📝 Correction | Warn that Thunderbird stores OpenPGP keys unprotected unless master password is used #2120
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#2120
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
This is related to https://github.com/privacytools/privacytools.io/issues/2072 and could be addressed in https://github.com/privacytools/privacytools.io/pull/1990.
Previously Enigmail used GPG's keyrings that were protected, but now that Thunderbird has its own keystore, it will set passwords as random on import and not protect keys unless a master password is used.
Why I am making the suggestion
I asked in the PrivacyTools Dev Matrix room if I should make a suggestion about this as I had previously noted it in the forum discussion. I wish to help others not fall into pitfalls that I have found and I imagine the master password feature (especially in Firefox though) may not be too popular amongst PrivacyTools users as they may be using FDE or separate password databases (like I do).
Currently there are no warnings about Thunderbird.
My connection with the software
I am a long time user of Thunderbird and previously Enigmail.
Hi everyone !
Unfortunately, it looks like there is not any preference to "force" the user to set/choose a master password for their profile, so I cannot even add it to https://github.com/HorlogeSkynet/thunderbird-user.js (cc @dngray) as a hardening good practice.
Maybe it's time to fill up a feature request to Mozilla ?
Authors were never ghacks.net. github.com/ghacks was not the same thing, was a customary name. It would be appropriate to rename it arkenfox for the credit bit there.
Fair enough Daniel.
Actually, I didn't change that since the ownership transfer, precisely for copyright reasons 😅
I decided not to fix this issue as a part of https://github.com/privacytools/privacytools.io/pull/1990 this will need a PR.