I wonder how I can be surprised to learn that #Mozilla's #Thunderbird collect telemetry infos (including your mail domain) and share them with partners such as #Amazon.

It's obvious they spy on your mails! 🤦‍♂️

Indeed, in case of crash, they even send to "their" #AWS servers a memory dump that contains sensitive data crash reports.

This likely include, your emails in clear, your private encryption keys¹ and everything else the program has loaded and kept in memory.

What does this means for an hypothetical attacker that can access such reports?

I mean... like a #USA agency arguing that you might be a terrorist or something.

Oh but sure... they shall do no evil...


#Privacy #Freedom #hypocrisy #Security #infosec

1) Since version 68, Thunderbird does not use the #GPG suite via #Enigmail, but directly do encryption "to avoid licensing issues" 🤷‍♂️

@rysiek @mala

Ja, die E-Mail-Infrastruktur hat es so an sich, dass sie dem Design nach nicht vom #SiliconValley abhängt, wo sich die #BigTech-Unternehmen aufführen wie digitale $Gott|heiten.

#AntiTrust #BreakUpBigTech

Show thread

The only thing billionaire space race demonstrates is that under late stage capitalism a single individual commands the same resources as entire nations.

Progress on PGPainless Development

Not much time has passed since I last wrote about my progress on the PGPainless library. However, I feel like its time for an update.


#encryption #java #openpgp #pgpainless #protocol #sop

My old employer, @OCCRP , published an interactive with names and stories of people "selected for targeting" with #Pegasus:

I was hoping investigative journalists start investigating malware vendors and APTs for years.

And I do hope that this project will lead to malware vendors and APTs thinking twice (or more) before they target a journalist or activist in the future.


A great piece on cryptography and email, specifically PGP/GPG.

QT nwalfield: New blog post: Yes, We Want Cryptographic Protection for Email sequoia-pgp.org/blog/2021/06/2 #pgp #gpg

This was a real scummy thing for Nintendo to do (even though they have done worse in the past). Nintendo Switch users need to read this.

@zpojqwfejwfhiunz "Nice version of Docker ya got here. Be a shame if someone was to… update it"

skipping Docker Desktop updates requires upgrading to Pro (starting at $5/mo)

#GnuPG 2.2.29 (LTS) is available. It has a few regessions from 2.2.28 fixed and changes the the default keyserver to keyserver.ubuntu.com (temporarily).
lists.gnupg.org/pipermail/gnup As you may know the old SKS keyserver network was attacked and withers out. The future is for wiki.gnupg.org/WKD and upcoming new keyserver software like hockeypuck. E.g. there are some candidate public keyservers you could try
lists.gnupg.org/pipermail/gnup #EndtoEndCrypto #FreeSoftware #EmailSecurity #FileSecurity

A philanthropist is someone who cuts off a village by building a dam only to hand out bottled water every other Sunday.

Perhaps there is no perfect way to convey how absurdly obscene it is that a single person can "have" over a hundred billion dollars.

But "You Are Jeff Bezos" is damn close:

Also, perhaps there is no perfect way to satirize #DonaldTrump.

My little parody of the aforementioned game is definitely not even close:

Part of the reason for the ICO’s fining of a charity was that it didn’t encrypt its email.

Thank goodness there are no proposals afoot to make it harder for people to use encrypted communi… oh, wait.


If the Internet was a highway, it would have roadblocks for all but three models of car.

For the record it’s possible to implement Double-Ratchet scheme using pure OpenPGP thus avoiding issues with libsignal: https://sequoia-pgp.gitlab.io/openpgp-dr/openpgp_dr/index.html

RT @pEp_Community@twitter.com

#10vor10 thematisiert das Problem von Spear-Phishing als #CEOFraud - signierte & verschlüsselte Mails helfen!

Freie Software für automatische Mailverschlüsselung (Android, iOS, Outlook & Thunderbird): 👉 pep.software

Artikel @pepsecurity@twitter.com: 👇

🐦🔗: twitter.com/pEp_Community/stat

@nwalfield Services started during the mobile first era take the approach of replacing e-mail with phone number as a trust anchor.
While appealing at a first look, this is horrible in all aspects related to pseudonymous identity management or protection against nation state adversaries.

Show older

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!