Monthly Archives: September 2013

HTML email, attachments, and flowed text in Enigmail

I’ve noticed that a lot of people who are new to GPG really don’t want to give up their HTML email, but the Enigmail setup wizard recommends that you do this.

Enigmail Setup Wizard

People have also had weird problems with email attachments when sending signed or encrypted emails. And when you use Enigmail’s default settings and compose your messages in plaintext, Enigmail also turns off “flowed text”, so that lines get wrapped at 72 characters.

Continue reading

Don’t Succumb to Security Nihilism

You might have read today’s shocking Guardian and New York Times articles outlining the many ways that NSA and GCHQ have defeated crypto on the Internet, and have influenced tech companies to insert back doors into their commercial security products.

But pay close attention to this paragraph in Guardian’s article:

The agencies have not yet cracked all encryption technologies, however, the documents suggest. Snowden appeared to confirm this during a live Q&A with Guardian readers in June. “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on,” he said before warning that NSA can frequently find ways around it as a result of weak security on the computers at either end of the communication.

Giving up and deciding that privacy is dead is counterproductive. We need to stop using commercial crypto. We need to make sure that free software crypto gets serious security and usability audits.

If we do this right we can still have privacy in the 21st century. If we give up on security because of this we will definitely lose.