On Fri, Aug 14, 2020 at 11:14:27AM +0200, sacham...@s0c4.net wrote: > Hi all, > > thank you all for this long discussion. Your security concerns are > clear, as is clearer the intended system-usage scenario (most of you > have) and Mutt's role in there.
It's worth pointing out one additional point that I haven't: The data in an attachment might be considered sensitive by the person sending you the attachment, whereas to YOU it doesn't matter in the slightest. By relaxing your umask, you're reducing the security of all of your senders' data, BY DEFAULT, without their knowledge or consent. > The difference between us is basically that I prefer that the user > have the *possibility* to do it in the "wrong" way after being > warned about consequences. Of course sane/secure defaults are a > must. Have you not been paying attention to the heat that Facebook and other sites have been taking for their lack of care in protecting users' sensitive data? In many cases they're blamed even when the user has set their privacy policy to more permissive settings (they should have made it clearer!), and the breach is their own fault. And of course it's great when your fellow users (e.g. facebook friends) victimize you because you made it easy for them, by compromising your own sensitive data, because you didn't understand how sensitive it actually was: https://www.huffpost.com/entry/burglary-ring-targets-fac_n_712629 http://www.cbsnews.com/news/facebook-friend-suspected-in-burglary/ https://sileo.com/facebook-status-update-leads-to-robbery/ https://abc7.com/archive/9482852/ https://bits.blogs.nytimes.com/2010/09/12/burglars-picked-houses-based-on-facebook-updates/ https://www.nydailynews.com/news/crime/california-woman-home-burgled-facebook-friend-cops-article-1.1737842 https://www.getsafe.com/how-burglars-use-social-media/ https://www.thesun.co.uk/living/4119821/10-share-facebook-crime-target/ etc. etc.... The odds that YOU become a target might be low, but it happens with increasing frequency, and it could be catastrophic. Your odds go up significantly if someone shady in your circle learns that you're an easy target due to careless security practices (which tend to be habitual, and attackers are watching for signs). Now imagine instead of your vacation plans, it was your 401k account info that some well-meaning idiot at your financial institution included in an attachment in an e-mail you weren't even expecting them to send you... Life savings gone in an instant. Do you really think, even if you explain all of this in as much detail as I have to your users, that they'll even understand it all? Probably not. And that's if their eyes don't glaze over after your first sentence or two as they stop listening. That, in large part, is why your bank and the company you work for (etc.) impose a wide variety of security measures that annoy you and don't give you a choice about it, and it is why strict attachment permissions in your mailer should not be optional: The vast majority of users will happily disable them if they can, but not grasp the full ramifications of doing so until and unless they are actually bitten by it (and most users probably would never know how it happened, still not understanding, were they to be bitten by it). Security is hard, and most people--even many otherwise well-informed technical users--really don't get it. Sometimes, as in this case, when you do know better, and especially when the price of better security is so small (an occasional chmod command), it's your responsibility to decide for those who don't know better. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
signature.asc
Description: PGP signature
