Paranoia - A Thunderbird addon for surfacing Received: encryption info

Discussion in 'other software & services' started by TheWindBringeth, Jul 19, 2014.

Thread Status:
Not open for further replies.
  1. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    I recently learned of this:

    https://addons.mozilla.org/en-US/thunderbird/addon/paranoia/
    https://github.com/gjedeer/paranoia

    It parses email headers, looking for Received: line info that reflects encryption, and displays a graduated happy/sad face based on how many exchanges appear to have been encrypted. The face can be clicked on for summary info. I think there are some issues...

    - Systems which use encryption but don't insert the header information
    - Detection logic appears to need improvement
    - Reporting could be improved to surface more info where available (ciphersuite, verify, ...)
    - Received lines are inserted by receiving systems and thus encryption information for sent messages can't be bubbled up to the user via this approach (remember that).
    - Server certificates often aren't verified and self-signed certificates are pretty common, so you have to factor that in.
    - Emails can be compromised via the server(s) rather than the connection between servers too.

    I do like the idea of email clients surfacing more info though! Such projects would seem to have potential.
     
    TheWindBringeth, Jul 19, 2014
    #1
  2. tlu

    tlu Guest

    Nice find - thanks!
     
    tlu, Jul 19, 2014
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...