Enigmail did not encrypt email to recipients

&gt; These people may have heard about a rule that it is good to upgrade your system, so their TB and enigmail is upgraded (semi)automagically.<p>This type of user behaviour has been exploited by the security services many-a-time. If that&#x27;s who you&#x27;re up against then somewhat counter-intuitively the advice is actually to run &quot;old faithful&quot; encryption suites which have been verified and just keep an eye on the changelog for any actual security issues (ignore feature updates).<p>If you have automatic updates turned on, there&#x27;s nothing stopping them from MiTM-ling that and injecting a specially crafted (malware) version which will allow them to decrypt the traffic without you knowing (or just send them the private key(S)).<p>Now before you say &quot;but the executable is signed!!!&quot; well that&#x27;s grand, but these guys have a CA in your certificate store. So they can generate fake certificates at a whim.<p>This logic also extends to any automatic updates on your system (e.g. Mac OSX system-updates have been exploited before in this way). A lot of software will download updates then run the &quot;installer&quot; in ring 0 (root). Even if you trust the source of the updates, do you trust all of the CAs in your CA store? I certainly do not.

I use enigmail because it&#x27;s an easy way to generate a bit more PGP signed&#x2F;encrypted traffic, which is a good thing.<p>If it was important, I would probably encrypt on the command line, on a more trustworthy device than my regular PC.<p>Also, I haven&#x27;t checked, but I have a suspicion Thunderbird saves unencrypted drafts to the server while you&#x27;re composing.

And this is why us financial people have our own secure messaging services that don&#x27;t touch email systems other than for notification...

In the comment that person says:<p>&gt; I understand your anger, but this is a volunteer. It seems obvous to me too that he messed up because the latest version is broken for me too. but let&#x27;s cut him a little slack<p>I also don&#x27;t agree. This project is featured on the homepage of add-ons list and I bet thousands of people rely on it. That&#x27;s not how things work, software should be tested. <a href="https://addons.mozilla.org/en-US/thunderbird/" rel="nofollow">https:&#x2F;&#x2F;addons.mozilla.org&#x2F;en-US&#x2F;thunderbird&#x2F;</a>

Regarding e-mail encryption I am really anticipating Lavaboom to kick off <a href="https://www.lavaboom.com/en/" rel="nofollow">https:&#x2F;&#x2F;www.lavaboom.com&#x2F;en&#x2F;</a>