I’m reading the man page and looking for the place where GPG instructs users not to render plaintext if an MDC isn’t present on a message. Can someone help me find it?
"Don't provide code execution, network access, and read access to private data to third parties" is a lot more fundamental.
-
-
There are almost surely vulnerabilities using these same underlying HTML+DOM+JS crapware layer *design flaws* in HTML email clients that have nothing to do with crypto.
-
Find them and report them.
-
I'd rather just throw out ideas and let someone with interest find and publicize them. To me, the whole architecture is a design flaw and the right solution is "don't use HTML+DOM+JS-based mail clients, instead strip HTML mail down to plain text with dumb filters".
-
I think the 1,000 Angriest Unix Sysops Brigade has opinions about HTML email that differ starkly from the other 7.6 billion people in the world.
-
It's just a matter of knowledge. If you sat down a random sample of those 7.6 billion and explained the privacy & safety implications of badly-designed HTML mail, something like 75-95% would be quite unhappy.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.