[Autocrypt] EFF Warning about PGP ...
Benny Kjær Nielsen
autocrypt_mailmate at freron.com
Wed May 16 03:03:59 EDT 2018
On 15 May 2018, at 17:38, Bjarni Runar Einarsson wrote:
> I would support a "SHOULD NOT load external content from
> encrypted HTML" addition to the Autocrypt spec. What do you guys
> think? Is that sort of thing on-topic?
The following might be a useful data point:
When I worked on the “efail” issues in my email client back in
February I also added that loading external resources was *always*
disabled when displaying emails with any decrypted content. This has
been in the public release since March 12. So far, I've only had a
single report about this being a problem and that was related to
Facebook emails when users have [this Facebook
feature](https://www.facebook.com/notes/protect-the-graph/securing-email-communications-from-facebook/1611941762379302/)
enabled. This particular user didn't mind when I explained the problem.
(The main problem in this case is that MailMate does not tell the user
why it blocked the external resources.)
It's a niche email client with a pretty small user base, but it supports
both S/MIME and OpenPGP and its users probably use encryption more than
average email client users.
Note: I have not added autocrypt support. I'm just keeping an eye on it
by being on this mailing list :)
--
Benny
https://freron.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/autocrypt/attachments/20180516/a6059511/attachment-0001.html>
More information about the Autocrypt
mailing list