Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Only Safe Email is Text-Only Email (theconversation.com)

Posted by msmash on from the modest-proposal dept.

Sergey Bratus, Research Associate Professor of Computer Science, Dartmouth College, and Anna Shubina, Post-doctoral Associate in Computer Science, Dartmouth College write: The real issue is that today's web-based email systems are electronic minefields filled with demands and enticements to click and engage in an increasingly responsive and interactive online experience. It's not just Gmail, Yahoo mail and similar services: Desktop-computer-based email programs like Outlook display messages in the same unsafe way. Simply put, safe email is plain-text email -- showing only the plain words of the message exactly as they arrived, without embedded links or images. Webmail is convenient for advertisers (and lets you write good-looking emails with images and nice fonts), but carries with it unnecessary -- and serious -- danger, because a webpage (or an email) can easily show one thing but do another. Returning email to its origins in plain text may seem radical, but it provides radically better security. Even the federal government's top cybersecurity experts have come to the startling, but important, conclusion that any person, organization or government serious about web security should return to plain-text email (PDF).

3 of 174 comments (clear)

  1. This is news?? by JohnFen · · Score: 3, Informative

    We've known this for many years. It's why the first thing I do with any mailreader is disable HTML.

  2. That's no even safe by Trailer+Trash · · Score: 4, Informative

    Email my mother a plain text email that says "Your Adobe Flash is out of date, copy this link into your browser to update it" and she's probably going to do it. The only safe computer for her is something like a commodore 64 without internet access.

    --
    Do you have ESP?
  3. Re:Text-only Email safe? by hord · · Score: 3, Informative

    I have no problem rendering unicode on my terminals. Unicode doesn't have to do with text/binary. It has to do with font support. Either you need a console font that supports the code points you use or whatever set of X/gui fonts for your graphical terminals.

    As an example of this, I just downloaded Homer's Iliad and Odyssey in the original greek encoded as UTF-8. I can edit the files in vim just fine and dumping them to my terminal works as well. You can pull one up here:

    http://carbon.cc/~jhord/Homer/...

    If that works you have plain-text unicode support in your browser.