Il 11/24/13, 5:39 PM, Jacob Appelbaum ha scritto: > When a user uses TorBirdy with Enigmail and Thunderbird, we disable > those information leaks. We also have a mode (disabled by default due to > user complaints) to remove the keyid of the recipient from the PGP > encrypted message itself. Looking forward for a secure default in all GnuPG based software, i just opened tickets on most projects:
GnuPG: "Privacy Leak in Version: and Comment: header" https://bugs.g10code.com/gnupg/issue1572 EnigMail: "Privacy Leak in Version: and Comment: header" https://sourceforge.net/p/enigmail/bugs/215/ EnigMail: "Privacy Leak in X-EnigMail-Version https://sourceforge.net/p/enigmail/bugs/216/ GPGTool: "Privacy Leak in Version: and Comment: header" http://support.gpgtools.org/discussions/everything/13667-privacy-leak-in-version-and-comment-header Outlook Privacy Plugin: "Privacy Leak in Version: and Comment: header" https://code.google.com/p/outlook-privacy-plugin/issues/detail?id=124 GPG4Win: "Privacy Leak in Version: and Comment: header" http://wald.intevation.org/tracker/index.php?func=detail&aid=6470&group_id=11&atid=126 It has been noted that Symantec Desktop Encryption product does leak "X-PGP-Universal: processed" header, but it's not opensource. Missing some of them? -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.