It's been nearly three weeks since the publication of Efail, a critical set of attacks against PGP/GPG-encrypted emails that was so hard to mitigate that EFF's recommendation was to stop using it for mail altogether until a solution could be worked out.
Efail is still a serious risk, but progress has been made. EFF has published some guidance on how to assess if using GPG/PGP now will protect you or make you more vulnerable, and how to use encrypted email in a way that protects you as much as possible from Efail attacks.
Thunderbird and Enigmail’s developers have been working on ways to protect against the EFAIL vulnerabilities. As of version 2.0.6 (released Sunday May 27), Enigmail has released patches that defend against all known exploits described in the EFAIL paper, along with some new ones in the same class that other researchers were able to devise, which beat earlier Enigmail fixes. Each new fix made it a little harder for an attackerto get through Enigmail’s defenses. We feel confident that, if you update to this version of Enigmail (and keep updating!), Thunderbird users can turn their PGP back on.
But, while Enigmail now defends against most known attacks even with HTML on, the EFAIL vulnerability demonstrated just how dangerous HTML in email is for security. Thus, we recommend that Enigmail users also turn off HTML by going to View > Message Body As > Plain Text.
How To Turn PGP Back On As Safely As Possible
[Erica Portnoy and Danny O'Brien/EFF Deeplinks]
The letter from 4 senators was addressed to Zhang Yiming, founder and CEO of TikTok owner ByteDance.
Your concerns about the privacy and security risks of using state-run coronavirus contact tracing apps? They’re reasonable concerns.
“An Associated Press review of those states found that at least 10 states also share the names of everyone who tests positive.” A review by the Associated Press found that public health officials “in at least two-thirds of U.S. states” are sharing the addresses of people who confirmed to have the coronavirus with first responders. […]
Software apps are a dime a dozen. Well, if you’re going by their actual monetary cost, maybe not really. But considering how useless some poorly conceived, poorly executed apps are at doing the job you actually downloaded them to accomplish, it isn’t a stretch to think that many apps aren’t even worth a free download. […]
With everything happening in the last few months, we all but guarantee no one has been thinking about their taxes. That’s understandable — because, beyond all of our current concerns, nobody enjoys the whole tax filing process during even the best of times. Unfortunately, Benjamin Franklin was right — taxes truly are as inescapable as […]
Most parents know that giving their kids educational toys and other projects will expand their minds. But what many might not realize is that physical play is actually building their mental abilities as well. Studies are still in beginning stages, but some early research supports the theory that kids who get the chance to get […]