Size: 6934
Comment: + adding an introduction to the general argumentation why protecting the subject is problematic in principle
|
Size: 7560
Comment: Revert anchor link test
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
== Recommendations * Turn off Subject "Encryption" ([[/#Disabling_subject_encryption|↓]]) * Turn on crypto ([[/#How_to_enable_encryption|↓]]) * Use Web Key Directory (WKD) to search for pubkeys ([[/#How_to_use_WKD|↓]]) * [[https://useplaintext.email/#thunderbird|Use plain text emails]] == Overview |
|
Line 11: | Line 19: |
hardware tokens like smardcards or usb devices. | hardware tokens like smartcards or USB devices. |
Line 21: | Line 29: |
The external extension Enigmail provided it, which used GnuPG. A necessary and large change in how | The external extension Enigmail provided used GnuPG. A necessary and large change in how |
Line 26: | Line 34: |
It is unknown in public what the main reasons for doing a new implementation instead of | It is unknown what the main reasons for doing a new implementation instead of |
Line 37: | Line 45: |
=== Switch off replacing the subject with three dots | === Disabling Experimental Subject Encryption |
Line 39: | Line 47: |
Unfortunately Thunderbird implements an experimental (non standard) way that tries to protect the subject header line of an email which is not backwards compatible but enabled by default. |
Thunderbird implements an [[https://datatracker.ietf.org/doc/id/draft-autocrypt-lamps-protected-headers-02.html|experimental (non-standard) way]] that encrypts the normally unencrypted subject header line of an email, in a non-backward compatible way. This feature is active by default in Thunderbird. |
Line 42: | Line 51: |
Thunderbird replaces the subject of encrypted mails with three dots to protect users from accidentally | Thunderbird replaces the subject of encrypted emails with three dots to protect users from accidentally |
Line 45: | Line 54: |
where the sender added real information. Beside that loss of information, this also breaks message filtering and searching on the server. |
where the sender added real information. Viewing emails with encrypted subjects in Thunderbird and other compatible email clients shows the original subject. Besides the loss of information, this feature may also break message filtering and searching on the server. |
Line 48: | Line 58: |
Thunderbird contains a non-standard mechanism to encrypt the subject, but even then the original subject often is lost, e.g. when using [[https://bugzilla.mozilla.org/show_bug.cgi?id=1666005|drafts]], [[https://bugzilla.mozilla.org/show_bug.cgi?id=1727209|printing]], and probably other situations. |
The GnuPG project recommends turning this feature off for the outlined reasons. |
Line 54: | Line 60: |
We recommend to switch this off. One way that Thunderbird documented is using the [[https://support.mozilla.org/en-US/kb/config-editor|Config Editor]] by searching for the following entries and changing them from true to false: * mail.identity.default.protectSubject * mail.identity.id1.protectSubject * and if you have multiple identities configured: id2, id3, ... |
==== Disabling subject encryption |
Line 62: | Line 62: |
In general: The subject of an email is information for its transport. | Thunderbird users may disable the feature by unchecking the option in the settings: * //Account settings// * Search the wanted account in the left pane * //End-To-End-Encryption// * Scroll to section //Advanced settings// * Uncheck //Encrypt the subject of OpenPGP messages// {{subject_encryption_thunderbird.png}} It is also possible to use the [[https://support.mozilla.org/en-US/kb/config-editor|Config Editor]]. This way is only recommended for advanced users, the risk of breaking anything is high! Search for the following entries and changing them from //true// to //false//: * {{{mail.identity.default.protectSubject}}} * {{{mail.identity.id1.protectSubject}}} * and if you have multiple identities configured, repeat the last step for {{{id2}}}, {{{id3}}}, etc. Administrators of Debian-based systems can set these values system-wide in a file {{{/etc/thunderbird/pref/subjectencryption.js}}}: {{{ pref("mail.identity.default.protectSubject", false); pref("mail.identity.id1.protectSubject", false); ... }}} ==== Background In general, The subject of an email is information about its transport. |
Line 65: | Line 91: |
the confidentiality chose | confidentiality, choose |
Line 71: | Line 97: |
Line 73: | Line 98: |
For version 91 (checked 2021-12-02) the FAQ still states that the encryption cannot be disabled in the GUI: https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq#w_can-i-disable-the-encryption-of-the-email-subject For the reasoning why Thunderbird's implementation is suboptional, |
For the reason why Thunderbird's implementation is suboptimal, |
Line 82: | Line 103: |
In Thunderbird Daily (version 97.0a1, 2021-12-09) it is possible to disable the encryption of subjects in the GUI: [[attachment:subject_encryption_thunderbird.png]] |
|
Line 93: | Line 112: |
====3. A window will be opened, where you can choose, if you want to import a key or to create a new key pair. In this instruction we explain how to import an existing key. For that click on the option "Import an existing OpenPGP Key" and on the button "Continue". | ====3. A window will be opened, where you can choose, if you want to import a key or to create a new key pair. In this instruction, we explain how to import an existing key. For that click on the option "Import an existing OpenPGP Key" and on the button "Continue". |
Recommendations
- Turn off Subject "Encryption" (↓)
- Turn on crypto (↓)
- Use Web Key Directory (WKD) to search for pubkeys (↓)
- Use plain text emails
Overview
Thunderbird (since version 78 first released 2020-07) implements its own OpenPGP/MIME support, using the libraries RNP (https://github.com/rnpgp/rnp) and Botan.
The main advantage for Thunderbird users is that they do not have to install an additional application like Gpg4win on Windows. The main drawback is that Thunderbird has its own handling of key material which is separated from the rest of the operating system and other applications that are using GnuPG for example. Some abilities that GnuPG provides are missing, e.g. handling of hardware tokens like smartcards or USB devices.
Thunderbird can still be configured to use a system's GnuPG installation for private key operations see https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards .
The Thunderbird people have an FAQ about the new OpenPGP support.
History
Until version 68 (last release 2020-10), Thunderbird did not have OpenPGP/MIME functionality included. The external extension Enigmail provided used GnuPG. A necessary and large change in how browser extensions can be implemented made Enigmail's technical implementation unfit for newer versions. See the explanation of Enigmail's maintainer. Enigmail's support for this version stopped 2021-10-01.
It is unknown what the main reasons for doing a new implementation instead of using GnuPG (and Gpg4win) were. One Mozilla developer wrote about licensing concerns, but other people have pointed out that GPGME is GNU LGPL and the GNU GPL of GnuPG itself allows for a combined distribution of Thunderbird and GnuPG.
Previously in 1999 and 2005, Mozilla rejected to include (already implemented) OpenPGP/MIME functionality because they were preferring S/MIME according to Werner Koch.
Hints
Disabling Experimental Subject Encryption
Thunderbird implements an experimental (non-standard) way that encrypts the normally unencrypted subject header line of an email, in a non-backward compatible way. This feature is active by default in Thunderbird.
Thunderbird replaces the subject of encrypted emails with three dots to protect users from accidentally disclosing sensitive information. So many other email clients will just see three dots like ... as the subject, where the sender added real information. Viewing emails with encrypted subjects in Thunderbird and other compatible email clients shows the original subject. Besides the loss of information, this feature may also break message filtering and searching on the server.
The GnuPG project recommends turning this feature off for the outlined reasons.
Disabling subject encryption
Thunderbird users may disable the feature by unchecking the option in the settings:
- Account settings
- Search the wanted account in the left pane
- End-To-End-Encryption
- Scroll to section Advanced settings
- Uncheck Encrypt the subject of OpenPGP messages
It is also possible to use the Config Editor. This way is only recommended for advanced users, the risk of breaking anything is high!
Search for the following entries and changing them from true to false:
- mail.identity.default.protectSubject
- mail.identity.id1.protectSubject
- and if you have multiple identities configured, repeat the last step for id2, id3, etc.
Administrators of Debian-based systems can set these values system-wide in a file /etc/thunderbird/pref/subjectencryption.js:
pref("mail.identity.default.protectSubject", false); pref("mail.identity.id1.protectSubject", false); ...
Background
In general, The subject of an email is information about its transport. And transport information in a decentral network - just like the writing on the outside of a postal mail envelope - cannot be protected in principle. When reflecting on this, if you need confidentiality, choose a subject that is plausible in context, but without sensitive contents, to best veil potential unwanted observers. (Your thinking is right: The more sensitive this is, the more you have to build up a plausible context for your unavoidable traces first.)
Details
For the reason why Thunderbird's implementation is suboptimal, see January to March 2021 on gnupg-user, e.g.
- https://lists.gnupg.org/pipermail/gnupg-users/2021-February/064862.html
- https://lists.gnupg.org/pipermail/gnupg-users/2021-March/064981.html
- https://lists.gnupg.org/pipermail/gnupg-users/2021-February/064858.html