As far as I was aware all of these could be turned off as an option in the interface.
On Tuesday, June 3, 2014, Tomer Altman <taltm...@stanford.edu> wrote: > Is this really a cryptographic leak? This seems more like metadata to me. > Your subject line makes it sound as if the cryptographic software itself is > leaking information about the plain-text. > > If your concern is providing details that an attacker can use to crack > your encryption, then this is security through obscurity, which has pros > and cons: > http://serverfault.com/a/81697 > > But it sounds like you are more concerned about leaking information such > as the user's OS, and other details that can be used to build up a > fingerprint of metadata that identifies you. > > I'm sure once you start using PGP of any kind, you get a special > designation in these surveillance systems. It could actually raise the cost > of surveillance by marking *ALL* of your outgoing messages with these > PGP-related headers, as that increases the processing burden. In fact, > perhaps everyone should include a PGP-encrypted blob whenever they email > anyone, in order to increase the volume of messages and cyphertext that the > surveillance apparatus has to process. > > Can you state precisely the threat model that you are concerned about? > > Cheers, > > ~Tomer > > > > ----- Original Message ----- > From: "Fabio Pietrosanti (naif)" <li...@infosecurity.ch <javascript:;>> > To: liberationtech@lists.stanford.edu <javascript:;> > Sent: Monday, June 2, 2014 6:59:43 AM > Subject: Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG > > Il 4/28/14, 9:25 AM, Fabio Pietrosanti (naif) ha scritto: > > > > Il 11/24/13, 2:19 PM, Fabio Pietrosanti (naif) ha scritto: > > > > I just wanted to notice that the mostly used encryption software like > GnuPG and Enigmail, have some privacy leak that in the XKEYSCORE's ages > could represent a major risk. > > a) Enigmail, Thunderbird's PGP plugin, does send "X-Enigmail-Version:" > header on ALL email sent, also the unencrypted one. > > b) GnuPG, following the " -----BEGIN PGP MESSAGE-----", does add version > information such as " Version: GnuPG/MacGPG2 v2.0.19 (Darwin)" . > > An update on this issue following intermediate reports of April '14 > (following initial report of October '13). > > FIXED: > - OSX GPGTool (yesterday) > http://support.gpgtools.org/discussions/everything/13667-privacy-leak-in-version-and-comment-header > - GnuPG https://bugs.g10code.com/gnupg/issue1572 > - EnigMail http://sourceforge.net/p/enigmail/bugs/216/ > > YET TO BE FIXED: > - Outlook Privacy Plugin > https://code.google.com/p/outlook-privacy-plugin/issues/detail?id=124 > > - GPG4Win: "Privacy Leak in Version: and Comment: header" > > http://wald.intevation.org/tracker/index.php?func=detail&aid=6470&group_id=11&atid=126 > > > -- > Fabio Pietrosanti (naif) > HERMES - Center for Transparency and Digital Human Rights > http://logioshermes.org - http://globaleaks.org - http://tor2web.org > > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > compa...@stanford.edu <javascript:;>. > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > compa...@stanford.edu <javascript:;>. >
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.