Unpacking things a bit: the advice is to disable *automatic* decryption of *e-mail*.
This implies there is a way to exploit automatic e-mail decryption as an oracle that leaks information about your keys back to the attacker.
So there must be a side-channel back to the attacker. My guess is the channel is MDNs (read receipts) or exploiting HTML mail in some way.
If so, #Mailpile is not vulnerable. But I'm only guessing - time will tell.
Pues justamente hoy no es el mejor momento 😂
"Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email".
collegotas.. no es PGP que esta mal.. lo problema es lo software que desencripta PGP con HTML!
F*** EFF, i wont take'em seriously anymore... 😡 😡 😡
"They figured out mail clients which don't properly check for decryption errors and also follow links in HTML mails. So the vulnerability is in the mail clients and not in the protocols. In fact OpenPGP is immune if used correctly while S/MIME has no deployed mitigation."