Anyone who actively wants their email communication to be secure and private — and uses common email security plugins — should take notice.
Those security plugins for email apps Apple Mail, Thunderbird, and Outlook may not be secure after all, according to the Electronic Frontier Foundation (EFF) referring to a paper by security researchers at the Münster University of Applied Sciences.
Those plugins include Enigmail for Thunderbird, GPGTools for Apple Mail, and Gpg4win for Microsoft’s Outlook. According to the security researchers, emails encrypted by these plugins, and any other plugins that use the “PGP” or “S/MIME” encryption standards can be easily decrypted.
Google’s Gmail isn’t that much better, as it also uses PGP encryption, according to a Wired report from February 2018.
If you use a plugin with PGP or S/MIME encryption, the EFF suggests you remove them from your email app, and that you use a different service that offers better encryption and security if you want to send highly sensitive information over the internet.
Unfortunately, these apps that offer better security than email are all quick messaging platforms, which means you don’t get all the features and organization you’ve grown accustomed to with Apple Mail, Outlook, or Thunderbird.
The EFF isn’t suggesting that you permanently switch over to one of these secure messaging apps. In its blog post, the EFF said “These steps are intended as a temporary, conservative stopgap until the immediate risk of the exploit has passed and been mitigated against by the wider community.”
Check out some messaging services that offer robust encryption to your messages: