Latest version of Thunderbird does integrate OpenPGP and does provide end-to-end encryption.
There is, IMO, a security flaw. The "Generate Key" function they supply does not have the option to create a private key with a pass phrase.
This means if you get an encrypted message, walk away from you system, and forget to secure it anyone can click on an encrypted message it will be displayed.
It should allow for pass phrase. And, there should be a "timeout" setting for how long a vaild pass phrase has been entered for viewing messages.
-- Nothing to see here.
On Mon., 20 Sep. 2021, 23:44 Ed Greshko, ed.greshko@greshko.com wrote:
This means if you get an encrypted message, walk away from you system, and forget to secure it anyone can click on an encrypted message it will be displayed.
. If you walk away from your system and forget to secure it and you don't trust the people on the same premises all of the following might happen:
- Anyone might install a keylogger.
- your computer might get stolen
- someone might hack any government three letter agency and you will get the blame.
- someone might send death threats, child porn and other nasty stuff from your Account and you will get the blame.
*ok, I'm exaggerating*
But you get the idea: don't walk away and fail to secure your system... specially if you don't know/trust the people around you.
I don't think that's a problem of the email client but rather your system config.
Now that you talk about that... I'd love to know if it's possible to do pairing with Bluetooth to auto lock a Linux system when you walk away.
https://support.microsoft.com/en-us/windows/lock-your-windows-pc-automatical...
FC
It should allow for pass phrase. And, there should be a "timeout" setting for how long a vaild pass phrase has been entered for viewing messages.
On 21/09/2021 11:02, Fernando Cassia wrote:
On Mon., 20 Sep. 2021, 23:44 Ed Greshko, ed.greshko@greshko.com wrote:
*ok, I'm exaggerating*
Yes, any number of thing could happen. And, yes, people sometimes let their guard down. And extra layer of "protection" at the program level is hardly ever bad. Badly, implemented, yes.
But you get the idea: don't walk away and fail to secure your system... specially if you don't know/trust the people around you.
I don't think that's a problem of the email client but rather your system config.
It is just my contention that every app/program needs to take security/privacy into consideration when being developed.
If a app/program is going to implement a securityprivacy feature (which encryption is) then best practices should be followed with them being the default. Then, let the end user decide if they want to opt out.
Now that you talk about that... I'd love to know if it's possible to do pairing with Bluetooth to auto lock a Linux system when you walk away.
https://support.microsoft.com/en-us/windows/lock-your-windows-pc-automatical...
No idea
-- Nothing to see here
-
Ed Greshko -
Fernando Cassia