a thoughtful web.
commentspostsbadges
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment by johnnyFive
johnnyFive  ·  2165 days ago  ·  link  ·    ·  parent  ·  post: EFAIL: turns out email PGP has a vulnerability

    The victim's email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.

This is the part that makes this much less serious. I would hope that anyone capable enough to use PGP to begin with would also know not to have their client pull in anything external. I'm gradually moving to Protonmail as my e-mail provider, and it defaults to not downloading any external images (a setting that I have, needless to say, left alone).



markup tips  ·  0


user-inactivated  ·  2165 days ago  ·  link  ·  

I don't think I've met an email client that didn't default to not loading external resources since the Netscape email client way back when. It looked like a vulnerability you had to opt in for to me too.

+discuss+discuss
about
tutorial
faq
rss
tmi
random
privacy & terms
weather
donate
login