Enhance Email Thunderbird Security?

DarkCerberus · 2015-11-29 15:18:01

I've been wondering about how to do this for awhile now, basically all I want is the local computer my primary computer to be secure when receiving said emails - according to the Paranoia addon on thunderbird my connections are insecure and yet for some reason when either a friend or company emails me they don't have any warnings and the addon states that his/her connection from there end is actually more secure than mine. Is it possible to secure the local connection on archlinux? Also what should I use? I'm basically focusing on securing my desktop pc but don't know where to start - could anyone who did secure his/her email connection so that they could tell me what instructions they used - my friend who emailed me basically used the standard only google mail account and her connection was secure but on my end two unknown IP address are appering via transit according to Paranoia addon and they're using some NNFMP connection, how do I disable this connection and make the email transit secure - is it a yahoo/sky problem? I don't want to use tor since in my view it uses too much bandwidth and using it is illegal here in the United Kingdom.

mpan · 2015-11-29 17:23:42

Paranoia is not giving any security. It's merely a tool for aiding analysis of mail headers. Analysis which gives completly nothing to a typical user, as they're unable to use the information in any productive way. Even ignoring that: the attack method on which Paranoia focuses is achievable nearly exclusively by state-level agencies.

Until you want to either feed your curiosity hunger or give yourself reasons to be scared, you can uninstall it. This will probably make your Thunderbird more secure than years of using Paranoia, as this way you're closing one more potential attack vector .

If you want security, use end-to-end encryption. For example with GnuPG, implemented with Enigmail addon for Thunderbird. However, first define your security needs. There is no such thing as perfect security and everything has its price. Even using Enigmail: you'll lose ability to use Thunderbird's search function, sending large e-mails will be slow, the addon tend to mess up text formatting etc. The only thing that comes quite free about security is knowledge. As it happens it's also your main weapon in that field, so teach yourself basic topics first - until that you'll most probably misuse other tools.

Putting aside that Tor would not give you security in that case, since when it is banned in UK, and on what basis (exact act). And what bandwidth usage you're talking about?

--- edit ---

Since I have some time now, let me elaborate on this.

What Paranoia is doing, is checking Received headers¹ in an e-mail for strings that indicate that the message came through. No magic included. You can see these headers with your own eyes by selecting "View source" — they will be at the top, in reversed order (that is: the hop closest to you goes first, the sender's is the last). Paranoia is only aiding the analysis by greping through the headers and, finally, showing graphical representation of that. The authors also claim they mark servers that "belong to big corporations", which is a quite strange feature, possibly an effect of some political bias — irrelevant to the security.

The thing is that the headers are set by anyone on the path. This information is never verified by a trusted third party. An adversary manipulating an unecrypted medium may on their wish just declare that the medium was encrypted with super-duper unbreakable algorithm and no one will ever know it's a lie.

Another thing is that the communication looks like this (possibly the chain is longer, but keep it simple for the sake of example):

(Sender) --A--> (Server1) --B--> (Server2) --C--> (You)

Assume that all connections — A, B and C — are indeed encrypted. The thing is: the mail is not encrypted on Server1 and Server2. So operators of Server1 and Server2 have full access to your mail: for both reading and modifying it. If the company is not handling their disk drives properly, then actually also people who will put their hands on the drives later may be lucky² to read it. So… sorry, no security is gained by only encrypting interhop connections.

The next thing is that even if A, B or C are unencrypted, not many can carry out an attack that will intercept your e-mail. Mainly state-level agencies of bigger countries. I'm not saying that it's not the issue — it is, of course! But before trying to protect yourself against states, you should care more about things that are more probable and might affect you much more directly. Meeting a lion is dangerous, but actually most people are killed by common mosquitos.

Finally, assume you know that the hop B is unencrypted or badly encrypted. And? What can you do with that information? Get some sleepless nights? Tell a friend? Basically that's all you can do and this does not improve security in any way. You're not the one who decides about encryption between Server1 and Server2. Their operators do. Of course you could whine to them about the issue, but chances they'll listen are tiny.
____
¹ rfc2076 3.2, rfc482 4.3.2
² The luck is needed to get your particular mail, as — in general — only the mail lately sent/received will be on the drives, so the window is short.

Last edited by mpan (2015-11-29 22:59:08)

Arch Linux

#1 2015-11-29 15:18:01

Enhance Email Thunderbird Security?

#2 2015-11-29 17:23:42

Re: Enhance Email Thunderbird Security?

Board footer