they are right
the EFF deserves criticism in this case and so do those who write insecure mail clients...
I wonder if Microsoft is going to be patching their SMIME and HTML implementation ?
ProtonMail has weighed into 2018's worst branded-bug PR disaster, EFAIL, with a simple statement: “PGP is not broken”. The discoverers of the bug in e-mail client encryption implementations started the ball rolling ahead of their disclosure in the middle of this month. Münster University professor Sebastian Schinzel started …
While I get that the comment was a bit slanted against Microsoft, Microsoft was specifically mentioned to have an insecure client for this, and they need to fix it. In the interest of balance, I hope apple, Mozilla, and Microsoft all fix their clients immediately. Oh, and anyone else who is vulnerable; that's just the group mentioned in the article.
> Werner Koch (a.k.a. mister GnuPG) already mentioned what was really amiss on the day the efail nonsense was released. And he was pretty much ignored by the media. Not sensational enough, I guess.
Werner has been ignored by pretty much everyone¹ in the last twenty years or so that he has been, single-handedly, developing and maintaining GPG. That's just not right. :(
¹ To be fair, one or two of the big internet giants have been funding his work for the last couple of years now. But still.
Turns out not to be correct.
But the EFF's has not covered themselves in glory with this.
It's a tough question. Do you state which clients you know are insecure and which ones you know are not? Or just tell people to avoid certain ones as otherwise you'd be endorsing all the rest?
The nuanced answer would be "Disable HTML" and list those browsers that force you to use HTML.
I feel like the core issue here is that the vast majority of people reporting on this sort of thing either don't understand how things like this work and/or have absolutely no time to look into things and just parrot whatever the last talking head said about it and the headlines get more and more hyperbolic.
Most of the headlines for this story where "PGP is cracked, run for the hills!", which was really a fairly obvious exploit of some shoddily-made email-client (people still use these?) plugins.
PGP may not be cracked in epidemic proportions but i would not be surprised if the NSA and other deep state thugs have already secretly developed quantum computing to the point that they can target and crack any encryption rather promptly, if so motivated. To make a more general prediction, I believe that just about any reasonable technology/weapon that one can imagine as being useful to their evil ends is also already available and in their hands or they are working on it!