Hi all,
So, if I use an email client (even privacy-respecting, such as Thundebird), what are the implications for privacy when I connect to an email server? What information would that server get from that connection and other connections made by the same computer/client?
One application of this question is: if I have an account that I do not want tied to my identity, is there a risk if I add it to my regular client that also connects to my official email (with and without a VPN)? Or should I only connect to it using the Tor Browser?
Thanks!
If you add different emails to Thunderbird than Mozilla could probably tie them together. It collects lots of telemetry and data. When you connect with IMAP server knows some basic things, like IP, also client name, timezone. Some clients allow to not send such data (not IP obviously), like Android Fairemail for example.
Thanks. So VPN is a mitigation measure. Disabling telemetry is another (although I dunno that it stops telemetry entirely, probably doens’t). Overall, maybe this might help?
Besides Mozilla (in the case of TB), anything that an outside observer might get?
Do you have a source for that?
Source for what? Data collected could be read in policy Thunderbird Privacy Notice — Mozilla and with such data there is no big problem to tie different email accounts used on one device to one person. But why Mozilla would do it?
I looked at the page you sent, but there wasn’t any indication that Mozilla was collecting information about users’ email addresses:
I’m not sure however, whether the initial setup if email accounts is done locally or whether Thunderbird fetches some information from Mozilla in order to determine the necessary configuration…
Neither I said about emails, but Accounts. Also it was just an example, there are other mail clients…
So overall it seems rather safe to connect to official and private emails from the same client, right? Keep VPN up, disable telemetry, and that covers most of it, no?
Screenshot seems to imply it’s using the email domain to do a check for autodetection of the right config, but not your full email; the “add a new email” option inside Thunderbird also implies this
1 Like
Sure. But that’s only at configuration in any case. Not on rolling basis, correct?
most likely, yeah. I mean, technically you could fingerprint that user X is distinct from user Y because user X has emails on proton.me, gmail.com and hotmail.com, but user Y has emails on gmail.com and icloud.com but i’m not sure what the fuck you’d even use that info for