'''Thunderbird is not safe to use with Tor (yet)! '''
**Thunderbird is not safe to use with Tor (yet)! **
== New Advice ==
== New Advice ==
Use [https://trac.torproject.org/projects/tor/wiki/torbirdy TorBirdy] (TorButton for Thunderbird). TorBirdy is currently the most researched and safest mechanism to use Thunderbird with Tor.
Use [TorBirdy](https://trac.torproject.org/projects/tor/wiki/torbirdy)(TorButton for Thunderbird). TorBirdy is currently the most researched and safest mechanism to use Thunderbird with Tor.
In addition to that, it supports **Enigmail** (GPG e-mail encryption for Thunderbird). TorBirdy torifies Enigmail/GPG.
In addition to that, it supports **Enigmail** (GPG e-mail encryption for Thunderbird). TorBirdy torifies Enigmail/GPG.
= Old Advice =
= Old Advice =
== Introduction ==
== Introduction ==
**Thunderbird** has native SOCKS5 support that can be enabled through the '''Tools''' / '''Options''' / '''Advanced''' / '''Network & Disc Space''' Tab. After clicking on the '''Connection''' button select '''Manual Proxy Configuration'''. Enter the details for the Tor server you wish to use, (probably 127.0.0.1 on Port 9050). Thunderbird should now be working, (''for all suported protocols''). It's best to test it at this point, be aware that DNS information might be revealed.
**Thunderbird** has native SOCKS5 support that can be enabled through the **Tools** / **Options** / **Advanced** / **Network & Disc Space** Tab. After clicking on the **Connection** button select **Manual Proxy Configuration**. Enter the details for the Tor server you wish to use, (probably 127.0.0.1 on Port 9050). Thunderbird should now be working, (_for all suported protocols_). It's best to test it at this point, be aware that DNS information might be revealed.
As of Thunderbird 3.1 the instructions below may be applied. Keep in mind that the menu location has changed to '''Edit''' / '''Preferences'''.
As of Thunderbird 3.1 the instructions below may be applied. Keep in mind that the menu location has changed to **Edit** / **Preferences**.
{{{
```
#!html
<a name="Config_Editor"></a>
<a name="Config_Editor"></a>
}}}
```
Assuming you now have Thunderbird working through Tor, the last step is to ensure that DNS resolves don't expose any further information. Now, select the '''Tools''' / '''Options''' / '''Advanced''' / '''General''' Tab and then click on '''Config Editor'''. This will present you with a huge list of all the potential configuration options in Thunderbird. The list can be narrowed by typing ''proxy'' into the filter box. Find the option '''network.proxy.socks_remote_dns''' and make sure it's set to '''true'''. If not, ''double-click'' it to toggle the setting. That's it, Thunderbird should now be fully configured for use with Tor.
Assuming you now have Thunderbird working through Tor, the last step is to ensure that DNS resolves don't expose any further information. Now, select the **Tools** / **Options** / **Advanced** / **General** Tab and then click on **Config Editor**. This will present you with a huge list of all the potential configuration options in Thunderbird. The list can be narrowed by typing _proxy_ into the filter box. Find the option **network.proxy.socks_remote_dns** and make sure it's set to **true**. If not, _double-click_ it to toggle the setting. That's it, Thunderbird should now be fully configured for use with Tor.
'''Warning''' If you're using a proxy autoconfig file, [https://bugzilla.mozilla.org/show_bug.cgi?id=351163 Mozilla Bug 351163] will make Thunderbird bypass Tor after every startup.
**Warning** If you're using a proxy autoconfig file, [Mozilla Bug 351163](https://bugzilla.mozilla.org/show_bug.cgi?id=351163) will make Thunderbird bypass Tor after every startup.
**Warning** Do not use same Thunderbird for accessing your personal (or private) emails, and your "Anonymity" based (or purpose) emails! A few possible solutions for this might be: obtain [http://portableapps.com/apps/internet/thunderbird_portable Portable Thunderbird] (''Then match & compare the "MD5 Hash" code shown on PortableApps site. though it is not safer to use MD5 hash anymore, MD5 is better than no hash at all'') or install full-edition Thunderbird again, but on a different folder. If you are going to use multiple Portable Thunderbird(s), apply or modify startup option ( ''AllowMultipleInstances=true'' in "ThunderbirdPortable.ini" file ). This will allow running multiple (Portable) Thunderbirds at the same time.
**Warning** Do not use same Thunderbird for accessing your personal (or private) emails, and your "Anonymity" based (or purpose) emails! A few possible solutions for this might be: obtain [Portable Thunderbird](http://portableapps.com/apps/internet/thunderbird_portable)(_Then match & compare the "MD5 Hash" code shown on PortableApps site. though it is not safer to use MD5 hash anymore, MD5 is better than no hash at all_) or install full-edition Thunderbird again, but on a different folder. If you are going to use multiple Portable Thunderbird(s), apply or modify startup option ( _AllowMultipleInstances=true_ in "ThunderbirdPortable.ini" file ). This will allow running multiple (Portable) Thunderbirds at the same time.
**Warning** Unless, you are using system-wide [wiki:doc/TransparentProxy transparent-proxy] (''linked info/page is now considered to be insecure in general cases, either use better software & technique, or use special-cases where a Transparent-proxy server still can be used'') or you are using Thunderbird inside a [wiki:doc/VM VM] (secure) and all TCP (including DNS) network traffic is forwarded through Tor-socks-proxy, otherwise do not use "Webmail" plugin. If mentioned tools or software are not used, then "Webmail" by default will use plain (non-encrypted) HTTP through system's default network adapter's internet connection, not the Tor socks proxy, and will not use a secured & encrypted connection either. More configurations are required before Webmail can be used safely, so avoid it.
**Warning** Unless, you are using system-wide [transparent-proxy](./doc/TransparentProxy)(_linked info/page is now considered to be insecure in general cases, either use better software & technique, or use special-cases where a Transparent-proxy server still can be used_) or you are using Thunderbird inside a [VM](./doc/VM)(secure) and all TCP (including DNS) network traffic is forwarded through Tor-socks-proxy, otherwise do not use "Webmail" plugin. If mentioned tools or software are not used, then "Webmail" by default will use plain (non-encrypted) HTTP through system's default network adapter's internet connection, not the Tor socks proxy, and will not use a secured & encrypted connection either. More configurations are required before Webmail can be used safely, so avoid it.
Look at [https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/EMail#ExperimentalSuggestionsforpossiblymakingthunderbirdandorclawsstopleakinginfoExperimental Experimental] and below for suggestions for possibly making Thunderbird stop leaking information.
Look at [Experimental](https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/EMail#ExperimentalSuggestionsforpossiblymakingthunderbirdandorclawsstopleakinginfoExperimental) and below for suggestions for possibly making Thunderbird stop leaking information.
== Common Fingerprint ==
## Common Fingerprint
* use NTP
* use NTP
* use SSL/TLS if available (instead of STARTTLS)
* use SSL/TLS if available (instead of STARTTLS)
See instruction on the section [#Config_Editor above] on how to start "Config Editor" in Thunderbird and then apply below settings in it:
See instruction on the section [#Config_Editor above] on how to start "Config Editor" in Thunderbird and then apply below settings in it:
Enigmail is a Thunderbird addon (aka, plugin). It allows you to view (decrypt) and send (encrypt) PGP, GPG, X.509(SSL/TLS) certificate & keys protected & secured emails, end-to-end. Enigmail works by using [http://www.gnupg.org/ GnuPG] software, so you must install a suitable GnuPG package for your OS (operating system) if your OS does not have one already. Enigmail's GPG settings over-rides GnuPG's default settings. Most Linux based operating systems have GnuPG pre-installed. In Windows & MacOSX, it is better to install the latest stable edition of Gpg4win or GnuPG.
Enigmail is a Thunderbird addon (aka, plugin). It allows you to view (decrypt) and send (encrypt) PGP, GPG, X.509(SSL/TLS) certificate & keys protected & secured emails, end-to-end. Enigmail works by using [GnuPG](http://www.gnupg.org/) software, so you must install a suitable GnuPG package for your OS (operating system) if your OS does not have one already. Enigmail's GPG settings over-rides GnuPG's default settings. Most Linux based operating systems have GnuPG pre-installed. In Windows & MacOSX, it is better to install the latest stable edition of Gpg4win or GnuPG.
* set an HKP (HTTP Keyserver Protocol) server including port (e.g. "hkp://pgp.mit.edu:11371")
* set an HKP (HTTP Keyserver Protocol) server including port (e.g. "hkp://pgp.mit.edu:11371")
* better: use an HKP server that runs as hidden service
* better: use an HKP server that runs as hidden service
**Note** For further level of accuracy & security, keyservers which support HKPS (Secured HTTP Keyserver Protocol) should be used over HTTPS or TLS/SSL protected connections, (instead of HTTP based HKP, which is non-encrypted and less-secured communication with keyserver), because "unknown" proxies, middle nodes and gateways (and possible MITM) exist in the path (of Web of Trust(WoT)), with "unknown" level of chance of alteration at various stages & components, DNS cache poisoning, etc. Try alternative WoT paths: go to sender's (or author's or signer's) website directly, connect over HTTPS (SSL/TLS), and find GPG fingerprint (if sender or author has shared it over https website or visit sender's or author's site multiple time via using multiple different Tor-circuits by utilizing Vidalia's Tor Network Map). Many authors also share fingerprint over the phone, visiting-card, etc as well. DNSSEC signed keyserver, DNSSEC-supported DNS-Resolver, etc can help greatly for even further accuracy & security.
**Note** For further level of accuracy & security, keyservers which support HKPS (Secured HTTP Keyserver Protocol) should be used over HTTPS or TLS/SSL protected connections, (instead of HTTP based HKP, which is non-encrypted and less-secured communication with keyserver), because "unknown" proxies, middle nodes and gateways (and possible MITM) exist in the path (of Web of Trust(WoT)), with "unknown" level of chance of alteration at various stages & components, DNS cache poisoning, etc. Try alternative WoT paths: go to sender's (or author's or signer's) website directly, connect over HTTPS (SSL/TLS), and find GPG fingerprint (if sender or author has shared it over https website or visit sender's or author's site multiple time via using multiple different Tor-circuits by utilizing Vidalia's Tor Network Map). Many authors also share fingerprint over the phone, visiting-card, etc as well. DNSSEC signed keyserver, DNSSEC-supported DNS-Resolver, etc can help greatly for even further accuracy & security.
= Required Further Information =
# Required Further Information
Download the fine paper ''"Towards a Tor-safe Mozilla Thunderbird - Reducing Application-Level Privacy Leaks in Thunderbird"'' below for further information on Tor and Thunderbird.
Download the fine paper _"Towards a Tor-safe Mozilla Thunderbird - Reducing Application-Level Privacy Leaks in Thunderbird"_ below for further information on Tor and Thunderbird.
* This paper recommends avoiding PGP/MIME, apparently because of the identifiable message part boundaries. [https://lists.enigmail.net/pipermail/enigmail-users_enigmail.net/2013-April/000763.html dkg] reported the paper's concerns about identifiable MIME boundaries to enigmail upstream with a patch.
* This paper recommends avoiding PGP/MIME, apparently because of the identifiable message part boundaries. [dkg](https://lists.enigmail.net/pipermail/enigmail-users_enigmail.net/2013-April/000763.html) reported the paper's concerns about identifiable MIME boundaries to enigmail upstream with a patch.
* Recommending the use of inline PGP is not a responsible recommendation. Given the fact that inline PGP doesn't adequately conceal the structure of the message or the names of any attachments and that it allows undetectable tampering of the content-type of each message part, which might cause arbitrary misinterpretations of signed material.
* Recommending the use of inline PGP is not a responsible recommendation. Given the fact that inline PGP doesn't adequately conceal the structure of the message or the names of any attachments and that it allows undetectable tampering of the content-type of each message part, which might cause arbitrary misinterpretations of signed material.
