How to defend your encrypted emails against prying eyes
In May, a draft technical paper published at efail.de recommended that people stop using GPG plugins to encrypt their email. At the same time, the Electronic Frontier Foundation (EFF) raised the alarm about seemingly new vulnerabilities in GPG (GNU Privacy Guard), echoing the paper's cautionary recommendations. Others further reduced this recommendation to a simple shorthand: stop encrypting your email, because it isn't safe. (EFF has since modified its recommendations, depending on the mail client and GPG plugin you use, and with caveats that match some of the suggestions we'll make here.)
Much of this information isn't new. The issue isn't a flaw in GPG, and there is no need to panic or discontinue using GPG, including for signing emails or for encrypting and decrypting files outside of your email client. Here are the facts:
The EFAIL paper describes several methods of attack: "EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs." The attacker accesses the encrypted emails, "by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago." The attacker changes the encrypted email, sends it to the recipient, and if the recipient's mail client decrypts that message and automatically loads any external content, or users click on HTML links, the plaintext of the email is visible to the attacker.
Werner Koch, principal author of GPG, describes the situation here. Calling the warnings to discontinue using GPG "overblown," Koch points out that the real issue is that HTML in emails can be exploited. This is not a bug in GPG.
Let's work together to make email safer!
This information has been available for a long time, but bears repeating: if your mail client renders HTML or automatically loads images and other remote media, you are more vulnerable. Not only do the EFAIL exploits take advantage of HTML in email, HTML in your mail client can allow others to track you. Exploitation of this flaw could be as simple as seeing whether you have read a particular email, or as damaging as defrauding you, perhaps by pretending to be your bank or another merchant you do business with, leading you to provide personal information or payment to an attacker.
You are better protected if your mail client does not render HTML or auto-load images and other remote media. Additionally, do not click links in HTML emails directly -- copy and paste them so that you can see what they are first, and if they are obfuscated or shortened links, don't visit them unless you are very confident in the source. It is important to encourage your peers to follow these practices, too, because EFAIL attacks can affect you in spite of the precautions you've taken, if somebody who is CCed on the email hasn't taken the proper precautions.
Also, be sure your mail client, or any encryption plugin you use, is resistant to this exploit. For example, Enigmail, a GPG plugin that works with Thunderbird, was updated shortly after the EFAIL report became public, and an explanation of changes made can be found here -- note that Enigmail recommends disabling HTML rendering, too. Seek out information on how your mail client or encryption plugin is addressing this situation, and email us at campaigns@fsf.org to share what you find. We may link that information here.
For now, rather than giving up on encryption, take the time to check in with people you want to exchange emails with. Start by sending the person you want to email a cleartext message saying:
I'd like to send you a message using GPG, but first I want to make sure that you've updated your version of Enigmail, due to the potential for exploitation of flawed encryption clients described here: https://www.efail.de/. Can you confirm that? Also, disabling HTML and remote loading of media in your email helps avoid email exploitation: https://www.fsf.org/blogs/community/how-to-defend-your-encrypted-emails-against-prying-eyes. If everybody takes these steps to make their own email safer, we'll all benefit from safer communications. Thanks for helping ensure that our emails stay private.
This kind of attack only works when the attacker is targeting you individually or if you are writing to someone who is targeted and is using an unpatched mail client. If you have reason to believe you, as an individual, could be targeted, you may need to take additional measures besides those described here. But for most people, it still makes sense to use GPG encryption to dramatically reduce the likelihood that any attacker can read your email, and to help boost the overall amount of encrypted email traffic on the Internet -- a tactic that helps protect whistleblowers, journalists, and others whose email traffic is likely to be targeted for exploitation.
Do you want to start encrypting your email, but aren't sure where to begin, or help friends get started for the first time? We've created Email Self Defense to guide you as you get started with GPG encryption. The guide is kept up to date with responses to concerns like those raised in the EFAIL report, to ensure that you know exactly how best to keep your email communications safe.
Want to support free software? You can make a donation or join the Free Software Foundation as an associate member.