Open Bug 749541 Opened 13 years ago Updated 3 years ago

Encrypt email addresses in old emails and address book

Categories

(Thunderbird :: Security, enhancement)

Product:
Thunderbird
Component:
Security
Version:
10 Branch
Platform:
x86_64
All
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: marc, Unassigned)

Details

(Keywords: privacy)

I know, this idea is not really a problem of Thunderbird as it is part of the OS to be secure enough to avoid attacks by viruses, but nobody is immune against them and Thunderbird contains a big database of new victims. First think about the fact that some viruses filter email addresses in email archives and address books to be able to spread themselves. Now think about how many emails you have in your archive and how many email addresses are part of them. Now my ideas as follows: 1.) All email addresses in emails (text and headers) older than x days (f.e. 30+) will be overwritten with a placeholder f.e. a md5 hash build through email address + salt (system id, master password, etc.). The salt is useful to avoid using md5 databases or rainbow tables. Now, if you search for an email address by using the search field the system converts it to the md5 hash and finds all relevant emails. For sure an email address should be converted to as many hashs as the search function needs them (name, domain, extension, etc.) f.e. "john.doe@example.org" will be converted to: "527bd5b5d689e2c32ae974c6229ff785.2829fc16ad8ca5a79da932f910afad1c@1a79a4d60de6718e8e5b326e338ae533.5a445d710ae24cd276062b0c84850838" If you open an old email a button "show email addresses" is displayed. After clicking that button you need to enter a password. The same is done if you click "answer". To realize this feature all hashs/email parts need to be part of an encrypted database. It will be rarely that you need to enter the password, so it should be safe enough. 2.) The address book will be (optional) encrypted through a password, too. I don't know how often you are using your address book, but in the most time I'm answering emails or I'm using a mailto:-Link on a website. So it will be rarely needed to decrypt the address book. The password input should pop up after you hit the first letter into the speficic field to be able to get email address proposals. If an email address has been completly pasted no password should be used. Instead of that a second database should be used where hash is linked to an encrypted email name (<John Doe, Example Inc.>). I know it will add only a little bit of security but maybe the next email virus reaches only thousands instead of million victims.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: privacy
OS: Windows 7 → All
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.