- doc
- anonymous internet
- Emailing and reading news with Thunderbird
Tails includes Thunderbird for:
To start Thunderbird choose .
To store your emails, feeds, and settings across different working sessions, turn on the Thunderbird Email Client feature of the Persistent Storage.
For more documentation, visit the official Thunderbird Support website.
Configuring an email account
When starting Thunderbird for the first time, an assistant appears to guide you through the process of configuring Thunderbird to access your email account.
To start this assistant again in the future from the main window of Thunderbird, choose and then, from the Account Settings dialog, choose Account Actions ▸ Add Mail Account….
Enter your name, email address, and password into the corresponding fields.
Click Continue.
The assistant tries to configure automatically the correct settings to connect to your email provider based on your email address.
If the automatic configuration fails, consult your email provider about how to configure your email account manually.
If the automatic configuration succeeds, you might have to specify which protocol to use to connect to your email provider, either IMAP or POP.
With IMAP, Thunderbird constantly synchronizes with the server and displays the emails and folders that are currently stored on the server. IMAP is better suited if you access your emails from different operating systems.
With POP, Thunderbird downloads the emails that are in the inbox on the server and possibly deletes them from the server. POP is better suited if you access your emails from Tails only and store them in the Persistent Storage.
To know more, see also this comparison between POP and IMAP by Riseup.
Gmail
You can use your Gmail account with Thunderbird in Tails.
-
Make sure that you have 2-Step Verification turned on in your Gmail account.
-
Configure the new account as IMAP when Thunderbird asks you to choose between POP and IMAP.
Enhanced privacy
Thunderbird in Tails is configured for additional privacy and anonymity.
For example, Thunderbird in Tails:
Removes information about the language of your session or spellchecker from the headers of the emails that you send.
Removes information that could identify you as a Tails user from the headers of your emails.
Only allows secure protocols and disables insecure protocols, like SSLv3.
Disables tracking technologies, like cookies and JavaScript, when viewing emails or feeds in HTML.
Emails and feeds in HTML format are displayed in plain text by default and can become harder to read.
These enhancements are inherited from the former TorBirdy extension.
Using Thunderbird in your language
To use Thunderbird in another language, you can
install the thunderbird-l10n-lang
package using the Additional Software
feature. Replace lang with the code
for your language. For example, vi
for Vietnamese.
Tails already includes language packages for Arabic, German, Spanish, Farsi, French, Hindi, Bahasa Indonesia, Italian, Portuguese, Russian, Turkish, and Simplified Chinese.
List of available Thunderbird language packages
OpenPGP encryption
GnuPG and Kleopatra allow you to work with OpenPGP encrypted text and files. Consider using Kleopatra instead of Thunderbird if you want to exchange encrypted text and files, but not by email.
The OpenPGP keys stored in GnuPG and Kleopatra are separate from the keys stored in Thunderbird.
Since Tails 4.13 (November 2020), Thunderbird 78 replaces the Enigmail extension with built-in support for OpenPGP encryption. If you used Enigmail before Tails 4.13, follow our migration instructions.
See also the official OpenPGP in Thunderbird - HOWTO and FAQ.
Setting up a Primary Password (recommended)
In Thunderbird, OpenPGP private keys are not protected by a passphrase. That's why we recommend that you set up a Primary Password.
With a Primary Password, your private key is encrypted in your Thunderbird profile and is only unlocked while Thunderbird is running. If your Thunderbird profile is stored in your Persistent Storage, then your private key is encrypted twice: once by Thunderbird in your profile and a second time by the encryption of the Persistent Storage.
Choose ▸ Settings.
Choose Privacy & Security.
In the Passwords section, select the option Use a Primary Password.
In the Primary Password dialog, enter your Primary Password and click OK.
Importing an existing private key
Thunderbird uses a different keyring than GnuPG.
If you already have an OpenPGP private key outside of Thunderbird, follow the instructions below to export it from GnuPG and import it into Thunderbird.
Export your private key using Kleopatra
From the desktop:
Choose Applications ▸ Accessories ▸ Kleopatra.
Select the private key that you want to migrate to Thunderbird.
Choose File ▸ Backup Secret Keys… and save this private key to your Home directory.
Close Kleopatra.
Import your private key in Thunderbird
In Thunderbird:
Choose ▸ Account Settings.
In the left pane, identify the account that corresponds to the private key that you want to import and choose End-to-End Encryption.
In the right pane, click the Add Key… button.
In the Add a Personal OpenPGP Key dialog, choose Import an existing OpenPGP Key and click Continue.
Click the Select File to Import… button and choose the private key that your exported from Kleopatra.
In the next dialog, make sure that your private key is listed and that the option Treat this key as a Personal Key is selected.
Click Continue, enter the passphrase for your private key (if any), and click Continue again.
Your private key should now be listed in the End-to-End Encryption settings of your account.
Select your private key to enable OpenPGP encryption for this account.
Generating a new OpenPGP private key
Choose ▸ Account Settings.
In the left pane, identify the account for which you want to create a new OpenPGP private key and choose End-to-End Encryption.
In the right pane, click the Add Key… button.
In the Add a Personal OpenPGP Key dialog, choose Create a new OpenPGP Key.
Review the settings in the next dialog, click the Generate key button, and then click Confirm.
Your private key should now be listed in the End-to-End Encryption settings of your account.
Encrypting an email
To prevent you from sending unencrypted emails by mistake, Thunderbird in Tails is configured with the option Enable encryption for new messages turned on by default in the account settings.
When composing an email:
If the Encrypt toggle button is on, Thunderbird will encrypt the email before sending.
Thunderbird warns you if you miss the key of some of the recipients or if you still have to accept some of their keys.
Choose Security ▸ Key Assistant to see the keys of the receipts and solve any issue.
To send an unencrypted email, turn off the Encrypt toggle button.