Hector Martin

IMO, because active content in e-mails is an ancient horse that has been beaten to death and the fact that this is *still* a problem just demonstrates a pervasive failure of email clients to take privacy seriously, PGP completely aside.

This isn’t just about active content. It’s about the fact that active content can be subtly and comprehensively inserted into encrypted emails using very sophisticated cryptographic techniques, AND that content can be made to exfiltrate other encrypted portions of the data.

The root causes here are various, but one of them is active content in general. Another is the lack of MACs in PGP (originally). Another is that apparently it's 2018 and people are still not checking error codes. Another is that PGP mail is a patchjob of pseudo-standards.

All of these flaws (still) exist in 2018 because nobody thought they were comprehensively exploitable together. Now they’re being fixed. This is a good outcome.

Wouldn't it have been great if they'd bothered to follow up with the mitigations and tested the exploit again and confirmed what was fixed and wasn't. Then we'd still have the same outcome, minus the panic reaction and confused, FUD-filled media coverage.

I’m recommending people delete Signal Desktop until we can be sure it’s fixed. Is that bad advice or “FUD”? You are literally arguing against being cautious with encrypted messaging tools.

I'm not arguing against being cautious, I'm arguing against *not doing the damn research* to figure out the facts before stirring up a media shitstorm. If we really *couldn't* know then being cautious is warranted, but we *can* and they were just lazy.

As we just saw with Signal Desktop, initial fixes to vulnerabilities are often insufficient and new ones are often found soon thereafter. You didn’t answer my question, but turns out I was right in practice to suggest caution.