Beware of Thunderbird 78 attaching keys

From: team at schleuder.org
Date: Wed Oct 14 15:31:22 CEST 2020

A non-text attachment was scrubbed...
Name: not available
Type: text/rfc822-headers
Size: 49 bytes
Desc: not available
URL: </pipermail/schleuder-announce/attachments/20201014/b4c37de9/attachment.bin>
-------------- next part --------------

This is a warning about Thunderbird version 78 and later versions:

Please be aware that since version 78, Thunderbird by default attaches
your public key to every outgoing, signed email. With normal emails this
is not a problem. With emails to a schleuder-list that contain X-RESEND
it’s different though: it reveals the public key of the actual sender,
which probably leaks information about your email address and maybe name
to the recipients.

To prevent that, please de-select Attach My Public Key from the
Options-menu in each X-RESEND email.

As of now there is no option to generally disable attaching your key. It
has already been wished for [1], though.


[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1654950
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: </pipermail/schleuder-announce/attachments/20201014/b4c37de9/attachment.sig>