> Message: 1 > Date: Mon, 14 May 2018 19:01:32 -0800 > From: I <beatthebasta...@inbox.com> > To: tor-talk@lists.torproject.org > Subject: [tor-talk] PGP fiddly-diddly - action required > Message-ID: <9cd1ba536d3.00000641beatthebasta...@inbox.com> > Content-Type: text/plain; charset=US-ASCII > > https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now >
This is terribly misrepresented in the press. There is no problem with the encryption! The issue is that mail clients are insecurely designed or insecurely configured by users to accept HTML commands to send out clear text content after decryption. This falls into the more general category of, "Stop being stupid!" Set your mail client to TEXT ONLY and stop automatically processing someone else's commands on your machine. If you absolutely can't live without colored fonts and pretty layouts in your email, at least limit the HTML processing to local content only, in Thunderbird this is called, "Simple HTML." Full HTML processing (Thunderbird "Original HTML") will reach out to the Internet and do things you may not like, ranging from confirming you opened the email, exposing your direct IP address, to sending back your now un-encrypted full content. Many email clients even support running Javascript or other embedded code. If you enable these features, you may also wish to roll yourself in butter and seasoned breadcrumbs. Again, PGP/GPG is just fine, stop doing foolish things. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
