wiki:doc/TorifyHOWTO/EMail/Thunderbird

Read first!!!

Thunderbird is not safe to use with Tor (yet)!

New Advice

Use TorBirdy. (TorButton for Thunderbird) It is currently the most researched and safest method to use Thunderbrid with Tor.

It also supports Enigmail (GPG e-mail encryption for Thunderbird). Enigmail/GPG gets torified by TorBirdy.

Old Advice

Introduction

Thunderbird has native SOCKS5 support that can be enabled through the Tools / Options / Advanced / Network & Disc Space Tab. Click on the Connection button and then select Manual Proxy Configuration. Enter the details for the Tor server you wish to use, (probably 127.0.0.1 on Port 9050). Thunderbird should now be working, (for all suported protocols). It's best to test it at this point, although bear in mind that it might be leaking DNS information.

As of Thunderbird 3.1 the instructions below work, except that the menu location has changed to Edit / Preferences.

Assuming you now have Thunderbird working through Tor, the last step is to ensure that DNS resolves aren't leaking information. Select the Tools / Options / Advanced / General Tab and then click on Config Editor. This will present you with a huge list of all the potential configuration options in Thunderbird. The list can be narrowed by typing proxy into the filter box. Find the option network.proxy.socks_remote_dns and make sure it's set to true. If not, double-click it to toggle the setting. That's it, Thunderbird should now be fully configured for use with Tor.

Warning: If you're using a proxy autoconfig file, Mozilla Bug 351163 will make Thunderbird bypass Tor after every startup.

Warning: Do not use same Thunderbird for accessing your personal (or private) emails, and your "Anonymity" based (or purpose) emails. Few possible solutions: obtain Portable Thunderbird (then match & compare the "MD5 Hash" code shown on PortableApps site, though it is not safer to use MD5 hash anymore, MD5 is better than no hash at all), or, install full-edition Thunderbird again, but on a different folder. If you are going to use multiple Portable Thunderbird(s), then apply or modify startup option ( AllowMultipleInstances=true in "ThunderbirdPortable.ini" file ) to allow running multiple (Portable) Thunderbirds at the same time.

Warning: Unless, you are using system-wide transparent-proxy (linked info/page is now considered to be insecure in general cases, either use better software & technique, or use special-cases where a Transparent-proxy server still can be used), or, you are using Thunderbird inside a VM (secure) and all TCP (including DNS) network traffic is forwarded through Tor-socks-proxy, otherwise do not use "Webmail" plugin. If mentioned tools or software are not used, then "Webmail" by default will use plain (non-encrypted) HTTP through system's default network adapter's internet connection, not the Tor socks proxy, and will not use a secured & encrypted connection either. More configurations are required before Webmail can be used safely, so avoid it.

Look at ***Experimental*** and below for suggestions for possibly making thunderbird stop leaking info.

Common Fingerprint

  • use NTP
  • use SSL/TLS if available (instead of STARTTLS)

See instruction few section above on how to start "Config Editor" in Thunderbird, and then apply below settings in it:

network.cookie.cookieBehavior=2
mail.smtpserver.default.hello_argument=[127.0.0.1]
network.proxy.socks_remote_dns=true
general.useragent.override=
...compose_html=false
mailnews.send_default_charset=UTF-8
mailnews.send_plaintext_flowed=false
mailnews.reply_header_type=1
mailnews.reply_header_authorwrote=%s
mailnews.start_page.enabled=false

Enigmail

Enigmail, is a Thunderbird addon (aka, plugin), it allows to view (decrypt) and send (encrypt) PGP, GPG, X.509(SSL/TLS) certificate & keys protected & secured emails, end-to-end. Enigmail works by using GnuPG software, so you must install a suitable GnuPG package for your OS(operating system), if your OS does not have one already. Enigmail's gpg settings over-rides GnuPG's default settings. Most Linux have GnuPG pre-installed. In Windows & MacOSX, it is better to install the latest stable edition of Gpg4win or GnuPG.

  • set a hkp (HTTP Keyserver Protocol) server including port (e.g. "hkp://pgp.mit.edu:11371")
  • better: use a HKP server that runs as hidden service
    extensions.enigmail.addHeaders=false
    extensions.enigmail.useDefaultComment=true
    extensions.enigmail.mimeHashAlgorithm=5
    extensions.enigmail.agentAdditionalParam=--no-emit-version
    

Note: For further level of accuracy & security, keyservers which supports HKPS (Secured HTTP Keyserver Protocol) should be used over HTTPS or TLS/SSL protected connections, (instead of, HTTP based HKP, which is non-encrypted and less-secured communication with keyserver), because, "unknown" proxies and middle nodes and gateways (and possible MITM) exists in the path (of Web of Trust(WoT)), with "unknown" level of chance of alteration at various stages & components, DNS cache poisoning, etc. Try alternative WoT paths: goto sender's (or author's or signer's) website directly, connect over HTTPS (SSL/TLS), and find GPG fingerprint (if sender or author has shared it over https website), (or visit sender's or author's site multiple time via using multiple different Tor-circuits by utilizing Vidalia's Tor Network Map). Many authors also share fingerprint over phone, visiting-card, etc as well. DNSSEC signed keyserver, DNSSEC-supported DNS-Resolver, etc can help greatly for even further accuracy & security.

Required Further Information

Download the fine paper "Towards a Tor-safe Mozilla Thunderbird - Reducing Application-Level Privacy Leaks in Thunderbird" below for further information on Tor and Thunderbird.

  • this paper recommends avoiding PGP/MIME, apparently because of the identifiable message part boundaries. dkg reported the paper's concerns about identifiable MIME boundaries to enigmail upstream, with a patch. Recommending the use of inline PGP is not a responsible recommendation, given that inline PGP doesn't adequately conceal the structure of the message or the names of any attachments, and that it allows undetectable tampering of the content-type of each message part, which might cause arbitrary misinterpretations of signed material.
Last modified 4 years ago Last modified on Apr 19, 2013, 5:27:58 AM

Attachments (1)

Download all attachments as: .zip