Mozilla Thunderbird is an email, newsgroup, news feed, and chat client that was developed by the Mozilla Foundation, who are also the developers of Firefox.
Thunderbird contains a lot of spyware features, however all of these can be opted-out of and most of the spyware is connected to the web-browsing capabilities of Thunderbird. Thunderbird contains some minor spyware protection to its users and does not attempt to collect any information that is extremely sensitive, however it is spyware and does share and collect user information by default that it does not need to share.
From the Thunderbird privacy policy[1]:
Thunderbird may try to contact external DNS servers, standard autoconfiguration URIs, and Mozilla's configuration database to try and work the settings needed for your account. This may involve sending part or all of your email address, but never involves sending your password. When Thunderbird does this, the parties contacted may retain logs of those requests.
Thunderbird contains web browsing spyware features, including compatibility with tracking cookies and JavaScript, which can both be used to allow other parties to spy on users. As such, all of the spyware concerns of browsing the web are relevant when using Thunderbird. However, these features can be turned off. They are not spyware in and of themselves but they are attack vectors for other spyware programs to be downloaded and executed by the user. Thunderbird however provides some basic protections by default such as blocking all remote content in HTML E-Mails.
Thunderbird details in its privacy policy[1] that it updates Mozilla with the add-ons that users have installed, and then uses that information to recommend other add-ons to its users. Thunderbird will also track which "personas" a person installs and uses (these are like themes) when the user is using Mozilla's centralized "personal gallery". These spyware features can be opted-out of or not used.
From the Thunderbird privacy policy[1]:
When you visit a secure website or access secure remote content via emails, Thunderbird may check the identity of that secure remote service using any status provider mentioned in the certificate provided by that service. Thunderbird sends only the certificate identification to the certificate provider, not the exact URL you are visiting. Sending these verification requests to third parties is sometimes important to ensure your connection to a site is secure; to help maintain your security, Thunderbird may deny access to the site if it can't verify your connection using the third party.
Keep in mind that this only applies to web browsing activity that happens on Thunderbird, and not web browsing activity that happens on any other program. This feature can be opted-out of.
Thunderbird will try and download new versions of itself using its update system. Since new versions of programs means that there could be new forms of spyware hidden in the program after updating, this is a form of spyware. This feature has an opt-out.
Thunderbird contains several forms of opt-in spyware that only collects information when the user specifically authorizes it. This includes crash reports and detailed user analytics. Mozilla says that it anonymizes this information if you choose to share it.
1.
Mozilla Thunderbird Privacy Policy
[web.archive.org]
[archive.is]
[arquivo.pt]
This article was last edited on 6/2/2018
If you want to edit this article, or contribute your own article(s), visit us at the git repo on Codeberg. All contributions must be licensed under the CC0 license to be accepted.
