On 11/24/2013 05:39 PM, Jacob Appelbaum wrote: > When a user uses TorBirdy with Enigmail and Thunderbird, we disable > those information leaks. We also have a mode (disabled by default due to > user complaints) to remove the keyid of the recipient from the PGP > encrypted message itself.
Important to note here is that by default, Enigmail adds the sender to the recipient list -- which is useful if you want to reread sent mail, but it also means that any encrypted mail contains not only the recipient key ID (which at least some users know), but also the sender key ID. Adding to the pain, if you receive a PGP message without keyID and have multiple private keys, GPG/Enigmail will dumbly rotate through the keys, without taking the actual email addresses (sender/recipient pair) from the mail header into account. This can only be solved on Enigmail-level, since only Enigmail "knows" about email headers. Thank you Fabio for filing the tickets! Maybe some good will come out of that. -- Moritz Bartl https://www.torservers.net/ -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
