Protecting the contents of the profile - mail: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
(Strong methods - added Rohos)
m (master password vulnerability, add-ons being sold)
 
(25 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Tbsuite}}
{{Tbsuite}}


All of your messages are normally stored in text files within your [[profile folder]]. Somebody else could read them using Thunderbird or by viewing the appropiate file with a text editor. If you want to prevent this the first thing you need to do is decide how much effort to protect your messages is appropiate. '''The easiest option is to password-protect the profile with an extension, but this is trivial to bypass.''' If you use Firefox to download the extension right click on the download URL and select "Save Link As" (rather than left clicking) to avoid Firefox thinking you want to install the extension in it.
Messages are stored in text files within your [[profile folder]]. Somebody else could read them using Thunderbird or by viewing the appropriate file with a text editor. If you want to prevent this the first thing you need to do is decide how much effort to protect your messages is appropriate. '''The easiest option is to password-protect the profile with an extension, but this is trivial to bypass.'''  


Several methods to consider:
Several methods to consider:
Line 7: Line 7:
==Weak methods==
==Weak methods==


* The [http://forum.addonsmirror.net/index.php?showtopic=1801 ProfilePassword] extension requires a user to enter a password in order to use the profile. It is trivial to bypass by running in [[safe mode]] (to disable the extension) or by using a text editor such as Notepad to read the text files that Thunderbird stores the messages in. This method may be sufficient if other people accessing the same computer are not technical or if they are unlikely to deliberately snoop.  
* The [https://freeshell.de/~kaosmos/profilepassword-en.html ProfilePassword] extension requires a user to enter a password in order to use the profile. It is trivial to bypass by running in [[safe mode]] (to disable the extension) or by using a text editor such as Notepad to read the text files that Thunderbird stores the messages in. This method may be sufficient if other people accessing the same computer are not technical or if they are unlikely to deliberately snoop.  


* The [http://forum.addonsmirror.net/index.php?showtopic=6244  DiddlyDo] extension password protects one or more folders, rather than the entire profile. This [http://forums.mozillazine.org/viewtopic.php?t=273435  thread] describes how to configure it. Its not recommended since the author has stopped development of all of his extensions, and hasn't been heard from for several years. It can be bypassed just like the other extension.  
* The [[master password]] is meant to protect your stored passwords, not your profile. If you configure one it will prompt the user for a master password when they run Thunderbird. Its not very strong [https://www.reddit.com/r/firefox/comments/2yl09k/how_secure_is_the_firefox_master_password/] [https://palant.de/2018/03/10/master-password-in-firefox-or-thunderbird-do-not-bother] , but is secure enough to deter most casual snoopers, especially if you use a long password. Another solution would be to use a free password manager that can auto-type passwords such as [https://keepassxc.orgKeepassXC KeePassXC]. The [https://addons.mozilla.org/en-US/thunderbird/addon/keepass-helper/?src=ss Keepass Helper] add-on "Adds a hostname, URL, or email account ID to the application's window name (e.g., that of Firefox or Thunderbird) to make it recognizable to password manager utilities like KeePassXC." [https://addons.thunderbird.net/en-US/thunderbird/addon/keebird/?src=ss KeeBird] is a alternative that explicitly supports version 60.*.  


* The [[master password]] is meant to protect your stored passwords, not your profile. If you configure one it will prompt the user for a master password when they run Thunderbird. However, if you press the X control or the cancel button three times its replaced by a prompt for the accounts password , which you can cancel. This method is not recommended, but some users might find it sufficient for casual snoopers.
* If you have multiple users on a machine, create a separate Windows user account for each person. Typically this will prevent anybody without admin privileges on that PC from accessing your profile. The easiest way for somebody to bypass that would be to boot another operating system using a [http://www.sysresccd.org/SystemRescueCd_Homepage bootable rescue] CD or flash drive.
 
* If you have multiple users on a machine create a separate Windows user account for each person, and then use the Thunderbird [[Profile Manager]] to create each person's profile somewhere other than the default location. This makes it harder to accidentally stumble across each other's profiles.


==Medium methods==
==Medium methods==


* Use operating system commands to restrict access to the files. For example, if you store your profile on a NTFS partition under Windows 2000 or XP you can right-click on the folder in Windows Explorer, select Properties, [http://www.tweakxp.com/article37380.aspx the Security tab], and then specify who has access to that folder. That can be bypassed by somebody else with admin privileges, or by booting another operating system using a live CD such as Knoppix. In a business environment an admin might consider using group or system policy settings to restrict access or store it in a password-protected file share on a file server.  
* Use operating system commands to restrict access to the files. For example, if you store your profile on a NTFS partition you can right-click on the folder in Windows Explorer, select Properties, [http://www.tweakxp.com/article37380.aspx the Security tab], and then specify who has access to that folder. That can be bypassed by somebody else with admin privileges, or by booting another operating system using a live CD such as Knoppix. The Windows 10 Fall Creators Update added "[https://www.bleepingcomputer.com/news/microsoft/windows-10s-controlled-folder-access-anti-ransomware-feature-is-now-live/ Controlled File Access]". It is being publicized as a anti-ransomware feature but it can also be used to control what applications can access your profile. In a business environment an admin might consider using group or system policy settings to restrict access or store it in a password-protected file share on a file server.  
 
* The Professional version of Windows 2000 and later versions of Windows supports encrypting files and folders on NTFS volumes using [http://en.wikipedia.org/wiki/Encrypting_File_System EFS] (encrypted file system). Right click on the profile folder in Windows Explorer, select Properties, Advanced, check "Encrypt contents to secure data" and then press the Apply button. One risk is that another user with admin privileges can decrypt a folder by modifying the [http://technet.microsoft.com/en-us/library/bb457020.aspx Data Recovery Agent] configuration and just wait for you to login again. Encrypting a folder doesn't prevent somebody from deleting it or listing its contents so you may want to set the NTFS permissions to prevent that (as described in the preceding paragraph).
* The Professional version of Windows 2000 and later versions of Windows supports encrypting files and folders on NTFS volumes using [http://en.wikipedia.org/wiki/Encrypting_File_System EFS] (encrypted file system). Right click on the profile folder in Windows Explorer, select Properties, Advanced, check "Encrypt contents to secure data" and then press the Apply button. One risk is that another user with admin privileges can decrypt a folder by modifying the [http://technet.microsoft.com/en-us/library/bb457020.aspx Data Recovery Agent] configuration and just wait for you to login again. Encrypting a folder doesn't prevent somebody from deleting it or listing its contents so you may want to set the NTFS permissions to prevent that (as described in the preceding paragraph).


* [[Running from a USB drive (Thunderbird)|Store the profile on a USB/flash disk]]. They frequently support requiring a password to access the contents, and you can always remove the USB/flash disk.
* [[Running from a USB drive (Thunderbird)|Store the profile on a USB/flash disk]]. They frequently support requiring a password to access the contents, and you can always remove the USB/flash disk.


* Use an [[IMAP]] account. By default, IMAP stores messages on remote folders which you can access as if they're local folders. This doesn't protect your address book or other files in your profile, but it does simplify things since it does not download the message body to your hard disk, even when you're reading it. Somebody could still use any passwords you stored in the Password Manager unless you set a [[master password]]. <br><br>Note: You can password protect the contents of the message pane by setting mail.password_protect_local_cache to true using the [[Modify_Thunderbird_settings | configuration editor]]. However that seems redundant if you don't use the password manager, and if you use the password manager that supplies the password.
* Use an [[IMAP]] account. By default, IMAP stores messages on remote folders on a server which you can access as if they're local folders. This doesn't protect local cache. Nor does it protect your address book or other files in your profile. But it does simplify things since it does not download the message body to your hard disk, even when you're reading it. Somebody could still use any passwords you stored in the Password Manager unless you set a [[master password]]. <p>Thunderbird 3 by default downloads all your messages to your computer via message synchronization. You need to disable that in [[Menu_differences_in_Windows,_Linux,_and_Mac | Tools -> Account Settings]] -> Synchronization & Storage if you want to only store messages in remote folders.<br><br>Note: You can password protect the contents of the message pane by setting mail.password_protect_local_cache to true using the [[Modify_Thunderbird_settings | configuration editor]] in conjunction with setting a master password in Thunderbird.


==Strong methods==
==Strong methods==


* Store the profile on a password-protected encrypted disk partition. You want to use a encrypted disk partition to avoid being prompted to encrypt and decrypt each file. You don't necessarily have to use a real partition, typically this type of software also supports file containers, a way to make to make a file act like a partition. If the profile already exists, move it per [[Moving_your_profile_folder | these instructions]].  
* Store the profile on a password-protected encrypted disk partition. You want to use a encrypted disk partition to avoid being prompted to encrypt and decrypt each file. You don't necessarily have to use a real partition, typically this type of software also supports file containers, a way to make to make a file act like a partition. If the profile already exists, move it per [[Moving_your_profile_folder_-_Thunderbird | these instructions]].
 
:* TrueCrypt used to be the most frequently recommended solution due to its good reputation and it supporting Windows, OS X and Linux. Its unclear why the [https://www.schneier.com/blog/archives/2014/05/truecrypt_wtf.html original project suddenly shut down] in a bizarre way May 28, 2014, replacing version 7.1a with a version 7.2 that only lets you decrypt existing disk partitions. Verified copies of 7.1a are available at a [https://github.com/AuditProject/truecrypt-verified-mirror?files=1 mirror provided by the OpenSource Audit Project]. [https://veracrypt.codeplex.com VeraCrypt] is a fork of TrueCrypt that supposedly fixes “all the serious security issues and weaknesses found so far in the source code” by the Open Crypto Audit Project. There are a couple of other replacements such as [https://truecrypt.ch TCnext] and [https://www.ciphershed.org CipherShed] but they are nowhere near as popular as VeraCrypt.
 
:* [http://diskcryptor.net/wiki/Main_Page/en Diskcryptor] was originally compatible with TrueCrypt but now supports its own format. It supports many configuration options for booting an encrypted operating system , supports Windows LiveCD, and has full support for external storage devices. Its only available for XP and later versions of MS Windows.  


:* [http://www.truecrypt.org/ TrueCrypt] is most frequently recommended. Its available for both Windows and Linux, and has a installation wizard. [http://www.grc.com/sn/SN-041.htm Transcript] of Steve Gibson podcast about the merits of TrueCrypt.  
:* OSX includes [http://en.wikipedia.org/wiki/FileVault FileVault]. Ultimate and Enterprise editions of Vista and Windows 7 include [https://en.wikipedia.org/wiki/BitLocker_Drive_Encryption BitLocker Drive Encryption]. Both can encrypt the entire drive.


:* The free version of [http://www.pgpi.org/products/pgpdisk/ pgpdisk] or [http://axcrypt.sourceforge.net/ Axcrypt] works with most versions of Windows.  
:* Symantec (they bought PGP) sells PGP whole disk encryption (encrypts entire disk) and PGP Desktop Email (encrypts just your mail). Thunderbird's built-in S/MIME support or the [http://enigmail.mozdev.org/home/index.php.html Enigmail] (OpenPGP add-on) are free alternatives to PGP Desktop Email. The main problem with protecting your mail by sending and receiving encrypted messages is that you might be willing to deal with the hassles, but most people won't. You will typically have a mixture of encrypted and unprotected messages.  


:* [http://www.freeotfe.org/ FreeOTFE] supports Microsoft Windows 2000/XP/Vista. It can also create Linux compatible volumes (Cryptoloop "losetup", dm-crypt and LUKS are supported) for FAT32/NTFS . It does not require admin rights.
:* If you're running Linux there are many ways to encrypt a partition such as [https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md  LUKS], [http://www.linuxlinks.com/article/20110403082338722/loop-AES.html Loop-AES] and [http://www.debuntu.org/2006/06/04/62-how-to-use-encrypted-directories-with-encfs-and-fuse/ EncFS/FUSE] .


:* The combination of [http://www.rohos.com/products/rohos-mini-drive/ Rohos Mini Drive] and [http://www.rohos.com/support/knowledge-base/rohos-disk-browser/ Rohos Disk Browser] supports on the fly encryption of FAT32/NTFS partitions without requiring admin privileges. It might be the best choice for a roaming user. See [http://www.rohos.com/2009/10/on-the-fly-encryption-without-admin-rights/] and [http://www.rohos.com/products/rohos-mini-drive/encrypted-partition-with-rohos-mini/] for more information.
* There is nothing necessarily wrong with the following solutions, but they don't have the same reputation:


:* OSX includes [http://en.wikipedia.org/wiki/FileVault FileVault].  
:* The freeware version of [http://www.axcrypt.net Axcrypt] works with most versions of Windows. It uses 128bit AES. There is also a subscription based premium version. See [http://www.techsupportforum.com/3399-how-to-encrypt-individual-files-and-folders-using-axcrypt/ How To Encrypt Individual Files and Folders Using AxCrypt] . [https://www.aescrypt.com/ AES Crypt] is a similar utility that uses 256bit AES and is open source.  


:* If you're running Linux there are many ways to encrypt a partition such as [http://luks.endorphin.org/ LUKS], [http://feraga.com/library/howto_use_loop_aes Loop-AES] and [http://www.debuntu.org/2006/06/04/62-how-to-use-encrypted-directories-with-encfs-and-fuse/ EncFS/FUSE] .
:* The combination of [http://www.rohos.com/products/rohos-mini-drive/ Rohos Mini Drive] and [http://www.rohos.com/support/knowledge-base/rohos-disk-browser/ Rohos Disk Browser] supports on the fly encryption of FAT32/NTFS partitions on USB flash drives without requiring admin privileges. It might be the best choice for a roaming Windows user. See [http://www.rohos.com/2009/10/on-the-fly-encryption-without-admin-rights/] and [http://www.rohos.com/products/rohos-mini-drive/encrypted-partition-with-rohos-mini/] for more information.


* You can combine methods, such as creating a TrueCrypt volume on a USB drive per [http://www.dailycupoftech.com/?page_id=100 these instructions].
:* If you just want to secure the contents of one folder and don't normally use the Local Folders special account you could move the messages you want to protect there and with one click in windows explorer encrypt/decrypt the mbox file containing those messages using either Axcrypt or AES Crypt. A "inbox" mail folder would have a "inbox." mbox file that contains the messages, a "inbox.msf" file that is a cache of the folder listing (if its deleted Thunderbird will automatically re-create it) and a inbox.sbd child directory used to organize any other child folders into a folder hierarchy. The "Local Folders" special account doesn't know how to check for new mail so nothing is going to notice that the mbox file is encrypted until you explicitly open that folder. Trying to open it should fail, but not harm anything. Some quick experimentation using a encrypted folder that has copies of messages that you don't care about should prove that one way or another.


If you're fanatical about privacy:
* If you're fanatical about privacy:


:* Think about where your temporary files are stored. Thunderbird creates two temporary files when sending a message. Opening an attachment will also typically create a temporary file. Under Windows you can set the TMP and TEMP environmental variables to point to where temporary files should be created. You might set it to a small RAM disk or a directory in an existing password-protected encrypted disk partition.  
:* All add-ons have full access to everything that Thunderbird does, including your passwords and mail. Its safest if you only use add-ons from [https://www.thunderbird.net/en-US/ thunderbird.net] as their source code was reviewed, but that is still not a guarantee that your data won't be misused. There is also the possibility that an author might sell a popular add-on to a company that takes advantage of its reputation, though this is normally an issue just for browsers. [https://www.ghacks.net/2016/11/01/browsing-history-sold/]. [https://www.ghacks.net/2018/07/03/it-is-time-to-get-rid-of-stylish/]
 
:* Think about where your temporary files are stored. Thunderbird creates two temporary files when sending a message, and sometimes creates others in a MozillaMailnews subdirectory (in that directory). Opening an attachment will also typically create a temporary file. Under Windows you can set the TMP and TEMP environmental variables to point to where temporary files should be created. You might set it to a small RAM disk or a directory in an existing password-protected encrypted disk partition.  


:* If you delete a message stored in your POP account or Local Folders directory the original message is still in that folder (just hidden from view and marked for deletion). When you [[compacting folders |compact a folder]] it physically deletes the "deleted" messages. It creates a [[Nstmp folders | temporary "nstmp" file]] and then deletes it when it does this. You'd need to use a secure data removal tool to prevent somebody from using a disk editor to read the sectors used to store those messages. However, if you stored the profile on a password-protected encrypted disk partition the messages in the freed sectors should still be encrypted, not clear text.
:* If you delete a message stored in your POP account or Local Folders directory the original message is still in that folder (just hidden from view and marked for deletion). When you [[compacting folders |compact a folder]] it physically deletes the "deleted" messages. It creates a [[Nstmp folders | temporary "nstmp" file]] and then deletes it when it does this. You'd need to use a secure data removal tool to prevent somebody from using a disk editor to read the sectors used to store those messages. However, if you stored the profile on a password-protected encrypted disk partition the messages in the freed sectors should still be encrypted, not clear text.


:* A IMAP account stores the headers for each folder in mail summary files on the hard disk. The *.msf files contain the subject and the email addresses for each message. One way to automaticly remove those files would be to modify the Thunderbird shortcut to launch a batch file, and have it cleanup when you exit Thunderbird. The first line would launch Thunderbird. The second line could contain something like ''del accounts_pathname\*.msf /S'' to delete all of the *.msf files in the IMAP account directory in the profile. Doing this will force Thunderbird to fetch the headers for any remote folder you open (such as the inbox folder) the next time you run it.
:* A IMAP account stores the headers for each folder in mail summary files on the hard disk. The *.msf files contain the subject and the email addresses for each message. One way to automatically remove those files would be to modify the Thunderbird shortcut to launch a batch file, and have it cleanup when you exit Thunderbird. The first line would launch Thunderbird. The second line could contain something like ''del accounts_pathname\*.msf /S'' to delete all of the *.msf files in the IMAP account directory in the profile. Doing this will force Thunderbird to fetch the headers for any remote folder you open (such as the inbox folder) the next time you run it.
 
:* Don't forget about the optional disk cache (Cache directory), offline folders (OfflineCache directory), search index (globl-message-db.sqlite) and *.wdseml files (Windows Search Integration) in the [http://kb.mozillazine.org/Files_and_folders_in_the_profile_-_Thunderbird profile]. Deleting an account doesn't delete its messages, it just makes Thunderbird forget about that account
 
:* There are products such as Passware Kit Forensic that can within an hour decrypt hard drives encrypted using BitLocker, FileVault and TrueCrypt. It can also recover passwords for PGP virtual disks and Mac keychain files.  It doesn't 'break' the encryption, it does a memory dump to extract the keys while the user is logged in. This type of attack has been known for a long while and doesn't work if you power off rather than leave the computer in sleep mode, or dismount the volume. [http://www.mcbsys.com/techblog/2010/08/how-secure-are-truecrypt-and-bitlocker/] [http://reviews.cnet.com/8301-13727_7-57369983-263/filevault-2-easily-decrypted-warns-passware/?part=rss&subj=latest-news&tag=title]


==See also==
==See also==
Line 56: Line 64:


==External links==
==External links==
* [http://www.ccleaner.com/ CCleaner- removes used files and traces of Internet activities].
* [http://www.tolvanen.com/eraser/ Eraser - a secure data removal tool].
* [http://www.microsoft.com/technet/sysinternals/utilities/SDelete.mspx Microsoft Sdelete utility - a secure data removal tool]
*[http://www.spywarewarrior.com/uiuc/main-nf.htm Protecting Your Privacy & Security] - list of links at spywarewarrior.com.
*[http://www.minasi.com/vista/chml.htm Utility to change a Vista file or folder's integrity level]


* [https://bugzilla.mozilla.org/show_bug.cgi?id=16489 Bug report requesting password protected profiles]
* [https://bugzilla.mozilla.org/show_bug.cgi?id=16489 Bug report requesting password protected profiles]
* [https://bugzilla.mozilla.org/show_bug.cgi?id=19184 Bug report requesting "Encrypt bookmark folders, cache, etc. inside a profile for privacy"]
* [http://www.thinq.co.uk/2011/2/24/flash-memory-cant-be-securely-erased/ Flash memory can't be securely erased]
* [http://www.minasi.com/apps/ chml and regil: Utilities To Manage Windows Integrity Levels]


* [https://bugzilla.mozilla.org/show_bug.cgi?id=19184 Bug report requesting "Encrypt bookmark folders, cache, etc. inside a profile for privacy"]
Some lists of links
* [http://www.spywarewarrior.com/uiuc/main-nf.htm Protecting Your Privacy & Security]
* [https://www.privacytools.io/ Privacytools.io]
* [https://hackblossom.org/cybersecurity/ A DIY Guide to Feminist Cybersecurity]
* [https://prxbx.com/email/ Privacy conscious email suppliers]
* [http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm?page=0,13#Secure_e-mail_service Gizmo's Free Windows Desktop Software Security List]
* [https://github.com/OpenTechFund/secure-email Overview of projects working on next-generation secure email.]


[[Category:Privacy and security]]
[[Category:Privacy and security]]
[[Category:Profiles]]
[[Category:Profiles]]
[[Category:Privacy and security (Thunderbird)]]
[[Category:Privacy and security (Thunderbird)]]

Latest revision as of 17:51, 14 December 2018

This article was written for Thunderbird but also applies to Mozilla Suite / SeaMonkey (though some menu sequences may differ).

Messages are stored in text files within your profile folder. Somebody else could read them using Thunderbird or by viewing the appropriate file with a text editor. If you want to prevent this the first thing you need to do is decide how much effort to protect your messages is appropriate. The easiest option is to password-protect the profile with an extension, but this is trivial to bypass.

Several methods to consider:

Weak methods

  • The ProfilePassword extension requires a user to enter a password in order to use the profile. It is trivial to bypass by running in safe mode (to disable the extension) or by using a text editor such as Notepad to read the text files that Thunderbird stores the messages in. This method may be sufficient if other people accessing the same computer are not technical or if they are unlikely to deliberately snoop.
  • The master password is meant to protect your stored passwords, not your profile. If you configure one it will prompt the user for a master password when they run Thunderbird. Its not very strong [1] [2] , but is secure enough to deter most casual snoopers, especially if you use a long password. Another solution would be to use a free password manager that can auto-type passwords such as KeePassXC. The Keepass Helper add-on "Adds a hostname, URL, or email account ID to the application's window name (e.g., that of Firefox or Thunderbird) to make it recognizable to password manager utilities like KeePassXC." KeeBird is a alternative that explicitly supports version 60.*.
  • If you have multiple users on a machine, create a separate Windows user account for each person. Typically this will prevent anybody without admin privileges on that PC from accessing your profile. The easiest way for somebody to bypass that would be to boot another operating system using a bootable rescue CD or flash drive.

Medium methods

  • Use operating system commands to restrict access to the files. For example, if you store your profile on a NTFS partition you can right-click on the folder in Windows Explorer, select Properties, the Security tab, and then specify who has access to that folder. That can be bypassed by somebody else with admin privileges, or by booting another operating system using a live CD such as Knoppix. The Windows 10 Fall Creators Update added "Controlled File Access". It is being publicized as a anti-ransomware feature but it can also be used to control what applications can access your profile. In a business environment an admin might consider using group or system policy settings to restrict access or store it in a password-protected file share on a file server.
  • The Professional version of Windows 2000 and later versions of Windows supports encrypting files and folders on NTFS volumes using EFS (encrypted file system). Right click on the profile folder in Windows Explorer, select Properties, Advanced, check "Encrypt contents to secure data" and then press the Apply button. One risk is that another user with admin privileges can decrypt a folder by modifying the Data Recovery Agent configuration and just wait for you to login again. Encrypting a folder doesn't prevent somebody from deleting it or listing its contents so you may want to set the NTFS permissions to prevent that (as described in the preceding paragraph).
  • Use an IMAP account. By default, IMAP stores messages on remote folders on a server which you can access as if they're local folders. This doesn't protect local cache. Nor does it protect your address book or other files in your profile. But it does simplify things since it does not download the message body to your hard disk, even when you're reading it. Somebody could still use any passwords you stored in the Password Manager unless you set a master password.

    Thunderbird 3 by default downloads all your messages to your computer via message synchronization. You need to disable that in Tools -> Account Settings -> Synchronization & Storage if you want to only store messages in remote folders.

    Note: You can password protect the contents of the message pane by setting mail.password_protect_local_cache to true using the configuration editor in conjunction with setting a master password in Thunderbird.

Strong methods

  • Store the profile on a password-protected encrypted disk partition. You want to use a encrypted disk partition to avoid being prompted to encrypt and decrypt each file. You don't necessarily have to use a real partition, typically this type of software also supports file containers, a way to make to make a file act like a partition. If the profile already exists, move it per these instructions.
  • TrueCrypt used to be the most frequently recommended solution due to its good reputation and it supporting Windows, OS X and Linux. Its unclear why the original project suddenly shut down in a bizarre way May 28, 2014, replacing version 7.1a with a version 7.2 that only lets you decrypt existing disk partitions. Verified copies of 7.1a are available at a mirror provided by the OpenSource Audit Project. VeraCrypt is a fork of TrueCrypt that supposedly fixes “all the serious security issues and weaknesses found so far in the source code” by the Open Crypto Audit Project. There are a couple of other replacements such as TCnext and CipherShed but they are nowhere near as popular as VeraCrypt.
  • Diskcryptor was originally compatible with TrueCrypt but now supports its own format. It supports many configuration options for booting an encrypted operating system , supports Windows LiveCD, and has full support for external storage devices. Its only available for XP and later versions of MS Windows.
  • Symantec (they bought PGP) sells PGP whole disk encryption (encrypts entire disk) and PGP Desktop Email (encrypts just your mail). Thunderbird's built-in S/MIME support or the Enigmail (OpenPGP add-on) are free alternatives to PGP Desktop Email. The main problem with protecting your mail by sending and receiving encrypted messages is that you might be willing to deal with the hassles, but most people won't. You will typically have a mixture of encrypted and unprotected messages.
  • There is nothing necessarily wrong with the following solutions, but they don't have the same reputation:
  • The combination of Rohos Mini Drive and Rohos Disk Browser supports on the fly encryption of FAT32/NTFS partitions on USB flash drives without requiring admin privileges. It might be the best choice for a roaming Windows user. See [3] and [4] for more information.
  • If you just want to secure the contents of one folder and don't normally use the Local Folders special account you could move the messages you want to protect there and with one click in windows explorer encrypt/decrypt the mbox file containing those messages using either Axcrypt or AES Crypt. A "inbox" mail folder would have a "inbox." mbox file that contains the messages, a "inbox.msf" file that is a cache of the folder listing (if its deleted Thunderbird will automatically re-create it) and a inbox.sbd child directory used to organize any other child folders into a folder hierarchy. The "Local Folders" special account doesn't know how to check for new mail so nothing is going to notice that the mbox file is encrypted until you explicitly open that folder. Trying to open it should fail, but not harm anything. Some quick experimentation using a encrypted folder that has copies of messages that you don't care about should prove that one way or another.
  • If you're fanatical about privacy:
  • All add-ons have full access to everything that Thunderbird does, including your passwords and mail. Its safest if you only use add-ons from thunderbird.net as their source code was reviewed, but that is still not a guarantee that your data won't be misused. There is also the possibility that an author might sell a popular add-on to a company that takes advantage of its reputation, though this is normally an issue just for browsers. [5]. [6]
  • Think about where your temporary files are stored. Thunderbird creates two temporary files when sending a message, and sometimes creates others in a MozillaMailnews subdirectory (in that directory). Opening an attachment will also typically create a temporary file. Under Windows you can set the TMP and TEMP environmental variables to point to where temporary files should be created. You might set it to a small RAM disk or a directory in an existing password-protected encrypted disk partition.
  • If you delete a message stored in your POP account or Local Folders directory the original message is still in that folder (just hidden from view and marked for deletion). When you compact a folder it physically deletes the "deleted" messages. It creates a temporary "nstmp" file and then deletes it when it does this. You'd need to use a secure data removal tool to prevent somebody from using a disk editor to read the sectors used to store those messages. However, if you stored the profile on a password-protected encrypted disk partition the messages in the freed sectors should still be encrypted, not clear text.
  • A IMAP account stores the headers for each folder in mail summary files on the hard disk. The *.msf files contain the subject and the email addresses for each message. One way to automatically remove those files would be to modify the Thunderbird shortcut to launch a batch file, and have it cleanup when you exit Thunderbird. The first line would launch Thunderbird. The second line could contain something like del accounts_pathname\*.msf /S to delete all of the *.msf files in the IMAP account directory in the profile. Doing this will force Thunderbird to fetch the headers for any remote folder you open (such as the inbox folder) the next time you run it.
  • Don't forget about the optional disk cache (Cache directory), offline folders (OfflineCache directory), search index (globl-message-db.sqlite) and *.wdseml files (Windows Search Integration) in the profile. Deleting an account doesn't delete its messages, it just makes Thunderbird forget about that account
  • There are products such as Passware Kit Forensic that can within an hour decrypt hard drives encrypted using BitLocker, FileVault and TrueCrypt. It can also recover passwords for PGP virtual disks and Mac keychain files. It doesn't 'break' the encryption, it does a memory dump to extract the keys while the user is logged in. This type of attack has been known for a long while and doesn't work if you power off rather than leave the computer in sleep mode, or dismount the volume. [7] [8]

See also

External links

Some lists of links