Search Mailing List Archives
[liberationtech] Cryptography Leak in Enigmail / GnuPG
griffin at cryptolab.net
Mon Apr 28 04:44:41 PDT 2014
And, whether it's a Thunderbird bug or an Enigmail bug, Gmail emails
have a tendency to be sent (typically unencrypted) during draft
autosave. So that's fun.
Thunderbird makes me think of Mutt's slogan from 1995 - "All email
clients are terrible. This one is just less terrible."
On 2014-04-28 03:25, Fabio Pietrosanti (naif) wrote:
> Il 11/24/13, 2:19 PM, Fabio Pietrosanti (naif) ha scritto:
>> I just wanted to notice that the mostly used encryption software
>> GnuPG and Enigmail, have some privacy leak that in the XKEYSCORE's
>> could represent a major risk.
>> a) Enigmail, Thunderbird's PGP plugin, does send
>> header on ALL email sent, also the unencrypted one.
>> b) GnuPG, following the " -----BEGIN PGP MESSAGE-----", does add
>> information such as " Version: GnuPG/MacGPG2 v2.0.19 (Darwin)" .
> An update on this issue following reports of October '13
More information about the liberationtech