#889 WKD privacy issues / information disclosure

[Ben Fuhrmannek]

Enigmail tries to lookup missing keys via WKD if configured by Enigmail preferences and Gnupg respectively. (The default configuration is to allow WKD.) This lookup occurs during email composition in the background and without user notification. Receiving parties can check their web server log files for access to their keys by searching for the predefined pattern '.well-known/openpgpkey/hu/', thus knowing which IP address accessed a specific key and when the key was accessed.

This is a serious privacy issue. Users do not expect their potential recipients to know that an email is being composed.

Enigmail tries to retain some privacy by allowing only one lookup request in 24 hours.

Steps to reproduce:
Enter a new recipient email address into the composing window's 'To:' field and observe outgoing DNS and HTTP requests.

Recommendations:

• The user should be notified before sending any requests.
• Key lookup should be done after pressing 'Send', not before.
• It should be possible to disable WKD in Enigmail preferences.

[Patrick Brunschwig]

you can use the option extensions.enigmail.autoWkdLookup from the config editor for this purpose.

[Yahe]

@pbrunschwig Why is this bug considered "invalid" when the issue creator even recommended on how to improve the current situation? extensions.enigmail.autoWkdLookup seems to completely disable the WKD lookup which is not what the issue creator proposed.