Pages: 1
RSS
Privacy issue when GnuPG-encrypted messages have BCC recipients, BCCs are included in the encryption list along with other recipients
 
When using OpenPGP encryption on a message that has some BCC recipients, a single copy of the message is encrypted to all recipients including the BCCs. This reveals the existance of the BCCs to each other and to the rest of the recipients. And the fact that most OpenPGP keys have user-IDs containing names and email addresses means there is little point using BCC.

Two examples of an email client that does it differently:-

1. KMail encrypts an individual copy for each BCC recipient.

2. Pegasus Mail with the QDPGP plugin encrypts an individual copy for each recipient of any message encrypted to multiple addressees,be they To, Cc or BCC.

I have logged this issue at <https://bt.ritlabs.com/view.php?id=627>, in case anybody wants to add
anything there.
Edited: mfpa - 13 December 2014 15:44:11
Pages: 1