The Only Safe Email is Text-Only Email

Sergey Bratus, Research Associate Professor of Computer Science, Dartmouth College, and Anna Shubina, Post-doctoral Associate in Computer Science, Dartmouth College write: The real issue is that today's web-based email systems are electronic minefields filled with demands and enticements to click and engage in an increasingly responsive and interactive online experience. It's not just Gmail, Yahoo mail and similar services: Desktop-computer-based email programs like Outlook display messages in the same unsafe way. Simply put, safe email is plain-text email -- showing only the plain words of the message exactly as they arrived, without embedded links or images. Webmail is convenient for advertisers (and lets you write good-looking emails with images and nice fonts), but carries with it unnecessary -- and serious -- danger, because a webpage (or an email) can easily show one thing but do another. Returning email to its origins in plain text may seem radical, but it provides radically better security. Even the federal government's top cybersecurity experts have come to the startling, but important, conclusion that any person, organization or government serious about web security should return to plain-text email (PDF).

This is news??

[JohnFen]

We've known this for many years. It's why the first thing I do with any mailreader is disable HTML.

That's no even safe

[Trailer+Trash]

Email my mother a plain text email that says "Your Adobe Flash is out of date, copy this link into your browser to update it" and she's probably going to do it. The only safe computer for her is something like a commodore 64 without internet access.

Re:Text-only Email safe?

[hord]

I have no problem rendering unicode on my terminals. Unicode doesn't have to do with text/binary. It has to do with font support. Either you need a console font that supports the code points you use or whatever set of X/gui fonts for your graphical terminals.

As an example of this, I just downloaded Homer's Iliad and Odyssey in the original greek encoded as UTF-8. I can edit the files in vim just fine and dumping them to my terminal works as well. You can pull one up here:

http://carbon.cc/~jhord/Homer/...

If that works you have plain-text unicode support in your browser.

case against unicode

[DrYak]

Though I personnally agree with you (unicode, specially UTF-8, is way too useful for users of language that don't fit inside ASCII)...

Why not Unicode?

Google Zalgo

Unicode is extremely complex, and although it's not a turing-complete language, it can already be abused a lot to pretty much fuck up any layout.

(e.g.: When Slashdot didn't block them in the subject line, it was possible to abuse "text direction" marker to actually put arbitrary text on the right side of the subject. I.e.: write a troll flamepost with a title that could add "(Score: 5, Insightful)" right on the place where the actual scoring would normally go)

(e.g.: Zalgo text, where diactirics (extra accents on characters) and other such decoration is progressively used on text to make a complete unreadable mess of it)

etc.

Lots of potential abuse, so that's why /. which is primarily a english speaking site will severly limit unicode use (and English itself is a language that can possibly be written by using exclusively ASCII - e.g.: by ignoring the rare word where characters could be optionally accented).