Thunderbird wiki if we need to upgrade the instructions without the need of enigmail plugin there are 2 ways to do that:
1- Ether use Thunderbird internal OpenPGP
2- Or use external tool
first method is maybe more convenient since its all happening within the same application but the downside of having this feature is efail and snowden recommended against that and better using external tools to do the encryption
Second method less convenient but its what recommended to be used. In our case GPA is shipped by default within whonix.
So which one we should add and upgrade the wiki with?
Was a bug in enigmail that was patched and may very well be accounted for with the new TB crypto implementation. Instructions should direct users to Thunderbird which has the best usability. Stuff is hard as it is.
Short term: No decryption in email client. The best way to prevent EFAIL attacks is to only decrypt S/MIME or PGP emails in a separate application outside of your email client. Start by removing your S/MIME and PGP private keys from your email client, then decrypt incoming encrypted emails by copy&pasting the ciphertext into a separate application that does the decryption for you. That way, the email clients cannot open exfiltration channels. This is currently the safest option with the downside that the process gets more involved.
And snowden he said it in one of his videos on youtube.(i need to dig into too many hours to find it but efail attack enough to explain)
There’s some interesting material that is worth integrating or covering. We should mention the benefits of updating UEFI if possible on the system. Not trusting preloaded OSs no matter what, even if they are a pre installed Linux. The fact that grub now supports encrypted boot partitions AFAIK (not in there but inspired by chapter heading).
This enhancement might be useful to mention in the chat section. Basically people can use OnionShare 2.3 to set up an onion address for secure E2E chats.
The main benefit is users can have anonymous chats without needing to set up any accounts e.g. “… a whistleblower can send an OnionShare address to a journalist using a disposable e-mail address, and then wait for the journalist to join the chat room, all without compromising their anonymity.”
Another major new feature is chat. You start a chat service, it gives you an OnionShare address, and then you send this address to everyone who is invited to the chat room (using an encrypted messaging app like Signal, for example). Then everyone loads this address in a Tor Browser, makes up a name to go by, and can have a completely private conversation.
If you’re already using an encrypted messaging app, what’s the point of an OnionShare chat room? It leaves fewer traces.
If, for example, you send a message to a Signal group, a copy of your message ends up on each device (the devices, and computers if they set up Signal Desktop of each member of the group). Even if disappearing messages is turned on it’s hard to confirm all copies of the messages are actually deleted from all devices, and from any other places (like notifications databases) they may have been saved to. OnionShare chat rooms don’t store any messages anywhere, so the problem is reduced to a minimum.
OnionShare chat rooms can also be useful for people wanting to chat anonymously and securely with someone without needing to create any accounts. For example, a whistleblower can send an OnionShare address to a journalist using a disposable e-mail address, and then wait for the journalist to join the chat room, all without compromising their anonymity.
Because OnionShare relies on Tor onion services, connections between the Tor Browser and OnionShare are all end-to-end encrypted (E2EE). When someone posts a message to an OnionShare chat room, they send it to the server through their E2EE onion connection. The OnionShare server then forwards the message to all other members of the chat room through the other members’ E2EE onion connections, using WebSockets. OnionShare doesn’t implement any chat encryption on its own. It relies on the Tor onion service’s encryption instead.