[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] tor-talk Digest, Vol 88, Issue 13

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] tor-talk Digest, Vol 88, Issue 13
From: Me <tortalk@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 15 May 2018 10:37:00 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 15 May 2018 11:37:23 -0400
In-reply-to: <mailman.9.1526385602.15287.tor-talk@lists.torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <mailman.9.1526385602.15287.tor-talk@lists.torproject.org>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

> Message: 1
> Date: Mon, 14 May 2018 19:01:32 -0800
> From: I <beatthebastards@xxxxxxxxx>
> To: tor-talk@xxxxxxxxxxxxxxxxxxxx
> Subject: [tor-talk] PGP fiddly-diddly - action required
> Message-ID: <9CD1BA536D3.00000641beatthebastards@xxxxxxxxx>
> Content-Type: text/plain; charset=US-ASCII
> 
> https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now
> 

This is terribly misrepresented in the press.

There is no problem with the encryption!

The issue is that mail clients are insecurely designed or insecurely configured by users to accept HTML commands to send
out clear text content after decryption. This falls into the more general category of, "Stop being stupid!"

Set your mail client to TEXT ONLY and stop automatically processing someone else's commands on your machine.

If you absolutely can't live without colored fonts and pretty layouts in your email, at least limit the HTML processing
to local content only, in Thunderbird this is called, "Simple HTML."

Full HTML processing (Thunderbird "Original HTML") will reach out to the Internet and do things you may not like,
ranging from confirming you opened the email, exposing your direct IP address, to sending back your now un-encrypted
full content.

Many email clients even support running Javascript or other embedded code. If you enable these features, you may also
wish to roll yourself in butter and seasoned breadcrumbs.

Again, PGP/GPG is just fine, stop doing foolish things.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: Re: [tor-talk] Post Quantum Tor
Next by Author: Re: [tor-talk] Anonymity and Voip
Previous by thread: Re: [tor-talk] GNOME Is Removing the Ability to Launch Apps from Nautilus
Next by thread: [tor-talk] Orbot: Over 20 Million Served, Ready for the Next Billion
Index(es):
- Author
- Thread