Email Clients

Encrypting your emails with PGP can end up being pointless if your email client leaks information or allows your end device to be attacked.

If someone sends you a physical letter and you would prefer that the contents remain private then you would find a private place to open it. You won't open it in a busy place full of curious people. If you would like to hide the fact that you have received and read the letter then you would need to find a place where you can be sure you will not be observed at all. Once you are aware of the contents then the level of required security might decrease. It might increase.

The problem is fundamental. You don't know how to treat a message before you have seen it.

Email clients do not always provide a safe space where you can make decisions about your emails. Without explicit permission from the user, an email client should never, ever:

Sufficient information must be provided to allow the user to make good decisions. An email client should provide all relevant information:

A preview pane should be just that, a preview. If the user wants to see the email in its full glory then they should have to take some sort of an action.

PGP FAN index