands on"-solutions do not work (for reasons also see other recent threads on the matter). What would work is getting the TB-developers to do something about it.

That requires that many people speak up on the matter. If the matter is not yours then of course there is no need for you to speak up. Nobody expects you personally to be of any help. But it is necessary to have people who are directly affected to see this as a possible solution before telling the mozilla-team about it.

How do you expect the TB-developers to understand the matter if people around a forum dedicated to "portable" do not even get it?

Deuce
Offline
Last seen: 11 years 10 months ago
Developer
Joined: 2005-12-24 16:32
Well...

I personally, absolutely get it. AND I believe that most of the people here do as well. We arew not disagreeing with you or ignoring you. If you are not getting anyone to help you in this crusade it is not because they do not "get it" they are just either busy with something else OR do not see a problem with it. Those that have tried to find a way to fix this problem, probably have either tried the TB developers or they did not know how to contact them, so they worked on it themselves. That is the Glory of open-source.

But, I personally see this as a problem, BUT I would not and do not see a reason why you should, stay in this thread and argue about it. If you believe strongly in this, go ahead and post in the Mozillazine forums and then post a link to it here. Then those that will support you in this have a place to voice there opinions that the TB developers will see. I am sure they most definatly will not see this unless they come here. Which I doubt.

Do not wait on others to start this for you, just do it and others will follow. As it was stated in Field of dreams "If you build it, they will come".

***********************************
Deuce {The Core}{Dev Blog}
Portable Software: Just the beginning.

Deuce
Portable Software: Just the beginning.

stn21
Offline
Last seen: 15 years 11 months ago
Joined: 2006-08-13 05:40
OK, thank you for you

OK, thank you for you comment. I got that Smile

Just for clarification: none of the solutions I am referring to had anything to do with TB itself. They were all working around TB, mainly with measures like file-encryption or volume-encryption. I have already implemented and tested all of these on my own and found them to be weakly secure at best.

I also believe that everybody "gets it". The matter is understandable. If that is so then why do we still have to argue about it? The solution seems quite obvious to me. So if nobody who contacted mozilla so far has been able to convey the matter then obviously it was not yet considered important enough. Just a few lonely voices. Add a few more lonely voices and they are not lonely anymore.

As for the busy part: there is no need for anyone here to do anything big. It would be completely sufficient to post a short comment saying either "I do not care about this unimportant subject" or saying "I think it is a problem and contacting mozilla may be helpful" or something in between. That takes one minute and would help to either solve or discard the problem.

Anyone?

Topic locked