> That being the *incredibly* unhelpful and likely actively harmful > recommendation to remove encryption and decryption functionality from > vulnerable MUAs.
I blame the EFF for that more than I blame the Efail developers. I expect the people who develop new attacks to overstate their importance: it's not out of any intent to deceive, it's just that they're too close to the problem to have a clear perspective on the user impact. The EFF, though... But even then, I have some sympathy for their position. The EFF works with many different activists in many different countries running many different setups. They were in a difficult situation of needing to put out a press release that had useful recommendations for everyone, left no one out in the cold, while still not raising a panic. Let me be clear: I think the EFF behaved irresponsibly. But I can be sympathetic to their situation, too. It's not a one-or-the-other thing. And I'm going to remain quiet on this further until I have time to see the EFF's postmortem. > Indeed, this particular release may still succeed in producing a body > count. I am not yet aware of any confirmed fatalities stemming from > people panicking and stopping using crypto because they listened to > Efail and/or the EFF, but there is one particular community I'm > watching for just that issue right now. If I can help in any way, please let me know. > We must not forget these people. Ever. I entirely agree.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users