I wonder how I can be surprised to learn that #Mozilla's #Thunderbird collect telemetry infos (including your mail domain) and share them with partners such as #Amazon.
It's obvious they spy on your mails! 🤦♂️
Indeed, in case of crash, they even send to "their" #AWS servers a memory dump that contains sensitive data crash reports.
This likely include, your emails in clear, your private encryption keys¹ and everything else the program has loaded and kept in memory.
What does this means for an hypothetical attacker that can access such reports?
I mean... like a #USA agency arguing that you might be a terrorist or something.
Oh but sure... they shall do no evil...
https://www.mozilla.org/en-US/privacy/thunderbird/
#Privacy #Freedom #hypocrisy #Security #infosec
_____
1) Since version 68, Thunderbird does not use the #GPG suite via #Enigmail, but directly do encryption "to avoid licensing issues" 🤷♂️
@rysiek@mastodon.technology @mala
In the #Thunderbird #privacy notice that nobody is expected to read: https://www.mozilla.org/en-US/privacy/thunderbird/
```
Thunderbird May Disclose Information To:
Amazon Web Services: Thunderbird uses Amazon Web Services (AWS) to host its servers and as a content delivery network. Your device’s IP address is collected as part of AWS’s server logs.
```
I assume they receive and manage the crash reports on "their" servers that accidentally are owned by #Amazon.
@rysiek@mastodon.technology
@Shamar @rysiek here you go, here's more info: https://socorro.readthedocs.io/en/latest/overview.html