MozillaZine

Protecting the contents of the profile - mail

From MozillaZine Knowledge Base

(Difference between revisions)
Revision as of 23:42, 1 February 2006
Tanstaafl (Talk | contribs)
(added info for paranoids since I keep having to answer thier questions)
<-- Previous diff
Revision as of 16:04, 2 February 2006
Wintogreen (Talk | contribs)
(tidying; putting links in context; also, let's not explicity *tell* people how to bypass password-protection extensions)
Next diff -->
Line 2: Line 2:
-All of your messages are normally stored in text files within your [[Profile_folder | profile]]. Somebody else could read it using Thunderbird or by opening the appropiate file with a text editor. If you want to prevent this the first thing you need to do is decide how much effort to protect your messages is appropiate. '''Many users use a extension to password protect the profile. This is trivial to bypass but its enough of a nuisance that it meets most peoples needs.''' +All of your messages are normally stored in text files within your [[profile folder]]. Somebody else could read them using Thunderbird or by viewing the appropiate file with a text editor. If you want to prevent this the first thing you need to do is decide how much effort to protect your messages is appropiate. '''The easiest option is to password-protect the profile with an extension, but this provides only a low level of protection.'''
Several methods to consider: Several methods to consider:
-* Install an [[Password-protected_profile | extension that requires a password]] in order to use the profile. This can be defeated by launching Thunderbird in [[Safe_mode | safe mode]] or using notepad to read the stored messages. +* Install an [[Password-protected profile | extension that requires a password]] in order to use the profile. This method may be sufficient if the other people accessing the same computer are not very technically inclined or if they are unlikely to deliberately snoop.
-* If you have multiple users on a machine as a minimum create a seperate windows user account for each, and use the profile manager to create each profile somewhere other than the default location. This makes it harder to accidentally stumble across each others profiles.+* If you have multiple users on a machine as a minimum create a separate Windows user account for each person, and then use the Thunderbird [[Profile Manager]] to create each person's profile somewhere other than the default location. This makes it harder to accidentally stumble across each other's profiles.
-* Use operating system commands to restrict access to the files. For example, if you store your profile on a NTFS partition under Windows 2000 or XP you can right click on the folder in windows explorer, select properties, [http://windows.about.com/od/tipsarchive/l/bltip542.htm the security tab], and then specify who has access to that folder. That can be bypassed by somebody else with admin privileges, or by booting another operating system using a live CD such as Knoppix. In a business environment an admin might consider using group or system policy settings to restrict access or store it in password protected file share on a file server. +* Use operating system commands to restrict access to the files. For example, if you store your profile on a NTFS partition under Windows 2000 or XP you can right-click on the folder in Windows Explorer, select Properties, [http://windows.about.com/od/tipsarchive/l/bltip542.htm the Security tab], and then specify who has access to that folder. That can be bypassed by somebody else with admin privileges, or by booting another operating system using a live CD such as Knoppix. In a business environment an admin might consider using group or system policy settings to restrict access or store it in password-protected file share on a file server.
-* Store the profile on a USB/flash disk. They frequently support requiring a password to access the contents, and you can always remove the USB/flash disk.+* [[Running from a USB drive (Thunderbird)|Store the profile on a USB/flash disk]]. They frequently support requiring a password to access the contents, and you can always remove the USB/flash disk.
-* Use a IMAP account. By default, IMAP stores messages on remote folders which you can access as if they're local folders. This doesn't protect your address book or other files in your profile, but it does simplify things since it does not download the message body to your hard disk, even when you're reading it. Somebody could still use any passwords you stored in the password manager unless you set a master password.+* Use an [[IMAP]] account. By default, IMAP stores messages on remote folders which you can access as if they're local folders. This doesn't protect your address book or other files in your profile, but it does simplify things since it does not download the message body to your hard disk, even when you're reading it. Somebody could still use any passwords you stored in the Password Manager unless you set a [[master password]].
-* Store the profile on a password protected encrypted disk partition. This is the most secure solution. You want to use a encrypted disk partition to avoid being prompted to encrypt and decrypt each file. If you're running the pro version of Windows 2000 or XP you can use the [http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prnb_efs_qutx.asp Microsoft EFS (Encrypted File System) file system]. You could also use the free version of [http://www.pgpi.org/products/pgpdisk/ pgpdisk] , [http://axcrypt.sourceforge.net/ Axcrypt] or [http://www.truecrypt.org/ TrueCrypt]. If you're running Linux there are many ways to encrypt a partition such as [http://koeln.ccc.de/archiv/drt/crypto/ppdd.man.html pppd - Practical Privacy Disc Driver]+* Store the profile on a password-protected encrypted disk partition. This is the most secure solution. You want to use a encrypted disk partition to avoid being prompted to encrypt and decrypt each file. If you're running the Pro version of Windows 2000 or XP you can use the [http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prnb_efs_qutx.asp Microsoft EFS (Encrypted File System) file system]. You could also use the free version of [http://www.pgpi.org/products/pgpdisk/ pgpdisk] , [http://axcrypt.sourceforge.net/ Axcrypt] or [http://www.truecrypt.org/ TrueCrypt]. If you're running Linux there are many ways to encrypt a partition such as [http://koeln.ccc.de/archiv/drt/crypto/ppdd.man.html pppd - Practical Privacy Disc Driver].
If you're fanatic about privacy: If you're fanatic about privacy:
-* Think about where your temporary files are stored. Thunderbird creates two temporary files when sending a message. Opening an attachment will also typically create a temporary file. Under Windows you can set the TMP and TEMP environmental variables to point to where temporary files should be created. You might set it to a small RAM disk or a directory in an existing password protected encrypted disk partition. +* Think about where your temporary files are stored. Thunderbird creates two temporary files when sending a message. Opening an attachment will also typically create a temporary file. Under Windows you can set the TMP and TEMP environmental variables to point to where temporary files should be created. You might set it to a small RAM disk or a directory in an existing password-protected encrypted disk partition.
-* If you delete a message stored in your POP account or local folders directory the original message is still in that folder (just hidden from view and marked for deletion). When you compact a folder it physically deletes the "deleted" messages. It creates a temporary file and then deletes it when it does this. You'd need to use a secure data removal tool to prevent somebody from using a disk editor to read the sectors used to store those messages. However, if you stored the profile on a password protected encrypted disk partition the messages in the freed sectors should still be encrypted, not clear text.+* If you delete a message stored in your POP account or Local Folders directory the original message is still in that folder (just hidden from view and marked for deletion). When you [[compacting folders |compact a folder]] it physically deletes the "deleted" messages. It creates a [[Nstmp folders | temporary "nstmp" file]] and then deletes it when it does this. You'd need to use a secure data removal tool to prevent somebody from using a disk editor to read the sectors used to store those messages. However, if you stored the profile on a password-protected encrypted disk partition the messages in the freed sectors should still be encrypted, not clear text.
- +
-==See also==+
-* [[Master_password | Master password]]+
-* [[Nstmp_folders | Nstmp folders]]+
-* [[Profile_Manager | Profile manager]]+
-* [[Running_from_a_USB_drive_%28Thunderbird%29 | Running from a USB drive]]+
==External links== ==External links==

Revision as of 16:04, 2 February 2006

This article was written for Thunderbird but also applies to Mozilla Suite / SeaMonkey (though some menu sequences may differ).


All of your messages are normally stored in text files within your profile folder. Somebody else could read them using Thunderbird or by viewing the appropiate file with a text editor. If you want to prevent this the first thing you need to do is decide how much effort to protect your messages is appropiate. The easiest option is to password-protect the profile with an extension, but this provides only a low level of protection.

Several methods to consider:

  • Install an extension that requires a password in order to use the profile. This method may be sufficient if the other people accessing the same computer are not very technically inclined or if they are unlikely to deliberately snoop.
  • If you have multiple users on a machine as a minimum create a separate Windows user account for each person, and then use the Thunderbird Profile Manager to create each person's profile somewhere other than the default location. This makes it harder to accidentally stumble across each other's profiles.
  • Use operating system commands to restrict access to the files. For example, if you store your profile on a NTFS partition under Windows 2000 or XP you can right-click on the folder in Windows Explorer, select Properties, the Security tab, and then specify who has access to that folder. That can be bypassed by somebody else with admin privileges, or by booting another operating system using a live CD such as Knoppix. In a business environment an admin might consider using group or system policy settings to restrict access or store it in password-protected file share on a file server.
  • Use an IMAP account. By default, IMAP stores messages on remote folders which you can access as if they're local folders. This doesn't protect your address book or other files in your profile, but it does simplify things since it does not download the message body to your hard disk, even when you're reading it. Somebody could still use any passwords you stored in the Password Manager unless you set a master password.

If you're fanatic about privacy:

  • Think about where your temporary files are stored. Thunderbird creates two temporary files when sending a message. Opening an attachment will also typically create a temporary file. Under Windows you can set the TMP and TEMP environmental variables to point to where temporary files should be created. You might set it to a small RAM disk or a directory in an existing password-protected encrypted disk partition.
  • If you delete a message stored in your POP account or Local Folders directory the original message is still in that folder (just hidden from view and marked for deletion). When you compact a folder it physically deletes the "deleted" messages. It creates a temporary "nstmp" file and then deletes it when it does this. You'd need to use a secure data removal tool to prevent somebody from using a disk editor to read the sectors used to store those messages. However, if you stored the profile on a password-protected encrypted disk partition the messages in the freed sectors should still be encrypted, not clear text.

External links