Enigmail no longer displays unencrypted part of message
OpenPGP addon for Mozilla Thunderbird
Brought to you by:
pbrunschwig
Menu
▾
▴
The behaviour of Enigmail has changed recently. Now once a message is automatically decrypted only the decrypted part is displayed. The previously visible unencrypted part is hidden from view.
How can I go back to the old behaviour.
You can't. The mixture of unencrypted and encrpyted message parts has to be considered insecure, because you can't reliably distinguish between encrypted and unencrypted message parts.
See bug [#983], [#984] and [#985]
Related
Bugs:
#983Bugs:
#984Bugs:
#985Thank you for the prompt and helpful reply. A button to switch beween the two wouldn't be a horrible idea would it?
No, I that can't do that. If you don't want the message to be decrypted (or verified) automatically, you can disable automatic decryption (via menu > Enigmail). You can add a button to the toolbar to manually decrypt messages in this case. But I won't add a function to enable an unsafe operation mode.
I've looked in "Add-ons", "Enigmail" and "Enigmail/PGP", "Options" but I can't find an option to disable automatic decryption even with expert settings turned on. Note that "Enigmail/PGP" actually has a wierd 3 bar character instead of the "G" on my PC.
Oh, I see - that's not "PGP", but "pEp" (Pretty Easy Privacy). The pEp mode does not have such an option. You need to enable the classical Enigmail mode, via menu Enigmail/pEp > Preferences > Compatibility. Select the option "Force using S/MIME and Enigmail". Afterwards, you can disable automatic decryption.
Hello,
I've also noticed this, and it's quite frustrating and renders enigmail hard to use properly.
I receive a number of mailing list emails, in digest format (Fulldisclosure mailing list, RHSA-announce mailing list, for example). This means there's an unsigned summary, then multiple "posts", each signed separately. Before the update, I could read the summary, as well as verify the signatures. Now, if "Automatically Decrypt/Verify Messages" is selected, the summary is dropped, meaning I have to turn it off in the menu to view the summary. A button would make this a lot easier to turn on/off rather than have to go through the menu.
Thanks for your hard work.
Enigmail 2.0.11
TB 60.7.0
Ubuntu 18.04.2 LTS
I find this new "feature" extremely irritating and I spent quite some time "debugging" my Thunderbird/Enigmail setup.
It goes so far, as that when replying to a mixed signed/unsigned message, only my original (signed) message and not the latest (unsigned) message will be shown in the draft. By that Enigmail becomes pretty much useless and I rather refrain from signing my messages at all.
I think that the new behaviour is really annoying. I missed some content of mails recently because my customers just replied to my mails and I was only able to see what I wrote them in the past.
At least a BIG warning bar that notifies the user that enigmail dropped the unsigned part of the mail would be necessary.
I was not aware of these changes and spent quite a while to figure out what type of addon would drop parts of my mails. Never ever I suspected enigmail to do something as dumb as this wihtout a proper warning... arg
I still goes further... When replying to a mail with mixed (signed / unsigned) content I can only reply to the signed content. This is super annoying and as I can't disable this behaviour I think this is a bug.
I already disabled automatic decryption of mails. But I cannot disable it for the content of the new windows in which I'm going to reply...
Is there any other pgp/gpg plugin that I can use? This really brings me to the brink of just ditching this whole thing. At least I cannot recommend it anymore to anyone in the current state.
I'll improve this in the next version. But in general, I disrecommend inline-PGP. I really do.
While I understand the motive but the end result leaves this marginally useful. I believe you missed a critical point.
Yes I freak out when someone replys unencrypted since it opens the message to the public but hiding the response from me is absolutely the wrong way to deal with this and accomplishes nothing useful. I also agree that diplaying the response as if all was normal would be an error however once someone replys w/o encryption the damage is done regardless of how it's handled!
I would recommend highlighting the response text so it is clear it is unencrypted. Of course you can also add messsages at the top, hover messages, etc.
That's simply not possible in a reliable way. HTML and CSS allow so many dynamic modifications to what is displayed, that is impossible to determine at display time which part is encrypted and what is not.
The only thing I can do is to either display the message entirely unencrypted, or to only display the decrypted/verified message part. There is no both, and no in-between. That's why inline-PGP is not considered a good choice anymore.
I really really really recommend switching to PGP/MIME which does not have these issues.
Switching to PGP/MIME means that I cannot sign all my mails anymore. Because my customers without pgp cannot read my mails. And PGP/Mime support in Microsoft Outlook is also not the best.
PGP/Mime solves one problem and creates a lot more in a heterogeneous environment... :(
Why is that? I sign ALL messages for YEARS now using PGP/MIME. The times that MUAs like Outlook Express just displayed a blank page are long gone.
Hmm... my quick test (iPhone Mail, Horde Webmail, Gmail) supports your statement. When someone replies to a pgp/mime signed mail all the information about the "signedness" (is this a word?) of the original part gets lost, while it is still preserved in the pgp/inline method.
I'm trying to switch to pgp/mime an I will see how my customers react to it (some are still using outlook 2003/2010).
I'll provide feeback on different muas in the future.
Patrick, what you are saying is stop reading years of past communications. If Enigmail is so “reliable” that it stops being compatible with old emails, should I even trust it to be able to read my emails in the future? What guarantees that one day all my communications will be lost because Enigmail suddenly stopped supporting the old protocols without further notice?
If you really don’t plan to fix Enigmail for future emails, could you at least enable it back for the past communications? Or provide a tool to convert old emails to the new format that you established. Otherwise we have to stick to Enigmail 2.0.10 forever. Can you at least understand the distress of people who discovered that past emails aren’t shown anymore without any explanation, tried to debug it and explained here why this new “feature” is not for them. Thanks in advance for your understanding.
Again, please read my previous posts:
Patrick, PGP is already too complicated for many people. Most of my correspondents have never bothered to look into it because it’s beyond their understanding or their willingness to spend time on it. I’ve been a big proponent of it, but I’m vastly discouraged by their response. With such an answer, you are really allienating even honest users like the ones here. Instead of making it simple, you stubbornly make it so complicated that I won’t use the inconvenient method you put. Please look into how Protonmail or Whatsapp made it seamless and how, on the contrary, Enigmail has become a hassle that you have to manage instead on concentrating on the real content. Pleae be realistic and open your eyes. No one will use such a mess that sucks their time depending on each situation that you have to manage manually. I won’t add more to this, but I’m very disappointed and potentially stop adding hassles to my life.
Last edit: maison 2019-07-16
What do you expect? Enigmail is a tool about security. Not to fix a problem like this one is a clear no-go for a security-concerned tool. It is not possible in Thunderbird (or any mail client) to tell what is an old mail (in terms of a date) and what is a new mail. The date fields in the message come from the sender and can be spoofed very easily. In other words, it is close to trivial for me to send you an email that looks like it was created in the past.
So far, I have only heard complaints, but no suggestion for how to improve the current functionality. I'm open to ideas, what better options there may be. The only thing idea that doesn't work is to get back the old behaviour. That's simply not possible without undermining your own security.
Patrick, if you speak about spoofed email, please understand that hiding without the user’s knowledge some part of an email that is unsigned is also spoofing it. I simply don’t trust such a behaviour from Enigmail. What guarantees that it doesn’t or won’t hide something else? (without me having to manually double check with another tool, because I focus on the content, not on the tool – remember how easy Protonmail is to use instead).
As well as we all want perfect security, there are times when it’s not feasible. When we walk in the city, when we leave our homes, there is imperfect security and we cope with the risk. But imperfect security that is used is still much better than perfect security that isn’t used.
Let people choose between perfect and imperfect security, if that fits them better and if they take the risk temporarily. What is the risk when someone replied unencryptedly to an email that was PGP‐text signed and they left the signed part? None, because the email is already unencrypted and I still have a copy of what I sent.
As far as this thread went, no one pretended that this compatibility break is a good idea but the developper. The other contributers prefer to take some additional risk willingly. Why would they be forbidden from that? Some even consider discarding Enigmail than being imposed “perfect security” that doesn’t work for them !
As for ideas, people have suggested several possibilities to deal with it :
• So Rufus’ idea seems an acceptable one : “A button to switch beween the two”.
• Nicki’s minimalist request also : “At least a BIG warning bar that notifies the user that enigmail dropped the unsigned part of the mail would be necessary.”
• Another idea by Nicki : “I would recommend highlighting the response text so it is clear it is unencrypted. Of course you can also add messsages at the top, hover messages, etc.”
• My proposition was “provide a tool to convert old emails to the new format that you established (i.e. make all old emails compatible with the new format for the first time you run it, then you’re done forever and switch to the new format you recommend).”
• other ideas are welcome!
Last edit: maison 2019-07-22
Patrick, you asked for suggestions, I gave some to you, then you did nothing. You managed to make Enigmail incompatible with the most used software on other systems, like Mailvelope and K9‑Mail + OpenKeyChain, which only work well with Inline PGP. You still provide no solution to read my old emails. After using PGP for years and trying to spur normal people to use it, I have to concede that PGP is mostly a tool for psychorigid people.
I don't think you tried Enigmail 2.1 on Thunderbird 68. I improved the behavior as far as I could.
Excuse me, but K9 works very well with PGP/MIME, just like most other PGP compatible software. I use K9 regularly.
The only thing that really doesn't work is the combination of HTML and inline-PGP. But that's been the case since the first day of Enigmail.
I think it's time you change your impolite tone towards me. I work on Enigmail as a volunteer, and if people like you aggressively accuse me for things I do wrong in their eyes, then I will simply walk away. I can do better things than help people fix their issues.a