How can I encrypt attachments send by Filelink like normal attachments?
In the help of the Filelink functionallity I could not find any instruction how to encrypt attachments send by Filelink in the same way as by the normal e-mail attachment (SSL). Is there no possibility to do this or is it just not described. If it is, please send me a link. Thanks.
الحل المُختار
What I still don't understand is, why the encryption, which can be done by S/MIME or GPG is not included in Thunderbird, so that everyone can encrypt his e-mail easily without additional programmes before sending?
But S/MIME support is built in. Look at Tools|Account Settings|<select account>|Security.
The main hurdle is getting and importing a key pair. Free ones are available via Comodo, but you need some patience to export them from your browser and import them into Thunderbird. There are many businesses who will happily sell you keys too.
The easiest way I know of to use GPG with Thunderbird is to install Enigmail. Enigmail will generate keys for you; the main hurdle then might be to get these approved by other users so as to confirm that you are who you say you are and can be trusted. ;-)
Exchanging keys is an interesting question. It's possible to send your public key attached to email and it may be posted on keyservers. The main question is then how do you prove you are you and that the key belongs to who it names as its user?
My experience is that you will find very few email users who will want to bother with all this. Despite what we now know about NSA and GCHQ snooping (not to mention the 5 Eyes alliance), most internet users still happily and thoughtlessly pour out personal information via social networking sites and don't think encryption has any relevance to them.
Read this answer in context 👍 0All Replies (7)
I'm not sure what you mean with 'the same way as by the normal e-mail attachment (SSL).'. Can you explain this in more detail?
If you want an attachment to be encrypted you'd need to encrypt the file prior to attaching it to the message, e.g. using gpg. This is no different with or without using Filelink. https://www.gnupg.org/gph/en/manual/x110.html
Thanks for the reply. In Thunderbird I use the SSL-encryption for receiving and sending of e-mails (I set it in the window account settings {translated from German "Konten-Einstellungen"} on page server settings {"Server-Einstellungen"} in the drop-down menu called connection security {"Verbindungssicherheit"} I set it to "SSL/TLS". Similarly for the outgoing mails in the SMTP settings). If I would use the new Filelink function, the attachment would not be encrypted - according to the mozilla help page (https://support.mozilla.org/en-US/kb/filelink-large-attachments#w_q-can-the-storage-service-view-my-attachments {https://support.mozilla.org/de/kb/filelink-fuer-grosse-dateianhaenge})
My question is now: Can I use the SSL or another encrytion also for the attachments send by Filelink in the same easy way like for normal attachments and e-mails. And how to do this. I cannot find any information or instruction how to set that in Thunderbird.
I hope its clear now, what i mean. If not - just post. Thanks in advance.
I think that article is quite clear about the need to encrypt an article yourself before uploading it.
I should point out that the use of SSL or TLS doesn't necessarily mean your email correspondence is encrypted. With many providers, the encryption is used only to protect your login and password; the message text travels unencrypted. If you are concerned about privacy, then you should be looking at S/MIME or GPG, both of which can be implemented in Thunderbird. These will encrypt all the message content, and any attachments. (Though not, of course, any material sent via Filelink or similar.)
As I understand it…the SSL/TLS encryption is good only between you and whoever is running the server that offers SSL/TLS; so if you were sending using a googlemail account to a correspondent with a non-googlemail account, the SSL/TLS encryption would only apply to the the link between you and google; thereafter the message would travel on to your correspondent's email server in an unencrypted format. The keys used to encrypt and decrypt your message are agreed upon between your email client and the googlemail server and are not passed on to any third parties (GCHQ and NSA notwithstanding). ISTR reading that google were proposing to extend SSL/TLS to cover message content in addition to the login, but the proviso about lack of encryption in the onward delivery would still stand.
Both S/MIME and GPG require both you and your correspondents to be using it and to have exchanged public keys. Few email users seem to want to be bothered with the additional effort required. :-(
SSL/TLS encrypts login credentials and messages on the wire between your computer and the server, and eventually between servers as well. However, while the message is stored on the server it's still clear text. For end-to-end encryption you'll need to encrypt the message (and the attachment) on your computer before sending it. In connection with Filelink it can make sense to encrypt only the file to be uploaded, but that depends on your use case.
The article you linked above already answers your question about SSL/TLS: "Filelink adds some security as file uploads to the storage service provider are sent via HTTPS, a secure protocol.
The file you upload to the server would still be stored unencrypted there, unless you encrypt it prior to sending.
Hello Guys, thanks for some further insight. @Zenos pointed out, that some e-mail providers only encrypt the Login data by SSL/TLS and not the message and attachment. Therefore I checked this on the website of my provider GMX and luckily they encrypt the Login, message and attachement of every e-mail. As far as the recipient also uses such a provider, then all the data are encrypted on the ways between me and my provider, my provider and his provider, his provider and him. Since this year, all the big providers in Germany introduced this full SSL encryption for all data send by e-mail (http://www.e-mail-made-in-germany.de/Verschluesselung.html).
I understand that additional encryption by programmes like S/MIME or GPG does this too but has the additional advantage that the data are encrypted while being on the servers. The bad side of this methods seems to be some additional effort to exchange keys between recipient and sender - although it is not clear to me whether this is done over the internet or phoning or paper mail is necessary.
Thanks to @christ1 for pointing out that Filelink uses HTTPS, which means that it has the same security level as my normal e-mails with standard attachment, since they are send by SSL/TLS, but not encrypted on the servers. This seems to be identical when using Filelink. This answers my question. Thanks to both. :-)
Actually I found that the problem, why I didn't get this from the mozilla help page is that I read the German mozilla help page which has a translation error. The English help page is clearly saying "Note that standard attachment functionality is also not encrypted." (Which can be easily overcome, if you switch SSL/TLS on in Thunderbird settings. This should be added to the help page here, i suggest !!!) However, on the German help page it says " Wir weisen Sie darauf hin, dass die Standard-Funktionalität von Filelink keine Verschlüsselung von Anhängen vorsieht." Which means, that the standard funcionallity of Filelink uses no encryption for the attachments. So while the English help refers to the standard e-mail with standard attachment, the German page refers to Filelink. I think this error was introduced in the translation. However, I see clearly that the help page does not make clear the distinction between encryption during sending and encryption during the storage on the servers. Thats why the confusion comes from.
As a summary I would put it like this: (do you agree?)
Standard e-mails (including login data, e-mail text, standard attachment) are not encrypted by Thunderbird during sending to your e-mail provider unless in the settings "SSL/TLS" is chosen. Then at least the login data are encrypted during sending, but whether the e-mail text and standard attachments are also encrypted during sending depends on your e-mail provider. On the server of the e-mail providers all the data are not encrypted again, unless you use additional programmes to encrypt the e-mail text and standard attachments prior to sending. Filelink attachments always use HTTPS connections, which means that the attachments are encrypted by SSL/TLS during sending to the Filelink provider. On his server, the data are not encrypted any more unless you have encrypted the data with an additional programme before sending it. Which in the end means that Filelink is as secure or unsecure as standard Thunderbird e-mails with standard attachments when using the SSL/TLS option in the Thunderbird settings.
Ok. Thanks for clarification.
What I still don't understand is, why the encryption, which can be done by S/MIME or GPG is not included in Thunderbird, so that everyone can encrypt his e-mail easily without additional programmes before sending?
Modified
الحل المُختار
What I still don't understand is, why the encryption, which can be done by S/MIME or GPG is not included in Thunderbird, so that everyone can encrypt his e-mail easily without additional programmes before sending?
But S/MIME support is built in. Look at Tools|Account Settings|<select account>|Security.
The main hurdle is getting and importing a key pair. Free ones are available via Comodo, but you need some patience to export them from your browser and import them into Thunderbird. There are many businesses who will happily sell you keys too.
The easiest way I know of to use GPG with Thunderbird is to install Enigmail. Enigmail will generate keys for you; the main hurdle then might be to get these approved by other users so as to confirm that you are who you say you are and can be trusted. ;-)
Exchanging keys is an interesting question. It's possible to send your public key attached to email and it may be posted on keyservers. The main question is then how do you prove you are you and that the key belongs to who it names as its user?
My experience is that you will find very few email users who will want to bother with all this. Despite what we now know about NSA and GCHQ snooping (not to mention the 5 Eyes alliance), most internet users still happily and thoughtlessly pour out personal information via social networking sites and don't think encryption has any relevance to them.
Modified
This article may help to further clarify things. http://kb.mozillazine.org/Message_security