Enigmail leaks too much metadata

OpenPGP addon for Mozilla Thunderbird

Brought to you by: pbrunschwig

#250 Enigmail leaks too much metadata

Status: invalid

Owner: nobody

Labels: None

Found in Version: 1.6.0

Severity: Minor

Thunderbird version:

GnuPG version:

Operating System: All

Fixed in version: ---

Cc: nobody

Updated: 2014-02-06

Created: 2014-02-06

Creator: Sven Neuhaus

Private: No

When I use enigmail, it adds some extra headers and comments by default to my outgoing emails that are not required but reveal information about the software and the version numbers in use.
This makes it easier to launch targeted attacks against me.
I can disable all these headers manually, but as a security software, Enigmail should be more secure/less revealing by default.

a) The "X-Enigmail-Version:" mail header
b) for GPG signatures, the comment line: "Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/"
c) Enigmail should suppress the GPG Version line by default

Discussion

Ludwig Hügelschäfer - 2014-02-06

status: open --> invalid
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ludwig Hügelschäfer - 2014-02-06

This is a duplicate of bug 216 (https://sourceforge.net/p/enigmail/bugs/216/). Please join the discussion there.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Enigmail leaks too much metadata

OpenPGP addon for Mozilla Thunderbird

Searches

Help

#250 Enigmail leaks too much metadata

Discussion