Il 4/28/14, 9:25 AM, Fabio Pietrosanti (naif) ha scritto: > Il 11/24/13, 2:19 PM, Fabio Pietrosanti (naif) ha scritto: >> I just wanted to notice that the mostly used encryption software like >> GnuPG and Enigmail, have some privacy leak that in the XKEYSCORE's ages >> could represent a major risk. >> >> a) Enigmail, Thunderbird's PGP plugin, does send "X-Enigmail-Version:" >> header on ALL email sent, also the unencrypted one. >> >> b) GnuPG, following the " -----BEGIN PGP MESSAGE-----", does add version >> information such as " Version: GnuPG/MacGPG2 v2.0.19 (Darwin)" .
An update on this issue following intermediate reports of April '14 (following initial report of October '13). FIXED: - OSX GPGTool (yesterday) http://support.gpgtools.org/discussions/everything/13667-privacy-leak-in-version-and-comment-header - GnuPG https://bugs.g10code.com/gnupg/issue1572 - EnigMailhttp://sourceforge.net/p/enigmail/bugs/216/ YET TO BE FIXED: - Outlook Privacy Plugin https://code.google.com/p/outlook-privacy-plugin/issues/detail?id=124 - GPG4Win: "Privacy Leak in Version: and Comment: header" http://wald.intevation.org/tracker/index.php?func=detail&aid=6470&group_id=11&atid=126 -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
