In the Email Security article, an e-mail subject not being encrypted by PGP should be much more prominently mentioned, rather than buried in the Metadata section. Subject is not metadata, it is often a distilled version of the message itself, or at least usually contains significant amount of information.
I would expect a big red box in the “Email Encryption Overview”, not a minor mention in the Metadata section.
I feel like this is highly debatable. It depends on how you use email for private and sensitive correspondance and what you write in your subject line.
Why exactly?
What a coincidence. I tried PGP for the first time today. Trying to get around it. Got to know about the subject not being encrypted. And then I got this post in my feed… Something spooky is going on.
It depends on how you use email for private and sensitive correspondance and what you write in your subject line.
Yes, exactly.
Why exactly?
So that people are aware and don’t put anything sensitive into the subject line, feeling a false sense of security. Again, normal people don’t expect an encrypted email would have unencrypted subject. Most people would not consider the subject to be metadata, if they use it as summary of the message in they normal daily use. It’s a quite nasty foot-gun for people who don’t research these things in depth and just rely on the guides.