> Message: 1 > Date: Mon, 14 May 2018 19:01:32 -0800 > From: I <[email protected]> > To: [email protected] > Subject: [tor-talk] PGP fiddly-diddly - action required > Message-ID: <[email protected]> > Content-Type: text/plain; charset=US-ASCII > > https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now >
This is terribly misrepresented in the press. There is no problem with the encryption! The issue is that mail clients are insecurely designed or insecurely configured by users to accept HTML commands to send out clear text content after decryption. This falls into the more general category of, "Stop being stupid!" Set your mail client to TEXT ONLY and stop automatically processing someone else's commands on your machine. If you absolutely can't live without colored fonts and pretty layouts in your email, at least limit the HTML processing to local content only, in Thunderbird this is called, "Simple HTML." Full HTML processing (Thunderbird "Original HTML") will reach out to the Internet and do things you may not like, ranging from confirming you opened the email, exposing your direct IP address, to sending back your now un-encrypted full content. Many email clients even support running Javascript or other embedded code. If you enable these features, you may also wish to roll yourself in butter and seasoned breadcrumbs. Again, PGP/GPG is just fine, stop doing foolish things. -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
