TOC(noheading, depth=1) Read first!!!

**Thunderbird is not safe to use with Tor (yet)! **

== New Advice ==

Use TorBirdy (TorButton for Thunderbird). TorBirdy is currently the most researched and safest mechanism to use Thunderbird with Tor.

In addition to that, it supports Enigmail (GPG e-mail encryption for Thunderbird). TorBirdy torifies Enigmail/GPG.

= Old Advice = == Introduction ==

Thunderbird has native SOCKS5 support that can be enabled through the Tools / Options / Advanced / Network & Disc Space Tab. After clicking on the Connection button select Manual Proxy Configuration. Enter the details for the Tor server you wish to use, (probably 127.0.0.1 on Port 9050). Thunderbird should now be working, (for all suported protocols). It's best to test it at this point, be aware that DNS information might be revealed.

As of Thunderbird 3.1 the instructions below may be applied. Keep in mind that the menu location has changed to Edit / Preferences.

<a name="Config_Editor"></a>

Assuming you now have Thunderbird working through Tor, the last step is to ensure that DNS resolves don't expose any further information. Now, select the Tools / Options / Advanced / General Tab and then click on Config Editor. This will present you with a huge list of all the potential configuration options in Thunderbird. The list can be narrowed by typing proxy into the filter box. Find the option network.proxy.socks_remote_dns and make sure it's set to true. If not, double-click it to toggle the setting. That's it, Thunderbird should now be fully configured for use with Tor.

Warning If you're using a proxy autoconfig file, Mozilla Bug 351163 will make Thunderbird bypass Tor after every startup.

Warning Do not use same Thunderbird for accessing your personal (or private) emails, and your "Anonymity" based (or purpose) emails! A few possible solutions for this might be: obtain Portable Thunderbird (Then match & compare the "MD5 Hash" code shown on PortableApps site. though it is not safer to use MD5 hash anymore, MD5 is better than no hash at all) or install full-edition Thunderbird again, but on a different folder. If you are going to use multiple Portable Thunderbird(s), apply or modify startup option ( AllowMultipleInstances=true in "ThunderbirdPortable.ini" file ). This will allow running multiple (Portable) Thunderbirds at the same time.

Warning Unless, you are using system-wide transparent-proxy (linked info/page is now considered to be insecure in general cases, either use better software & technique, or use special-cases where a Transparent-proxy server still can be used) or you are using Thunderbird inside a VM (secure) and all TCP (including DNS) network traffic is forwarded through Tor-socks-proxy, otherwise do not use "Webmail" plugin. If mentioned tools or software are not used, then "Webmail" by default will use plain (non-encrypted) HTTP through system's default network adapter's internet connection, not the Tor socks proxy, and will not use a secured & encrypted connection either. More configurations are required before Webmail can be used safely, so avoid it.

Look at Experimental and below for suggestions for possibly making Thunderbird stop leaking information.

Common Fingerprint

• use NTP
• use SSL/TLS if available (instead of STARTTLS)

See instruction on the section [#Config_Editor above] on how to start "Config Editor" in Thunderbird and then apply below settings in it:

network.cookie.cookieBehavior=2
mail.smtpserver.default.hello_argument=[127.0.0.1]
network.proxy.socks_remote_dns=true
general.useragent.override=
...compose_html=false
mailnews.send_default_charset=UTF-8
mailnews.send_plaintext_flowed=false
mailnews.reply_header_type=1
mailnews.reply_header_authorwrote=%s
mailnews.start_page.enabled=false

Enigmail

Enigmail is a Thunderbird addon (aka, plugin). It allows you to view (decrypt) and send (encrypt) PGP, GPG, X.509(SSL/TLS) certificate & keys protected & secured emails, end-to-end. Enigmail works by using GnuPG software, so you must install a suitable GnuPG package for your OS (operating system) if your OS does not have one already. Enigmail's GPG settings over-rides GnuPG's default settings. Most Linux based operating systems have GnuPG pre-installed. In Windows & MacOSX, it is better to install the latest stable edition of Gpg4win or GnuPG.

• set an HKP (HTTP Keyserver Protocol) server including port (e.g. "hkp://pgp.mit.edu:11371")
• better: use an HKP server that runs as hidden service

extensions.enigmail.addHeaders=false
extensions.enigmail.useDefaultComment=true
extensions.enigmail.mimeHashAlgorithm=5
extensions.enigmail.agentAdditionalParam=--no-emit-version

Note For further level of accuracy & security, keyservers which support HKPS (Secured HTTP Keyserver Protocol) should be used over HTTPS or TLS/SSL protected connections, (instead of HTTP based HKP, which is non-encrypted and less-secured communication with keyserver), because "unknown" proxies, middle nodes and gateways (and possible MITM) exist in the path (of Web of Trust(WoT)), with "unknown" level of chance of alteration at various stages & components, DNS cache poisoning, etc. Try alternative WoT paths: go to sender's (or author's or signer's) website directly, connect over HTTPS (SSL/TLS), and find GPG fingerprint (if sender or author has shared it over https website or visit sender's or author's site multiple time via using multiple different Tor-circuits by utilizing Vidalia's Tor Network Map). Many authors also share fingerprint over the phone, visiting-card, etc as well. DNSSEC signed keyserver, DNSSEC-supported DNS-Resolver, etc can help greatly for even further accuracy & security.

Required Further Information

Download the fine paper "Towards a Tor-safe Mozilla Thunderbird - Reducing Application-Level Privacy Leaks in Thunderbird" below for further information on Tor and Thunderbird.

• This paper recommends avoiding PGP/MIME, apparently because of the identifiable message part boundaries. dkg reported the paper's concerns about identifiable MIME boundaries to enigmail upstream with a patch.
• Recommending the use of inline PGP is not a responsible recommendation. Given the fact that inline PGP doesn't adequately conceal the structure of the message or the names of any attachments and that it allows undetectable tampering of the content-type of each message part, which might cause arbitrary misinterpretations of signed material.