Re: [Enigmail] From Circumvention
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/07/15 19:02, Doug Barton wrote: Compare this for to get an idea of my context ... https://panopticlick.eff.org/ Your browser fingerprint appears to be unique among the 5,091,038 tested so far. - -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: 603.293.8485 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iEYEAREIAAYFAlT8i1AACgkQ0DfOju+hMklPHwCg186ldjkuhnwVC/usn9cZ9Rby tqMAnjC+fEd1k+o1vxAtAweLtBwDtsqX =oJIX -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06.03.15 17:05, Philip Jackson wrote: On 03/03/15 18:27, Philip Jackson wrote: On 03/03/15 15:44, Robert J. Hansen wrote: Really easy: 1. The Help button beside Convenient encryption settings is sometimes unresponsive. I saw this bug with my own two eyes (thanks, Dmitri!) and can confirm it. While we are talking about this 'help' button, I'll add a comment. In my system : Ubuntu1404, Thunderbird 31.4.0 and enigmanil 1.8b1 : clicking this button opens the help dialogue in the background perfectly aligned with the preferences dialogue. Fortunately the help dialog is a little taller otherwise you'd never know it had opened. Further to strange / defective Help function in enigmail : I've just installed a debian os on an old portable and added Icedove 35.1 and enigmail 1.8b1. The Help button on the enigmail preferences/ sending tab did not appear to do anything. In fact it opened a small window behind the preferences window. The help window was so small that it was completely masked by the preferences window. The window remembered its previous position and size. I could imagine that this is a problem if you change the screen from time to time. I changed this now to set a minimum size and not to remember the previous position. I also fixed the focus issue. - -Patrick -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJU+zQ3AAoJENsRh7ndX2k75uUP/RlToIOYDpp3mBlUxdORD1ve ZT97HdvVkBjAs3drUsmnLSn9gFuRyOyvj72QnodetvuWUqFYrRR1w+UuoXFUY75E h9sU+qP81D2GJClkvYVr5TIY1RbK59rQicoS+TclNcQ6bamx46QoKrpweB+He7ue RHcYdpWWxeQMJboUFVTOYIJB5VWHo4iWb3QY7OaaDWreMsEfzyz97f+7JKYhv1jS AXvRuLVEiCsBa5nDajHO/XPR9/02Mno29eqESu4dcGkIwL9EPzJp+h6zTUFeYvm2 G4V4qJxaVdOnEHGh4In+vJA4zYTF65qcwFBOPfKB6aPzVgu95UGeIJAGzKnSdkly SPj77drZ/QfroG/dNhU6fHwKGqh07jcunEr3EGMaNYhp8Kg2855EczfL6IsmMSFm +9NjKxA+jeEm7jVMNiyRI2MdR6eHYRTrlzndRLAZ4i4ueJReap60+JC1UJidKccq Vm6QpMIZn2J2U3Aaa+ugBlP9UuDZxT0tqMLiELWEKY+GYcvUgb8xDxh4TZEuAhsS W6Jp7Lzd8P3Dgu3RF+Ou+tYpj9dCmaWacsQqfn9kt1dj8pFd7u4z6fgpxLKUJIhh r4FrBsEK0oKbMW6AtoI9LDFcpuqYjaO3WMkRMwB6GAUF12B/LA49Z3s9BkRW8sHZ dfYflB6wcN7+Y+7IE8x7 =u4HR -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
On 07.03.2015 21:45, Rainer Blome wrote: ... Looking at the headers, the character encoding strikes me as a potential leak, as some values, such as charset=windows-1252, hint at the probable OS used. Either Thunderbird or Enigmail often set my replies to windows-1252 instead of normal UTF-8 despite using GNU/Linux. I'm not sure which component is responsible and cannot trigger it on demand though. Regards, Lars ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ian, good point, thanks for this link! Just followed the instructions, let's see what's left. @All: Some people can see some of my social network. That's just a fact of life, and I live with this, as everyone else does. Does this mean that I tell some people about all my contacts? No, I try to avoid that. Firms such as Google, which set the default to upload the whole address book make it difficult to avoid this. Enigmail should not follow their example. - -Rainer Am 07.03.2015 um 02:39 schrieb Ian Mann: http://blog.linuxprogrammer.org/How%20to%20Sanitize%20Thunderbird%20and%20Enigmail.html This sanitizes some of the information. Ian -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJU+0kFAAoJEI/iM7d3pEsvaHwP/3AaxLrut2ilQ1wPHnSZ/BK5 xWEs1zCyW7riLtxo5K0zq1feJ1DUYxFJ8oOMZ7n8MVjZCOLChPX73nynsdivlQmZ v6Cjalnem+jQay9QEuhPcMB7+wqhaMjHU9yviOj4XlBA2JUmCYlkLYe5GLNT3OWq +nRMpL+/7u2jyyX2zdJ/fBGUIRDaPFyO5qtMndtShxrQn889GpQFSDhpoMjeZq3T iTZTqk7J9u6LxUGR/QaadV7UlCI5uvTEt/tUwfb4ELUayIqa3A3vB+s33Mc7+sQI MngCO4eShU99hLB2DkEy+RpguL/JWcGsOVXVZYvB8V1mYUHGgxU6Z1385Ad8qAZt LUXnShaLwv62tUcndNpspQLncMa7W60zpC8GwIcCrSyk9wxhOSODDOBtX8+jBSA+ jxCwvpamxlGWilcc5nWoXoh4nytKxVTsuYCbzYfvFYpsJfj/NOOngwQeCcJJ0LDW 1yD88EiclhOQvAaTfwtZt3eHRFJMjGRfPSKlm0n25I7CcPNa+yBsfHJzzeABZSl1 XBoopFPT6v8LbObh/84UiJzSHPS9LfZOaB6RPHhIswZnGKCUcicWITXFDW/Sk0VF mcmDHgoyPiUhXIxoFH/0zBzZizbGjA0crAXSBVxDTtAO6yzPpmQB7vTTnE4cFLsi NVJ27TQTEHmPygdtNjra =5Jzn -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
On 3/7/2015 1:22 PM, Phil Stracchino wrote: On 03/06/15 19:23, David wrote: On 3/6/2015 3:37 PM, Phil Stracchino wrote: On 03/06/15 15:16, David wrote: I am confused by this request. What difference does it make if 'someone else' knows whose public is on your public keyring? If they know whose public keys are on your keyring, they know who you talk to. You may not wish them to know this. Depending on who you are and who you talk to, their knowing it could be very dangerous to you. You are aware that the *body* of the message is encrypted but the *header*, the email address you send to and the email address that you send from, and the complete path of all the email servers that the emails traveled though, is still open to the world? And that those emails are stored on all of those servers. Or at least they used to be stored. Which means that the whole world 'knows' just who you send emails to and receive emails from? You are using Thunderbird on a Linux OS. Select an email that you have sent to your friends, or one that they have sent to you, or anyone, and press Ctrl-U to open a new window of information. read carefully and closely. So if some admin of a key-server in some place 'knows' who you is on your Public-Keyring for email it is of little importance. Yes. But if certain addresses are on your public keyring, then the odds are you are having conversations that you consider sensitive with those persons. And if one of those persons is a Person Of Interest, then you just became a Person Of Interest yourself. It has been said that the very best way to draw attention to yourself is to try to hide. :-) If you are carrying on conversations with someone, known terrorists, criminals, people like that, for example, who is/are already being watched is a good way to get looked at. As for 'your addressbook' and key servers. They do not look at your addressbook. Only the key(s) that *you* request to update or obtain. Don't use a key server. If have your public key BTW. I am seriously done with this. If you really feel the need to have the last word then help yourself. I'm done. -- David signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/06/15 19:23, David wrote: On 3/6/2015 3:37 PM, Phil Stracchino wrote: On 03/06/15 15:16, David wrote: I am confused by this request. What difference does it make if 'someone else' knows whose public is on your public keyring? If they know whose public keys are on your keyring, they know who you talk to. You may not wish them to know this. Depending on who you are and who you talk to, their knowing it could be very dangerous to you. You are aware that the *body* of the message is encrypted but the *header*, the email address you send to and the email address that you send from, and the complete path of all the email servers that the emails traveled though, is still open to the world? And that those emails are stored on all of those servers. Or at least they used to be stored. Which means that the whole world 'knows' just who you send emails to and receive emails from? You are using Thunderbird on a Linux OS. Select an email that you have sent to your friends, or one that they have sent to you, or anyone, and press Ctrl-U to open a new window of information. read carefully and closely. So if some admin of a key-server in some place 'knows' who you is on your Public-Keyring for email it is of little importance. Yes. But if certain addresses are on your public keyring, then the odds are you are having conversations that you consider sensitive with those persons. And if one of those persons is a Person Of Interest, then you just became a Person Of Interest yourself. - -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: 603.293.8485 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iEYEAREIAAYFAlT7QfQACgkQ0DfOju+hMknNHACfX4gZluQEwEnWz4FxJkj5GKIH Wf8An3DJ9y31lvufEblldkm269wyRb0x =v62W -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 07.03.2015 um 02:39 schrieb Ian Mann: http://blog.linuxprogrammer.org/How%20to%20Sanitize%20Thunderbird%20and%20Enigmail.html This sanitizes some of the information. The article suggests that extensions.enigmail.addHeaders needs to be turned off. My impression is that its default setting is false = off. Looking at the headers, the character encoding strikes me as a potential leak, as some values, such as charset=windows-1252, hint at the probable OS used. - - Rainer -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJU+1VgAAoJEI/iM7d3pEsvIY0P/RXRW28ZXn3WvD/yjxh1jo45 /YgoV7szKaDG6VfGvartofZ3OqopehSxqX0IRQ7rDT1O5KzdfkOfM/32XRsAiBh/ 04M3YvLb4K520PnHVMh/RO3WZm4hentRrlxFEAW8lyNsOPkeb9HdnhDU3OChVSs3 8cpU9IuQI66qHUl5/xNxda364S4u4WpPqwc7k7KSmyFkNJWS+CKrgITFXEcIR4B8 o6feuYtm4ujqyzG4n3CDKGHsBt/3kT6YEupjb15Yf1InBhy3/RXuqeOV2hRttmM3 WYZ3KuyB+TdUd/6vdOvg3tluIby+PrOjJolnQezNhKF3ccrOovORPvwAL3OC9xVh ILYDlwSFjhYAZJACi4/bPP5tlUoKLWpUE9eP0UBRBCioMnVzn4kqVy/fsumjWuve BbeTfQEnrRjhMC+nop63XB4zQ07AmK+oQZgGVwkeFqdfKNelnA9gbkqIg7rhrEAP hFvd3unyOF9VwvhE0Lx/6VgPhMxKYXagHTtPSP3Mea9iH8Wl2hjm8uvDvauyF9Xf MoZE36bfQFa5oBl3PhnX5WnXS7md1oixv/3e35lmE0JKJ7G/HCumk/+JIds4SuoQ ltQS91i2wW0XW7OsQBXvD8VWmU2XuVRaxExPMU+R3V8ZQ5nMLanAnLii/w/02Mwe kNiroRt+OWGmtgYyHhQy =qxA2 -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03.03.15 15:44, Robert J. Hansen wrote: 1. The Help button beside Convenient encryption settings is sometimes unresponsive. I saw this bug with my own two eyes (thanks, Dmitri!) and can confirm it. Could it be that the help window was already open, but invisible? I have reproduced this (and fixed it). - -Patrick -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJU+zObAAoJENsRh7ndX2k7p+kQAJM8RNzs8R7mXjzwDg6SdWjl yhZ3g/zqFBXiOSTBw5j6SeWT39W70Es94TDyLFbZNEz2gS309ncV1CaKSW5Phe9j Sogz8I1aJECL8oIBg5oNRQXjNR16b4jT9NZke6iO5f3G4hqsGFwOzg7YEbDJaTVI btpgH0DZKmpKvCwVpEx9wGEOZw66PDhk1cmWgsKaIfOdTdDZ+FdNe4yhM6fPLilu Faps+/PqTK1J5ALKMUaMAmigHKlI7ZS7rACviGK7MGHnVQQWGP8PnB8RsTLZbN0d gMZcCE4Y+y+Zao+Zqz/3Ic0UHKpN2yqCn/8lS4is6xjMA5CbGwig524kibTIEMcn JuLa73t8Mg8ugibrWt3ntNxE0By08gOuoNlf3F2QhGoAkdybBp2CfpgFixUNxhox HS6sYwrfOTbc9wAtXxSZM6tH4zF5A5oyJid/l8t2qnbASew0vTOfhvgsdi8k8qaU JSzuU9lblh1xJtx4Fs/KRNhgCE9dSFZdIAzT/dJ3FIdnf5L3xbXn+SvknJ4S87VQ mlV8PQSvelNSOqa36ct45aci9aduWGkQBTi9RNLphx56DgMKbRjeXadoVzw8/wNF axPz8HGY9ivM/HEppu0FNx5YlgVp94hc9rQm0qhhUp/5SvJyv82qNRiqtStSz/LS a0j1OafSpHzHgDTkLq2h =nKZb -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
On 2015-03-06 15:16, David wrote: I am confused by this request. What difference does it make if 'someone else' knows whose public is on your public keyring? Hello, David, I am a keyserver administrator. Please send me your complete address book. Thanks! (I hope I make my point? I'm *not* especially paranoid, and I'd have at best mixed feelings about publishing a list of people with whom I correspond to a third-party server. Think about how people *whose lives depend on encryption* are likely to feel about doing so...) -- Matthew ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I took a look at that URL, and I see two problems there. First the data that they suggest you hide is not particularly meaningful. Second, the fact that you are hiding it will make you stand out from the crowd more than not hiding it would. One could argue that a better tactic might be to send the headers, but populate them with valid data from a different platform. I'm still not sure how much value that would have though. Compare this for to get an idea of my context ... https://panopticlick.eff.org/ hth, Doug On 3/7/15 10:52 AM, Rainer Blome wrote: | Ian, good point, thanks for this link! | Just followed the instructions, let's see what's left. | | @All: | Some people can see some of my social network. | That's just a fact of life, and I live with this, as everyone else does. | | Does this mean that I tell some people about all my contacts? | No, I try to avoid that. | | Firms such as Google, which set the default to upload the whole | address book make it difficult to avoid this. | Enigmail should not follow their example. | | -Rainer | | | Am 07.03.2015 um 02:39 schrieb Ian Mann: | http://blog.linuxprogrammer.org/How%20to%20Sanitize%20Thunderbird%20and%20Enigmail.html | | This sanitizes some of the information. | | Ian -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJU+5GiAAoJEFzGhvEaGryEDocH/1ddEkFcHzRKSB/evwzx6+4d EPzI1IxJUIj1GfCZU1W4YkDKqlmgh+jdIE0guuR67XTsBBj9nH7QhHqNJoEdWINY 6TUgGS0ihckYT7Iv59Ys000yxVj4CR7/zLRZb4VhT7y8smTtixs/gR8IaFEVxa4A /RiDXI5C6NZAIvg271OcWi84ENbvKZTgmBRdrj/YW8TJqPE7KROdu94q4JuI3R0L FLVXWcpoQ42CxO5FKj3i2ujLMsWaCyAdp+mROvCi7eB2x+yQLKQvoNPmFnQPR283 z6OSZoSvty1KvrMCeQZ/BRJ6E4qD6OD0DcOmyY7rKX0Qmw7zFOUB51qpqWC7/TY= =f5OB -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
On 7-3-2015 02:39, Ian Mann wrote: http://blog.linuxprogrammer.org/How%20to%20Sanitize%20Thunderbird%20and%20Enigmail.html This sanitizes some of the information. Ian https://en.wikipedia.org/wiki/Security_through_obscurity ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
On 07/03/15 20:55, Lars Noodén wrote: On 07.03.2015 21:45, Rainer Blome wrote: ... Looking at the headers, the character encoding strikes me as a potential leak, as some values, such as charset=windows-1252, hint at the probable OS used. Either Thunderbird or Enigmail often set my replies to windows-1252 instead of normal UTF-8 despite using GNU/Linux. I'm not sure which component is responsible and cannot trigger it on demand though. I've checked a load of my outgoing emails, originals which were not replying to another message. Most of the unsigned and signed but not encrypted messages show charset=windows-1252 -- but I'm on linux. Some unsigned and some signed, not encrypted, messages show UTF-8 and I can't immediately see any reason for the difference. On one occasion, of 4 consecutive unsigned emails to the same person, three were 1252 and one was utf-8. Since this affects signed and unsigned mails, it is unlikely to be an enigmail effect. Philip ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
Doug, I am not into an rebellious or criminal activity. I became interested in enigmail and PGP around a year ago as a matter of general interest. I am an OAP, (Old Aged Pensioner). I was surprised at how easy it was to set up, perhaps I just found the right material. The link below was the web site I used. https://whyencryptemail.net/ The biggest draw back is that friends don't use encryption, all the chaps I know have their wives operate the computer for them! The second draw back is that most young folks use the cell or mobile phone with SMS to chat, so email encryption is not big with them either. By what I read on the web, it is business that seems to be the big adopter of end-to-end encryption. I cannot speak for dissidents as I don't mix in those circles, but I can imagine encryption and security is very important to them. Here in Australia new Data retention Laws are proposed, I think the agencies do that illegally now, and our government just wants to make it legal to prevent a court case failing in law on a technicality. All that said, Ladar Levison said, at the Defcon that there are 3 billion email users today, if everyone encrypted then encrypted message would not seem abnormal. His team is trying to make it 'auto-magical' so as to encourage more folks to encrypt. I joined the forum so as to be up to date on enigmail events, and practice sending encrypted emails with like minded contacts, as trying to get ordinary Pals to encrypt was a futile exercise. The forum has been fantastic, I am amazed at the work done by the developers here, a small team but with a tremendous output through dedication. The ordinary forum members have been very helpful and don't hold back. Each week I learn a bit more. Thanks everyone, Ian On 08/03/15 11:02, Doug Barton wrote: I took a look at that URL, and I see two problems there. First the data that they suggest you hide is not particularly meaningful. Second, the fact that you are hiding it will make you stand out from the crowd more than not hiding it would. One could argue that a better tactic might be to send the headers, but populate them with valid data from a different platform. I'm still not sure how much value that would have though. Compare this for to get an idea of my context ... https://panopticlick.eff.org/ hth, Doug On 3/7/15 10:52 AM, Rainer Blome wrote: | Ian, good point, thanks for this link! | Just followed the instructions, let's see what's left. | | @All: | Some people can see some of my social network. | That's just a fact of life, and I live with this, as everyone else does. | | Does this mean that I tell some people about all my contacts? | No, I try to avoid that. | | Firms such as Google, which set the default to upload the whole | address book make it difficult to avoid this. | Enigmail should not follow their example. | | -Rainer | | | Am 07.03.2015 um 02:39 schrieb Ian Mann: | http://blog.linuxprogrammer.org/How%20to%20Sanitize%20Thunderbird%20and%20Enigmail.html | | This sanitizes some of the information. | | Ian ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
The comments on the original web page state the aim of the changes...namely disclosing less. Comments You should take care to disclose as little as possible about the privacy tools you use, if only to make it harder to run automated, targeted attacks against your computers and accounts. Conclusion After making these changes to your stock Thunderbird and Enigmail installation, the encrypted emails you send will be much more sanitary and will disclose less information about the tools you use. On 08/03/15 11:02, Doug Barton wrote: I took a look at that URL, and I see two problems there. First the data that they suggest you hide is not particularly meaningful. Second, the fact that you are hiding it will make you stand out from the crowd more than not hiding it would. One could argue that a better tactic might be to send the headers, but populate them with valid data from a different platform. I'm still not sure how much value that would have though. Compare this for to get an idea of my context ... https://panopticlick.eff.org/ hth, Doug On 3/7/15 10:52 AM, Rainer Blome wrote: | Ian, good point, thanks for this link! | Just followed the instructions, let's see what's left. | | @All: | Some people can see some of my social network. | That's just a fact of life, and I live with this, as everyone else does. | | Does this mean that I tell some people about all my contacts? | No, I try to avoid that. | | Firms such as Google, which set the default to upload the whole | address book make it difficult to avoid this. | Enigmail should not follow their example. | | -Rainer | | | Am 07.03.2015 um 02:39 schrieb Ian Mann: | http://blog.linuxprogrammer.org/How%20to%20Sanitize%20Thunderbird%20and%20Enigmail.html | | This sanitizes some of the information. | | Ian ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
Read a PDF on DIME and viewed a You Tube video made at DefCon. Lavinson's system has a server, Magma and an email client Volcano, built on Thunderbird. The gist of it was that the metaddata would be hidden more and encrypted as part of the email process. That would make the emails more of a target based on the statements you refer to Doug. Nevertheless, the process would be more secure in my opinion. If you want the PDF or video email me and I can send a link. Similarly, a quick Google can bring them up. The system is not available yet, they have just started coding . github has some of the code up already. https://github.com/lavabit/magma.classic?files=1 Ian On 08/03/15 11:02, Doug Barton wrote: I took a look at that URL, and I see two problems there. First the data that they suggest you hide is not particularly meaningful. Second, the fact that you are hiding it will make you stand out from the crowd more than not hiding it would. One could argue that a better tactic might be to send the headers, but populate them with valid data from a different platform. I'm still not sure how much value that would have though. Compare this for to get an idea of my context ... https://panopticlick.eff.org/ hth, Doug On 3/7/15 10:52 AM, Rainer Blome wrote: | Ian, good point, thanks for this link! | Just followed the instructions, let's see what's left. | | @All: | Some people can see some of my social network. | That's just a fact of life, and I live with this, as everyone else does. | | Does this mean that I tell some people about all my contacts? | No, I try to avoid that. | | Firms such as Google, which set the default to upload the whole | address book make it difficult to avoid this. | Enigmail should not follow their example. | | -Rainer | | | Am 07.03.2015 um 02:39 schrieb Ian Mann: | http://blog.linuxprogrammer.org/How%20to%20Sanitize%20Thunderbird%20and%20Enigmail.html | | This sanitizes some of the information. | | Ian ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 06.03.2015 um 21:37 schrieb Phil Stracchino: On 03/06/15 15:16, David wrote: I am confused by this request. What difference does it make if 'someone else' knows whose public is on your public keyring? If they know whose public keys are on your keyring, they know who you talk to. You may not wish them to know this. Depending on who you are and who you talk to, their knowing it could be very dangerous to you. That is what I mean. Security is a matter of cost and benefit. Against an adversary who can monitor all global smtp traffic, this would not make a difference, because such an adversary already knows who everyone is connected to. But there are not many of these. Less capable adversaries probably know only a fraction of the metadata flying around. To these, when such a feature is in effect, compromising a keyserver or its traffic would be a cost-effective way to learn many communication relationships. When you want your communication partners to use a new key of yours, why wait until they notice or poll a server? Why not tell them immediately? Seems like a client-side, key ring management job to me. If a mail client or key store notices an expired or superseded key, it might offer or at least suggest to notify the relevant communication partners. Rainer -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBAgAGBQJU+kAUAAoJEI/iM7d3pEsvUTEP/ilY8FfzPF+xDBdBqFRT8U9Y mETqUNHgMgbz9kCUbDUT/jGTgRM+aFw1uK5u0XCFAXkAt/tq8YVzStiarF0DRxJJ FSaoZR3W4ROxp4PpLQCrBtWWFN0s6lQVJ+9dI/f6cunLJHUl4ReODQo3sN94pcPG DJIw2X1kwoMYv2hadX51WN7W1u/9yyDQxLe9MsPADeWPpmlKZIWqs5m4KqyNym2B W9gcNE50z/4y/BqnNcF23jXxsifw7ko7x3iATVaDIoZ54IgghikxSXH46oNt4KVf BKvPEQajM+trAC4HQfX2eX1W96CufHZV+NgGx5mJdgXQAVxk/WFPsku2i8BnjfT8 FCietKBsgNzl4WqdItNu0ZqBRt7+5jt6wBbbMYlkkmcAWiGtlxaQGveTDZBQ1f7h r0EzlVVYHh9yLgwyGeJ4slW9727Bx9RcbpWyw9cK6oqgnCDrpc5e4psovbmfFtXw /bt9TVf0fbl2Q3zBiTRdqebRa6nB2dG4uAm5zjY6qSRrfWMWNEBT7RuNUDVIz6vn 09frYwaVJ0OpDB6al2fidfd9lP9n+i9kan4qTOM1cJFFOG0VU2kTt+3/ggRQkaJj k1jt59t1xHdaNsJGWBFp3oBjUBRyIDxU1+Y7pMbhzICcRZLzox2zu72FJeUrL6Lz Tkawo3PXC5L+9B6yKMEx =5OaT -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
...@sixdemonbag.org 54f6f7fa.5040...@enigmail.net 54f78831.4090...@gmx.de 54f7fae2.3060...@enigmail.net 54f85f52.20...@2904.cc 54fa0b25.50...@gmail.com 54fa1001.9020...@caerllewys.net 54fa451e.8060...@gmail.com In-Reply-To: 54fa451e.8060...@gmail.com Subject: Re: [Enigmail] From Circumvention X-BeenThere: enigmail-users@enigmail.net X-Mailman-Version: 2.1.17 Precedence: list Reply-To: Enigmail user discussion list enigmail-users@enigmail.net List-Id: Enigmail user discussion list enigmail-users_enigmail.net.enigmail.net List-Unsubscribe: https://lists.enigmail.net/mailman/options/enigmail-users_enigmail.net, mailto:enigmail-users-requ...@enigmail.net?subject=unsubscribe List-Archive: https://lists.enigmail.net/pipermail/enigmail-users_enigmail.net/ List-Post: mailto:enigmail-users@enigmail.net List-Help: mailto:enigmail-users-requ...@enigmail.net?subject=help List-Subscribe: https://lists.enigmail.net/mailman/listinfo/enigmail-users_enigmail.net, mailto:enigmail-users-requ...@enigmail.net?subject=subscribe Content-Type: multipart/mixed; boundary5969855842382285287== Errors-To: enigmail-users-boun...@enigmail.net Sender: enigmail-users enigmail-users-boun...@enigmail.net This is a multi-part message in MIME format. --===5969855842382285287== Content-Type: multipart/alternative; boundary=090102070300070205010504 This is a multi-part message in MIME format. --090102070300070205010504 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit http://blog.linuxprogrammer.org/How%20to%20Sanitize%20Thunderbird%20and%20Enigmail.html This sanitizes some of the information. Ian - ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
On 2015-03-05 14:51, Stefan wrote: Hi, Am 05.03.15 um 07:42 schrieb Ludwig Hügelschäfer: On 04.03.15 23:33, Rainer Blome wrote: Am 04.03.2015 um 13:18 schrieb Patrick Brunschwig: We could also implement something like an automatic monthly check of all keys on keyservers. Would this amount to sending your PGP address book to the key server? That is something some might want to avoid. The keyserver would be requested for every key in your keyring - of course not for those which are already revoked. I think was Rainer means is the fact that requesting updates from every key in your keyring would show the keyserver admin and everyone on the probably unsecured connection which keys are in your keyring. that would become less severe if one used a TLS channel via hkps:// the server admins would still see your complete keyring, though. my2cents ralph signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
Hi, Am 05.03.15 um 07:42 schrieb Ludwig Hügelschäfer: On 04.03.15 23:33, Rainer Blome wrote: Am 04.03.2015 um 13:18 schrieb Patrick Brunschwig: We could also implement something like an automatic monthly check of all keys on keyservers. Would this amount to sending your PGP address book to the key server? That is something some might want to avoid. The keyserver would be requested for every key in your keyring - of course not for those which are already revoked. I think was Rainer means is the fact that requesting updates from every key in your keyring would show the keyserver admin and everyone on the probably unsecured connection which keys are in your keyring. I also would like such a feature, but thought should be given whether this should be the default. (And information about the implications in the UI would be nice.) Cheers, S ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/04/15 07:18, Patrick Brunschwig wrote: On 03.03.15 15:44, Robert J. Hansen wrote: 4. If you've disabled encryption and/or signing for a message (when it would normally be present), Enigmail is too polite about it. They'd like to see a red banner or somesuch, warning the user You have manually disabled encryption and/or signing for this email. The icons, although accurate, are too easy for newcomers to overlook. The quickest fix could be to change the color of the text. That would certainly be eyecatching and un-missable. - -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: 603.293.8485 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iEYEAREIAAYFAlT3NyoACgkQ0DfOju+hMkm9vwCfalLVrfvOWRzp03nSz0Uu25eA RSgAoMQiFoeN7vumkKfhQpuvGMKenip5 =N1rz -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
On 04.03.2015 13:18, Patrick Brunschwig wrote: We could also implement something like an automatic monthly check of all keys on keyservers. I would like to see this, since I experience that people never to rarely update the keys from keyservers manually. signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
Enigmail saved my family's life. That is a real enlightening statement. Living in Australia it's hard to imagine what it must be like for some folk in the countries where an email can get you arrested. Thanks for that insight. You folks do great work, glad you are enjoying the fellowship of the event. Ian On 04/03/15 01:44, Robert J. Hansen wrote: I'm attending Circumvention in Valencia, Spain right now. Circumvention is a conference for people interested in using technology to circumvent oppression, mostly oppressive governments and corporations in the developing world. A particular focus is on technology trainers -- people who train others in how to effectively use security technologies. Trainers are force multipliers; a good trainer can easily teach 50 people a month how to use basic privacy and confidentiality tools. Multiply that over a year, and you quickly see that one trainer can help facilitate an entire cluster of electronic freedom. My impressions so far: - The Eniglove is thick, palpable, and real. I literally have not been able to buy my own beer. If I was so inclined, I could get stone drunk every night and *still* wind up turning down half the offers of free beer. I also get random bone-crushing hugs from attractive women and the occasional activist has taken me apart from the crowd to tell me, Enigmail saved my family's life. - Everyone it seems has a different take on an Enigmail feature they'd like to see included. Some of them are just no, we won't do that (such as pushing for Enigmail to get integrated wholesale into Thunderbird), some are really easy, and others are worth thinking about. Really easy: 1. The Help button beside Convenient encryption settings is sometimes unresponsive. I saw this bug with my own two eyes (thanks, Dmitri!) and can confirm it. 2. There's a huge outcry for a Farsi translation. The bad news: the people who most need it are unable/unwilling to contribute to it (they need to keep a low profile). The good news: Localization Lab really wants to help us out with this. See http://www.localizationlab.org/translation/ for an overview of Localization Lab's efforts. I've got a point of contact there, so we should probably reach out and see what they can do for us. 3. The trainers say there's a slight visual difference in how inline messages are composed versus how PGP/MIME messages are composed. Inline messages are briefly flashed in the compose window in encrypted form before sending, while PGP/MIME messages are not. It would be good if there were only one behavior, because it sometimes leads to people believing they sent an email unencrypted because when they were in training (using inline PGP) they saw it briefly in encrypted form, but in the real world (using PGP/MIME) they didn't. I think this is minor, but ... people are serious about it. One uniform behavior, please. 4. If you've disabled encryption and/or signing for a message (when it would normally be present), Enigmail is too polite about it. They'd like to see a red banner or somesuch, warning the user You have manually disabled encryption and/or signing for this email. The icons, although accurate, are too easy for newcomers to overlook. 5. It should default to encrypting drafts. Worth thinking about: 6. Add an Easy Revocation Reminder feature. When revoking a key, one major problem is convincing one's correspondents to check the keyservers. Clicking Easy Revocation Reminder (needs a better name) would walk through your mail folders accumulating the email addresses of everyone who has sent you encrypted email or anyone you've sent signed email to. Enigmail would then open a new compose window, with all of these email addresses as bcc, with pre-composed text about how I have had a key compromise, blah blah blah. Allow the user to edit the text how they like, particularly listing a new key to use, and hit Send to notify all recipients. ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] From Circumvention
On 03/03/15 15:44, Robert J. Hansen wrote: Really easy: 1. The Help button beside Convenient encryption settings is sometimes unresponsive. I saw this bug with my own two eyes (thanks, Dmitri!) and can confirm it. While we are talking about this 'help' button, I'll add a comment. In my system : Ubuntu1404, Thunderbird 31.4.0 and enigmanil 1.8b1 : clicking this button opens the help dialogue in the background perfectly aligned with the preferences dialogue. Fortunately the help dialog is a little taller otherwise you'd never know it had opened. Philip signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
