I wonder how I can be surprised to learn that 's collect telemetry infos (including your mail domain) and share them with partners such as .

It's obvious they spy on your mails! 🤦‍♂️

Indeed, in case of crash, they even send to "their" servers a memory dump that contains sensitive data crash reports.

This likely include, your emails in clear, your private encryption keys¹ and everything else the program has loaded and kept in memory.

What does this means for an hypothetical attacker that can access such reports?

I mean... like a agency arguing that you might be a terrorist or something.

Oh but sure... they shall do no evil...

mozilla.org/en-US/privacy/thun


_____

1) Since version 68, Thunderbird does not use the suite via , but directly do encryption "to avoid licensing issues" 🤷‍♂️

@rysiek@mastodon.technology @mala

Follow

@Shamar @rysiek@mastodon.technology @mala A couple points... 1) When you actually read their policy it's not all that shocking. I would agree it's annoying that telemetry is on by default but you can opt out if you like. 2) Literally any communication that isn't end-to-end encrypted can be intercepted by any third party, not just the company that made your email client

@b6hydra

No, indeed I surprised myself by being surprised by 's bad faith.

I mean: ok, is a surveillance tool marketed as a privacy friendly browser, but it's a "just" a browser.

But I was STILL thinking that good old (that I do not use since decades but still suggested to others) was safe!

It's not.

is not just on by default and all data are received by through servers.

I really think such kind of defaults should be forbidden by law. And in fact they are forbidden by as all data collection must be opt-in not opt-out.

Curiously, crash reports are disabled by default (as far as I can read online) so at least people are less likely to send them cryptographic keys in clear in a memory dump.

But the fun fact is that if you enable crash reports in the hope to let them improve a privacy friendly MUA, you sacrify your security (and your peer's security, exposing them to social engineering) to improve a surveillance software.

Indeed Thurderbird is sending back your interactions activities, so the fact that mails sent without can be intercepted, is totally irrelevant.

@rysiek@mastodon.technology @mala

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.