this is getting a bit surreal.
Just check the Search before posting and you find this subject being discussed time and again without ever leading to anything even close to a solution nor any qualified explanation on what is so tough about it.
So here I try again: Thunderbird is at present absolutely unusable as a portable application, for security reasons. You can use it if and only if
- you are really happy about handing your personal information to everybody who gets anywhere near your USB-stick
- or if you are always admin. Then of course you are not portable anymore, you can only use the machines you own. You can then encrypt your profile with truecrypt or otfe. Not that you need encryption if you only work on your own PCs.
All that is very unfortunate because TB is a really excellent email-client, once you ignore the portablity-issues :-).
There are some well-intending people who try to find ways to somehow work around the obvious: the only solution is to have thunderbird encrypt the data.
So two remarks on the issue.
First it seems that this site has pretty good contacts with the developers of Thunderbird, so I would think it a good idea to tell them about this.
Second it would not really be such a big change in Thunderbird. It would be sufficient to put the relevant strings through a function that encrypts them just before writing to harddisk, and to decrypt when reading. It is not necessary to encrypt the whole profile nor would any definitions of the profile have to be changed. The relevant strings could be encoded and written base-64-armored so that there would not be any problems with line-breaks, quotes etc.
The whole format of the files could remain as it is, just some relatively small parts would have to be encrypted, but not otherwise moved or changed in any other way.
Examples for the strings to be encrypted would be
- the subject-lines in the mailbox-files (but not the line-breaks, just the contens of the line)
- Lines in prefs.js like
would have to be changed to something like
As I said: The format of the file remains the same, only the relevant strings need to be encoded. That simply means one extra function-call when assembling the string "user_pref("mail.identity.id3.us....". The functions that parse and assemble the files could remain unchanged, they would not even "notice" any change.
This would therefore not get in the way of any discussion on new formats for the profiles or any future developments here. In fact if the encryption-function had an on/off-switch and was switched off, the profile would look exactly the same as before without encryption. The encryption would be completely transparent to the rest of the software and would only be noticed if someone tries to actually read the personal data without the password (which is of course the whole point).
This would solve one IMHO serious problem of a large number of portable users and at the same time cause only relatively minor changes to Thunderbird.
So, you people with contact to the TB-developers, wouldn't it help letting them know these concerns?