How to Sanitize Thunderbird and Enigmail

Posted at July 28, 2014

A couple of weeks ago, a good friend of mine @napoleon, was testing out the Mailvelope extension/add-on. He was interested in the idea of using OpenPGP encryption with Gmail. During his evaluation he noticed that Mailvelope likes to use the "Comment" armor header to advertise itself. This is a problem in a world where NSA targeted surveillance is real. Using OpenPGP suggests that you have the technical know-how to be private and that will likely make you interesting to the NSA and Xkeyscore. You should take care to disclose as little as possible about the privacy tools you use, if only to make it harder to run automated, targetted attacks against your computers and accounts. While @napoleon was patching the Mailvelope JS to disable its meta-data leak—because there is no config switch to turn it off—I took a look at Thunderbird with the Enigmail add-on and discovered a number of similar meta-data leaks, all of which can be stopped with just a little tweaking.

Disable the User-Agent Header

The first meta-data leak in Thunderbird is the "User-Agent" header that identifies Thunderbird as the software that generated the email:

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0

To disable the "User-Agent" header, follow these steps:

  1. In the main menu, select "Preferences" to open the preferences dialog.
  2. Select the "Advanced" section in the top tool bar.
  3. Select the "General" tab.
  4. Click the "Config Editor" button in the lower right to open the configuration editor dialog. It will give you a warning about potentially breaking things, just click the button labeled "I'll be careful, I promise!".
  5. Anywhere in the list of configuration settings, right-click and select "New" > "String" to create a new setting.
  6. You will be asked to enter the new preference name, enter: "general.useragent.override" and click the "Ok" button.
  7. You will be asked to enter a value, leave it empty and click the "Ok" button.

What you just did was tell Thunderbird that you want override the value of the "User-Agent" header in emails. By leaving the value blank, Thunderbird will not add the "User-Agent" header to emails at all.

Disable the X-Enigmail-Version Header

Then meta-data leak is a header added to all emails that advertises Enigmail—and its version—as the encryption tool used to encrypt/sign the email:

X-Enigmail-Version: 1.6

To disable the "X-Enigmail-Version" header, follow these steps:

  1. Repeat steps 1–4 from the section on disabling the "User-Agent" to open the config editor.
  2. In the "Search" box at the top of the config dialog, type "extensions.enigmail.addHeaders" and press the Enter key.
  3. Now double left-click on the value of the setting to change it from "true" to "false".

You just told Enigmail that you do not want it to add any headers to your emails.

Disable OpenPGP Comment Armor Header

In addition to email headers, the OpenPGP format described in RFC 4880 specifies a number of armor headers that can be included in the OpenPGP message block. One of the headers is a "Comment" used for any user-defined data. Mailvelope uses the "Comment" armor header to advertise itself and so does Enigmail:

Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

To disable the "Comment" armor header, follow these steps:

  1. Open the config editor by following steps 1–4 above.
  2. Search for the setting by typing in the search box: "extensions.enigmail.useDefaultComment" and pressing the Enter key.
  3. Double left-click on the value of the setting to change it from "false" to "true".

This seems like a bug in logic inversion to me. The default comment is the advertisement for engimail and it would seem like making the setting "false" would prevent it from adding the default comment. But, after testing both values, making the value "true" for this setting disables the "Comment" armor header.

Disable OpenPGP Version Armor Header

The last meta-data leak is another armor header that Enigmail uses to advertise the OpenPGP tool and version that it used to sign and/or encrypt the email message:

Version: GnuPG v1

To disable the "Version" armor header, follow these steps:

  1. In the main menu, select "Add-ons" to open the "Add-ons Manager" tab.
  2. In the "Add-ons Manager" select the "Extensions" tab on the left.
  3. In the list of extensions, select the Enigmail extension.
  4. Click on the "Preferences" button to open the OpenPGP preferences dialog.
  5. Select the "Advanced" tab.
  6. In the box labeled "Additional parameters for GnuPG", type: "--no-version".

You are telling Enigmail to use the "--no-version" parameter when it executes GnuPG to encrypt and/or sign your email message. That prevents GnuPG from adding the "Version" armor header to its output.

Conclusion

After making these changes to your stock Thunderbird and Enigmail installation, the encrypted emails you send will be much more sanitary and will disclose less information about the tools you use.