[–]▶ No.916233>>916238 >>916266 >>916292 >>916312 >>916327 >>916331 >>916461 >>916477 >>916558 >>917121 >>917575 [Watch Thread][Show All Posts]
>Don’t panic! But you should stop using PGP for encrypted email and switch to a different secure communications method for now.
>A group of researchers released a paper today that describes a new class of serious vulnerabilities in PGP (including GPG), the most popular email encryption standard. The new paper includes a proof-of-concept exploit that can allow an attacker to use the victim’s own email client to decrypt previously acquired messages and return the decrypted content to the attacker without alerting the victim. The proof of concept is only one implementation of this new type of attack, and variants may follow in the coming days.
>Because of the straightforward nature of the proof of concept, the severity of these security vulnerabilities, the range of email clients and plugins affected, and the high level of protection that PGP users need and expect, EFF is advising PGP users to pause in their use of the tool and seek other modes of secure end-to-end communication for now.
>Because we are awaiting the response from the security community of the flaws highlighted in the paper, we recommend that for now you uninstall or disable your PGP email plug-in. These steps are intended as a temporary, conservative stopgap until the immediate risk of the exploit has passed and been mitigated against by the wider community. There may be simpler mitigations available soon, as vendors and commentators develop narrower solutions, but this is the safest stance to take for now. Because sending PGP-encrypted emails to an unpatched client will create adverse ecosystem incentives to open incoming emails, any of which could be maliciously crafted to expose ciphertext to attackers.
https://www.eff.org/deeplinks/2018/05/not-so-pretty-what-you-need-know-about-e-fail-and-pgp-flaw-0
▶ No.916238>>916284
>>916233 (OP)
I gotta say btw, I really agree with the “we need to be better than pretty good” section.
OpenPGP was complicated and confusing, and as it turns out is really flawed. What we need is stuff like what XMPP has like OMEMO. I use it and its really simple and comfy OwO
▶ No.916239>>916254 >>917075 >>937990
>exploit is in the email client
>PGP is not broken itself
Who cares. Encrypt and sign your messages _outside_ your email client before you send it. Problem solved.
▶ No.916247
>listening to the EFF kikes
Wait before someone a bit more serious chimes in.
▶ No.916254>>916514
>>916239
it also only happens with HTML-formatted e-mail so it's literally nothing
▶ No.916266
>>916233 (OP)
>In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs.
>html emails are leaking like a 40 year old tranny prostitute's asshole
>PGP IS BROKEN!!!!!!!!111111!!!!!!!
It's not PGP that's broken, it's html emails. And they were fubar'd since 90s.
▶ No.916275>>916279
Can I just point out that eFail literally has nothing to do with OpenPGP itself and pertains to tools and extensions that automate the process of encrypting and decrypting PGP? Or is that too much to ask?
▶ No.916279
>>916275
It's what everyone is talking about in this thread. Keep it going anon.
▶ No.916284
▶ No.916292
>>916233 (OP)
>use signal
Signal as been honeypot since the beginning (notably because the went full retard/being very aggressive because of libre signal).
It's not GPG or PGP that is broken it's email clients and not all of them are affected.
It's clearly explained here in the papers:
https://efail.de/
Archive to avoid cloudflare tor block
https://web.archive.org/web/20180514100313/https://efail.de/
It's a bit more than a HTML flaw but it can be mitigated via deactivating HTML email creation and HTML rendering. To be honest it was always bloat.
For those who are wondering who added HTML in emails long ago it was Microsoft in their Outlook "solution". For the sysadmins of that time you will remember the nightmare that it was for filtering these pieces of trash that nobody asked for.
I was already suspicious because of some their posts but now the EFF is to be attentively observed and dissected for the months to come.
▶ No.916308
>>916263
That picture captures my reaction to this thread as well.
▶ No.916312
>>916233 (OP)
Who cares really ? Be a proud goyim. Stop using PGP.
▶ No.916327
>>916233 (OP)
That's just clickbait from the EFF also it's pretty old news by now. The vulnerability, efail, is related to the plugins which decrypt PGP encrypted messages and clients rendering html mails, but not PGP itself. Additionally, this attack requires the attacker to be able to MITM AND capture the email he wishes to capture. In addition to this, when the user would open this email, it would be apparent something had happened because the whole message would be empty.
Looks like emacs isn't vulnerable. Here're some quotes from RMS following efail.
If you allow a mail user agent to render HTML for you, you expose
yourself to various kinds of surveillance and swindles. Now, it seems,
one of those might be a decryption exploit.
Referring to any external elements from HTML in an email
exposes the user to various forms of mistreatment.
Security in an MUA includes protecting the user from all that.
> > (And private/secret correspondence shouldn't include such external
> > references in the first place, IMHO.)
> Sadly, most people don't care enough.
It's often not "people". Many companies systematically use this
security hole to track users. I am very glad that nobody can
tell whether I have read a message -- because I do it in Emacs.
>>916238
>and as it turns out is really flawed
What is a flaw you see with it? There's not much wrong with PGP minus not having forward security (which is hard to pull of in something like email in which you might not be able to afford to send multiple messages between the receiver and yourself).
Also shame on you for just copy pasting a news article for a thread. You should provide your own commentary about the topic since most everyone has seen it by now. You didn't even name the vulnerability by name, nor did you link to it's site explaining itself.
▶ No.916331>>916639
>>916233 (OP)
>OpenPGP broken
You should kill yourself immediately for that utter lie of a subject line, you useless turd.
▶ No.916393>>916459 >>916474
Just use GPG they said. You don't need LUKS or any other kind of encryption they said.
▶ No.916397
If you can't discover a decent vanity trip, you shouldn't be tripfagging OP!
Here's a bitNickel, kid. Buy yourself a better tripcode.
▶ No.916459
>>916393
LUKS? How is it related to email/text encryption?
▶ No.916461
>>916233 (OP)
GPG and OpenPGP are fine. It's clients that are leaking that shit though HTML referrals.
▶ No.916463>>916474
Just accept that internet is insecure. Face-to-face communication is the only option.
▶ No.916474
>>916393
>Just use GPG they said. You don't need LUKS or any other kind of encryption they said.
Mhm. Who said that?
>>916463
Face-to-face communication isn't secure, either. Eavesdroppers, regular mics, laser mics, tiny NSA agents hiding in your ear canal.
▶ No.916477
>>916233 (OP)
>OpenPGP broken
Shut the fuck up, this only applies to nigger clients like Thunderbird. There is no vulnerability if you just use a plain implementation like GnuPG. I could barely read this stupid web page, I'm fucking sick of hearing about new vulnerabilities with a full marketing campaign behind them, which time and time again are nothing new. The only reason I read this is because i'm interested in making/breaking PGP. This is your typical attack on webshit. Webshit (including Email, which is just webshit on a slightly different protocol) is an entire misconception in itself, and is always implemented by people who have no clue about anything.
▶ No.916478
>>916263
Wow, it's like it's fucking nothing.
▶ No.916481>>916490
I use GNUMail.
All you faggots said GNUSTEP looked "bad", who's laughing now?
▶ No.916490
>>916481
>who's laughing now?
Still us. GNUFail isn't the only email client that's not vulnerable to this attack.
▶ No.916505>>916515 >>916517 >>916519 >>916521
>not only can attackers get access to the contents of your encrypted messages the second you open an email, but they can also use these techniques to get access to the contents of any encrypted message that you have ever sent, as long as they have a copy of the ciphertext.
Encryption noob here, can someone explain why this is?, somehow having the copy of a single encrypted mail means you can decrypt any other mail encrypted with the same key?, without the private key???, what??.
▶ No.916507>>916518 >>917116
>>916263
This poor level of discourse is the standard in the imageboards. It's botnet this and botnet that and if you ever question people's opinions/conjecture/narrative that are not matters of fact, they'll accuse you of being a shill of some kind. It's quite annoying.
▶ No.916514>>916673 >>916696 >>916698
>>916254
Wait, I'm confused. Why do they say this?
https://www.eff.org/deeplinks/2018/05/pgp-and-efail-frequently-asked-questions#html
>Is disabling HTML sufficient?
>Turning off sending HTML email will not prevent this attack. For some published attacks, turning off viewing HTML email may protect your messages being leaked to an attacker by you. However, since PGP email is encrypted to both the sender and each recipient, it will not protect these messages from being leaked by anyone else you’ve communicated with. Additionally, turning off HTML email may not protect these messages against future attacks that are discovered which build off of the current vulnerabilities.
>Turning off reading HTML email while still sending PGP-encrypted messages encourages others to read these with their own potentially vulnerable clients. This promotes an ecosystem that puts the contents of these messages (as well as any past messages that are decrypted by them) at risk.
I'm confused. Does this mean even if you don't send an html email, that the contents of the mail could still be decrypted by the person receiving your email if they have a shitty client?
▶ No.916515
>>916505
Nevermind, I misinterpreted.
▶ No.916517
>>916505
>but they can also use these techniques to get access to the contents of any encrypted message that you have ever sent, as long as they have a copy of the ciphertext.
This is false. Imagine how easy it would be break. Just guess when someone sent a message containing "Hello" and then boom you can decrypt all their messages. It just doesn't work that way.
▶ No.916518>>917101
>>916507
>discourse
This isn't your gender studies seminar, go back to Tumblr.
▶ No.916519>>916617 >>916994
>>916505
>even if you don't send an html email
This was never about sending an html email. The attacker MITM the message and modify it by adding an html into it.
▶ No.916521
>>916505
because the email client is written by retarded niggers who basically copy and paste code everywhere.
▶ No.916558
>>916233 (OP)
Why do you need encryption if you have nothing to hide?
▶ No.916570
>if you have nothing to hide?
who said that
▶ No.916617
>>916519
So what? Most email clients don't render html by default.
▶ No.916618
▶ No.916639
>>916331
what did you expect from a tripfag
▶ No.916642
all part of the conspiracy to discredit PGP and ensure it doesn't ever catch on, because it hasn't been compromised and has no built-in backdoor.
▶ No.916653
>gpg dindu nuffin
Except outputting decrypted ciphertext that failed the authenticity check.
It's ok though because gpg printed a warning to stderr :^)
▶ No.916673>>916684 >>916727 >>916933 >>916994
OMG im so sorry!
I didnt realize this might have been html-only. theres some parts of it that still raise some concern like >>916514 but it sounds like it mostly was FUD basically.
Im a baka -_-
the real question now, assuming everyone in this thread is right, is what's going on at the EFF? Normally they're fairly accurate about stuff, so how did they get this so wrong??
▶ No.916676
>pgp is shit
>ok
>here use signal
>electron shit with phone number required
ayy lmao what the fuck
▶ No.916684
▶ No.916693
>we recommend that for now you uninstall or disable your PGP email plug-in.
<stop using PGP goy! Look at the (((severity)))!!!
ignore that it's html cancer and an email client vulnerability, it's PGP goy and don't ask questions.
I'm loosing respect for the EFF rapidly. This is as stupid as those jews that came up with those fake AMD exploits with the fake security company in isreal.
▶ No.916696
>>916514
this means the EFF is scaremongering.
Do not send HTML emails and everything is fine.
If you simply turn off viewing HTML inside of the email, and instead change the setting to view the html email in plaintext, then your fine, but the next person you send it to may not have it turned off and will still get fucked.
So the moral of the story is don't send the fucking HTML email in the firstplace, just use plaintext.
▶ No.916698>>916701 >>916705 >>916727
>>916514
The way this seems to be is this:
-Kike A sends trojan email to Goy B.
-Goy B is smart and disables html viewing so does not get fucked and dump his keys when the email is decrypted and his client fucks him.
-Goy B then forwards the email to his Goy buddies C, D, and E.
-C D and E do not have html viewing disabled, so they all get fucked.
▶ No.916701>>916705
>>916698
actually reading it your private keys are never dumped. only the content of the message is leaked, and an attacker still needs to have the encrypted message.
-Kike A captures cipher email from Goy B.
-Kike A adds this html cancer to the email, and includes the original ciphertext, and sends it to Goy B, the original ciphertext is still not decrypted.
-Goy B opens the email, and the stupid client decryptes the modified message, then decrypts the original message that Kike A captures too, and then the html cancer sends the decrypted message back to him.
▶ No.916705
>>916701
>>916698
>letting your email reader render and execute HTML and embedded scripts
▶ No.916727
>all this talk about MITM and referal headers. no, neither of those are in use here. the retarded email client goes to malicious-server.com/hello%20anon%0di%20have%20a%20secret%0di%20am%20gay
you don't even need real MITM, if you have access to a server you can just copy the messages off to get the ciphertexts and start exploiting people. MITM usually means actually setting up a live wiretap on someone or on a router
>>916673
no. there's northing that raises any concern. the website is pure clickbait like most "security research". even before naming vulns was a fad, disclosures were still mostly clickbait just it took a higher level of intellegence to be baited
>>916698
>-C D and E do not have html viewing disabled, so they all get fucked.
yeah that can probably happen if Kike A added payloads specifically made for C, D, and E, however this is not an issue. this is C, D, and E's faults for using a retarded email client with a web browser built in
▶ No.916728
>all this talk about MITM and referal headers.
no, neither of those are in use here. the retarded email client goes to malicious-server.com/hello%20anon%0di%20have%20a%20secret%0di%20am%20gay
fixed
▶ No.916756
>wen u type your secret password for darknet forum into fbi.gov url bar and hit enter
▶ No.916761>>916770 >>916960 >>916965
Efail press release
https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html
Robert J. Hansen rjh at sixdemonbag.org
Mon May 14 14:27:44 CEST 2018
Over the last few hours, Werner, Andre, and I have been working on an
official statement about the Efail paper. Without further ado, here it is.
An Official Statement on New Claimed Vulnerabilities
== ======== ========= == === ======= ===============
by the GnuPG and Gpg4Win teams
(This statement is only about the susceptibility of OpenPGP, GnuPG, and
Gpg4Win. It does not cover S/MIME.)
Recently some security researchers published a paper named "Efail:
Breaking S/MIME and OpenPGP Encryption using Exfiltration Channels".
The EFF has gone so far as to recommend immediately uninstalling
Enigmail. We have three things to say, and then we're going to show you
why we're right.
1. This paper is misnamed.
2. This attack targets buggy email clients.
3. The authors made a list of buggy email clients.
In 1999 we realized OpenPGP's symmetric cipher mode (a variant of cipher
feedback) had a weakness: in some cases an attacker could modify text.
As Werner Koch, the founder of GnuPG, put it: "[Phil Zimmermann] and Jon
Callas asked me to attend the AES conference in Rome to discuss problems
with the CFB mode which were on the horizon. That discussion was in
March 1999 and PGP and GnuPG implemented a first version [of our
countermeasure] about a month later. According to GnuPG's NEWS file,
[our countermeasure] went live in Summer 2000."
The countermeasure Werner mentions is called a Modification Detection
Code, or MDC. It's been a standard part of GnuPG for almost eighteen
years. For almost all that time, any message which does not have an MDC
attached has caused GnuPG to throw up big, clear, and obvious warning
messages. They look something like this:
gpg: encrypted with 256-bit ECDH key, ID 7F3B7ED4319BCCA8, created
2017-01-01
"Werner Koch <wk at gnupg.org>"
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_INFO 0 7
[GNUPG:] PLAINTEXT 62 1526109594
[GNUPG:] PLAINTEXT_LENGTH 69
There is more to life than increasing its speed.
-- Mahatma Gandhi
gpg: WARNING: message was not integrity protected
[GNUPG:] DECRYPTION_FAILED
[GNUPG:] END_DECRYPTION
GnuPG also throws large warning messages if an MDC indicates a message
has been modified. In both cases, if your email client respects this
warning and does the right thing -- namely, not showing you the email --
then you are completely protected from the Efail attack, as it's just a
modern spin on something we started defending against almost twenty
years ago.
If you're worried about the Efail attack, upgrade to the latest version
of GnuPG and check with your email plugin vendor to see if they handle
MDC errors correctly. Most do.
You might be vulnerable if you're running an ancient version of GnuPG
(the 1.0 series; the current is 2.2), or if your email plugin doesn't
handle GnuPG's warning correctly. You might also have had some exposure
in the past if back then you used a pre-2000 version of GnuPG, and/or an
email plugin which didn't handle the warning correctly.
We made three statements about the Efail attack at the beginning. We're
going to repeat them here and give a little explanation. Now that we've
explained the situation, we're confident you'll concur in our judgment.
1. This paper is misnamed. It's not an attack on OpenPGP. It's an
attack on broken email clients that ignore GnuPG's warnings and do silly
things after being warned.
2. This attack targets buggy email clients. Correct use of the MDC
completely prevents this attack. GnuPG has had MDC support since the
summer of 2000.
3. The authors made a list of buggy email clients. It's worth looking
over their list of email clients (found at the very end) to see if yours
is vulnerable. But be careful, because it may not be accurate -- for
example, Mailpile says they're not vulnerable, but the paper indicates
Mailpile has some susceptibility.
The authors have done the community a good service by cataloguing buggy
email email clients. We're grateful to them for that. We do wish,
though, this thing had been handled with a little less hype. A whole
lot of people got scared, and over very little.
tl;dr: This should be called EFFail, not Efail. Don't render html mail, and you should be fine. Also read the gnupg-users thread from https://lists.gnupg.org/pipermail/gnupg-users/2018-May/date.html#60316 and onwards.
▶ No.916764
tripfags should commit suicide as soon as possible
▶ No.916768
Also fuck the EFF for telling people to stop using PGP untill we can figure out what's going on. Like Mark H. Wood wrote[1]
<"We've discovered that locks can be picked, so you should remove all the locks from your doors right now."
[1] https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060367.html
▶ No.916770>>916934
>>916761
I think they're wrong. MDC shouldn't apply in any way to the first attack vector listed on efail.de ("Direct Exfiltration").
▶ No.916933>>916971
>>916673
>how did they get this so wrong??
They've been shilling for Signal for a while now. This is probably part of that. Signal and PGP are very different from each other and have different use cases. PGP is very useful when you don't know who the receiver of your message is going to be. It's also useful if you are only able to send a single message to someone and don't have time to do a whole handshake with the other party. I personally don't use Signal and don't plan on doing so for at least a good period of time. Literally between EFFs post on this and now new remote code execution bugs with signal have been published. I'm personally sticking with trusted and true solutions which are proven to work (assuming you don't use command line flags to intentionally make your security worse).
▶ No.916934
>>916770
The point about MDC was only about the 2nd vulnerability which is an actual concern about the cryptographic quality of PGP. The first vulnerability is just a problem with email clients themselves (which they describe in the announcement) and not with PGP.
▶ No.916960>>916962
>>916761
fucking security (((researchers))) once again trying to fearmonger and bloat up their own resume.
Here are the researchers:
Damian Poddebniak,
Christian Dresen,
Jens Müller,
Fabian Ising,
Sebastian (((Schinzel))),
Simon (((Friedberger))),
Juraj Somorovsky,
Jörg Schwenk.
I wonder what can be found of these upstanding world citizens.
▶ No.916962>>916963 >>916965
>>916960
here's Sebastian (((Schinzel)))
shilling stickers for his efail brand
▶ No.916963>>916971
▶ No.916965
>>916761
>>916962
STOP HURTING OUR BRAND GOYIM
▶ No.916968
EFF didn't come up with the "STOP USING GPG NOW!!!" fearmongering
Sebastian (((Schinzel)))
was shilling it on the day of the release.
▶ No.916970
oyvey why are they ignoring our shilling and give us flack
▶ No.916971>>916972 >>916975 >>916981 >>917046
>>916933
I dont get Signal. I dont want to have my phone number attached to these private chats, and I dont like that its connected to a centralized server. It needs to be an open standard like email, jabber, irc, matrix, etc.
>>916963
ok so some people that are being retweeted are claiming theres an exploit that works on plaintext stuff too. legit, or just some jewish trick? idk anymore.
▶ No.916972>>916973
>>916971
>idk anymore
that's the entire point with this fearmongering kikery. erode trust in GPG so people stop using it and instead send all their shit in plaintext so it can be easily read by Isreal.
▶ No.916973
>>916972
well no they dont want it to be in cleartext they want everybody on Signal, which as I said I dont trust or think is a good idea conceptually. You can't self-host it I don't think, and theres the phone number thing.
▶ No.916975>>916980 >>916987
>>916971
The infosec people like to shill Signal because they are only concerned with normies/tech illiterate adoption rates. They want ease of use and privacy by default. Normal people will not use PGP and will fuck up trying.
▶ No.916980>>916986
>>916975
PGP is indeed not user-friendly in the slightest, but OwO whats this?
https://conversations.im/omemo/
braindead simple to use, but decentralized as it is XMPP. Ive used it and it just werks. Why dont they shill this instead? seems shady.
Like, having a (((service))) that is hardcoded to a centralized server owned by a specific app maker doesnt sound very much in the spirit of Free Software does it?
▶ No.916981>>916986
>>916971
>I dont get Signal. I dont want to have my phone number attached to these private chats, and I dont like that its connected to a centralized server. It needs to be an open standard like email, jabber, irc, matrix, etc.
It doesn't need to be anything at all. Just use OMEMO with XMPP.
▶ No.916983
>all these twatter links
>We've detected that JavaScript is disabled in your browser. Would you like to proceed to legacy Twitter?
<Yes
>403 Forbidden: The server understood the request, but is refusing to fulfill it.
hosting 160 characters of text is sure jee hard
▶ No.916986>>917054 >>925698
>>916981
see >>916980 i just mentioned it, silly! ^.^
btw if you guys want to use it check this for the right client.
https://omemo.top/
its kinda off because chatsecure supports it now, but should give you an idea.
▶ No.916987>>916997
>>916975
Secure by default is what law enforcement are scared of as well. LEA accept that a very small percentage of nerds will have strong security, but they don't won't a dumbass drug dealer to accidently have privacy/security because it's the default.
▶ No.916994>>916996 >>916999
>>916673
If someone can convert a plaintext email to html like >>916519 says, then this is bigger problem. Because even if you do the right action and don't use a shitty client with html enabled, you have to rely on other people who either get the same messages as you or who you're speaking to not fucking this up either.
But yeah, the title is very clickbaity. It's similar to how people say Tor is broken when it's actually a browser exploit.
▶ No.916996
>>916994
>then this is bigger problem
Funnily enough, PGP is the solution to that problem.
▶ No.916997
>>916987
that's why they arrested those spic's that were selling the secure phone's with gps soldered off to drug cartels.
▶ No.916999>>917002
>>916994
should be able to immediately get around this by putting the text in a zip file. other retarded people who have this html cancer turned on will not dump your secrets
▶ No.917002>>917019 >>917021 >>917054
>>916999
What happens if the attacker decompresses it, injects the image tag around the encrypted data, and then recompresses it.
Regardless, allowing network connections from your html renderer for email is the root of the problem.
▶ No.917019
>>917002
>injects the image tag
if it's in a zip file don't open the text in the zip in a fucking browser
▶ No.917021>>917054
>>917002
the root of this problem is once again web5.0 nuweb cancer bloat
▶ No.917046
>>916971
This is why I hate humans.
▶ No.917054
>>916986
you stupid niggers, this is a thread about how using a bloated email client breaks encryption. the _exact same thing_ will happen on XMPP, I guarantee you. XMPP clients have all kinds of weird extensions and media they support. last time i checked, well established clients get memory corruption to the point where the screen looks all jumbled just because I entered an <img> tag by hand into a group conversation (and not even being malicious, i was just trying to display an image in the conversation, seeing as it has HTML support)
>>917021
the root of the problem is web 1.0 cancer (subsequent versions are even more cancerous). this exact same bullshit existed the moment the web and email came out
>>917002
if i was building a protocol to send encrypted messages to people, i would make it so the entire message is encrypted in one go, then the plaintext can be interpreted as usual (as bytes representing text, or as something else). it could even have HTML-like elements in it, and it would be no problem. the problem with these email clients is that you can put some stuff in the middle of the plaintext which will be decrypted and concatenated to some script and fed into the browser/renderer. it's not even a viable approach to any real problem, it's just webshit. no sane person would allow markup in such a way
▶ No.917075>>917088 >>917321 >>937990
>>916239
This, the EFF is really shifty lately. Did the glowdarks infiltrate it?
▶ No.917088>>917093
>>917075
The founder of the EFF died a few months ago. Maybe that has something to do with it......
▶ No.917093>>917097
>>917088
Died or """(((died)))""" is the question, innit?
▶ No.917097
>>917093
Well the official story is that he died peacefully in his sleep at age 70.
▶ No.917101>>917116
>>916518
>the word discourse can not be used on tech
read a book
▶ No.917116
▶ No.917121
>>916233 (OP)
We should all move to centralized communication platforms such as Facebook, Discord and WhatsApp.
Our information is not safe in our own hands, obviously.
E-mail has to go.
▶ No.917273>>917278 >>917327
▶ No.917278>>917305
>>917273
>The same cannot be said of the trolls who sprang up in the aftermath. Danny says he’s had people accusing him of working to advance the CIA’s agenda.
*giggles*
is he talking about us?
▶ No.917305>>917313
>>917278
>is he talking about us?
I think he means (((Signal shills))), not 8channers who consider this more of an EFFail than Efail.
▶ No.917313
>>917305
umm no Danny is the guy who wrote at least one of the EFF articles shilling signal and telling everyone to stop using PGP.
I think he's referring to anons posting about glow-in-the-darks.
>>917307
>>917308
>>917311
I love triggering you lovely people uwu
▶ No.917321>>917326
>>917075
The EFF was taken over by SJWs a long time ago. They're the Jewish agenda, now.
▶ No.917326
>>917321
Pretty sorry state of affairs, SJWs infect non-profits massively.
▶ No.917327
>>917273
>another shit post on medium.com
lol. again, how does this vuln require lack of checking MDC? that only seems relevant to the attack that goes the route of CBC/OFB. i'm not even interested in this topic anymore. it doesn't affect real OpenPGP users in any way and the community seems to be retarded as usual and the FUDers don't understand anything nor the anti-FUDers (people who mention MDC)
▶ No.917330>>917338 >>917343
▶ No.917343>>917346
>>917330
<Bumping to upvote.
chan friendlier terms would be "Bump for interest" and "Anti-slide bump". If you see that threads are being slid on a board, a thread merits attention but you don't have much add, you could use the "Anti-slide bump". That way you don't look like, as >>917338 pointed out, a redditor. But yes, it's interesting and unnerving to see this effort to shove (((Signal))) down everyone's throats.
▶ No.917346>>917349
>>917338
>>917343
I was mocking the people who claim that a sage isn't a downvote. It is if you sage and then bump every useless thread in the catalog.
▶ No.917349>>917352
>>917346
Sorry for being a stuck up cunt.
▶ No.917352
>>917349
It's OK but people kvetching about off topic shit in the more important threads as an excuse to sage is a real problem. Look at any of the slide threads in the catalog here - they rarely have the autistic spergeouts which are common in threads like this one or the Jewtel threads.
Here's how you slide a thread on /tech/:
>sage important / relevant thread
>post vapid comments in slide threads
>"problem" threads move toward bottom of catalog and never show up on the default view
Sage is a downvote and it's obvious.
▶ No.917575
▶ No.917809
>>917452
Everybody can! ^w^
▶ No.924566>>924575
why did they double down shilling AGAINST pgp? there totally have an agenda here.
I don't like this at all.
▶ No.924575>>924596
▶ No.924594>>924596
▶ No.924596>>924597
>>924575
>organization for privacy
>uses twitter
Really makes you think.
>>924594
kys
▶ No.924597>>924605 >>924609
>>924596
No, you kys. (((You))) are recommending some random untrusty peace of shit (at least that's what the code looked like when I checked) software that I can't use to contact any real people because it's incompatible with existing technology.
▶ No.924605>>924608
>>924597
Do you honestly believe that it's possible to use existing technology and have privacy at the same time? If you want privacy, you cannot use existing technology. It's one or the other, you cannot have both.
▶ No.924608>>924642
>>924605
Honestly? Yes. There are tons of free email services that you can use with any proxy network you like. Combine that with gpg and you're probably safer than putting all your trust in some unreviewed niche software.
▶ No.924609>>924614
>>924597
If you want true privacy & security, you should say bye bye to existing technology.
Anyways, I doubt you can even read code, nodev. RetroShare has quite a nice codebase in fact.
▶ No.924614
>>924609
>true privacy & security,
What does that even mean? For all practical matters, stuff is secure until it isn't.
>Anyways, I doubt you can even read code, nodev.
No u :^)
>RetroShare has quite a nice codebase in fact.
I admit it's been a while since I've had a look. Are all their shitty devs from five years ago gone? Besides that, it's still random and unreviewed, thus untrustworthy.
▶ No.924642
>>924608
So your answer to the fact that you "can't contact real people with new technology because it's incompatible with existing technology" is to pair GPG with email and a proxy? All proxies are guaranteed honeypots, they're no different to your ISP botnets except for the fact that they increase round trip latencies. Secondly, GPG is equally as niche as all the new technologies around. Tell me how many people you contact person-to-person on the Internet, and how many of them have shared their PGP public key with you.
▶ No.924646
So does this mean we can use signify now?
▶ No.924693
>EFF broken, everyone recommends abandoning it.
▶ No.925698
>>916986
Not good for the goyim https://coy.im/
▶ No.937989>>937992
>>937953
Last I checked, EFF released a new statement that it's perfectly ok to use on thunderbird+enigmail, hold off on Apple Mail+GPGTools, and they're unsure on other clients, so use caution, recommending strong security settings, frequent updates, and disabling HTML mail.
https://www.eff.org/deeplinks/2018/05/how-turn-pgp-back-safely-possible
▶ No.937990
>>916239
This. If the email client fails you're exposed, so don't trust it in the first place.
>>917075
yes, there is a distinct glow with the EFF sadly. I think they suffered the same fate as Mozilla hiring soy-commie-hipsters
▶ No.937992
>>937989
>>937953
Checked again, and there's been no new statements since this. Dunno if they'll make another one.