On 07/09/2013 07:47 AM, Marian Kechlibar wrote: > > Dear Enigmail team, > > first, let me thank you for your outstanding work. Enigmail is a very > good tool to protect your privacy with, I do recommend it to virtually > everyone who is concerned with privacy of their e-mail communication. > > I would, nevertheless, like to suggest a privacy-enhancing improvement > to be implemented within Enigmail. > > With the current 1.5.1 release, names of attachments aren't encrypted, > and these names can leak some interesting information to a passive > adversary. It indeed happened in my previous practice that such a leak > caused some minor trouble (I can't give you details, but it was "fun").
The simplest way (and already implemented and widely supported) to hide
all attachment names is to use PGP/MIME instead of inline-PGP.
hth,
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
