It's somewhat concerning that they have been a bit quiet about the whole thing
on twitter, etc. since there is a hackernews discussion about this and it's
making something of a noise.

On 24/11/16 14:46, Jaromil wrote:
>
> hi Mike,
>
> On Thu, 24 Nov 2016, Mike Gogulski wrote:
>
>> via fb
>
>
> I'm not sure the news is correct, best verify further. asked around
> and the canary is not really often updated anyway, see:
>
> https://web.archive.org/web/20160201074410/https://help.riseup.net/en/canary
>
> https://web.archive.org/web/20160225021349/https://help.riseup.net/en/canary
>
> https://web.archive.org/web/20160423135442/https://help.riseup.net/en/canary
>
> https://web.archive.org/web/20161124052224/https://riseup.net/en/canary
>
> https://riseup.net/en/canary
>
> https://web.archive.org/web/20160202175659/https://help.riseup.net/en
>
>> 4) Remember that while some providers may encrypt emails once
>> received on their server, all email is basically sent unencrypted
>> between servers. Every email is a postcard, readable by nearly
>> everyone. Unless you and the person you're corresponding with use
>> PGP. So use PGP. Links to tutorials in the comments.
>
> while I agree everyone should use PGP (and those who already do should
> have a look at opmsg!) I must say this information is not correct, as
> on SMTP servers we have a layer of TLS encryption via the ESMTP
> protocol which is basically implemented on all major servers and for
> sure implemented by riseup, resist.ca, aut/inv etc. so email does not
> travel in clear if one uses TLS to connect to the SMTP and then the
> SMTP between themselves use ESMTP which is very very often the case.
>
> nevertheless, use PGP! because emails stored in clear on an IMAP or
> POP server are pretty vulnerable to tapping.
>
> ciao
>
>
>
>