So my major lesson learned from the #gpg/#pgp thing today is not to trust warnings by EFF in the future – while parts of their warning were factually correct, they were baiting for attention in annoying and unhelpful ways.
This culture of publishing exploits and issues in a publicicty focused way is disturbing. I had hoped the EFF was beyond this needless hyping of vulns. Apparently not.
A part of their information strategy is that they recommended to stop using #GPG/#PGP over stopping the mail client from rendering HTML (or loading external sources in HTML). That's disturbing.
(Also that they let themselves be roped into a publicity campaign.)
@natanji I get where you're coming from, and I wouldn't want to recommend *only* no-HTML as a solution as it wouldn't be practical for many, but mentioning alternatives would have been more honest. Especially since disabling external resources in HTML mostly leaves HTML mails very readable, and only without a logo and large ad image missing somewhere.