Krzysztof Jurewicz is a user on You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Krzysztof Jurewicz @KrzysiekJ

There is an article advocating that that “The only safe is text-only email” ( ). Why don’t the authors advocate also that “the only safe web page is text-only page”?

Perhaps the real issue is the verification of message authenticity, not the format used. If I cannot trust that an email originates from, let’s say, my bank, then why should I bother reading it and potentially following links at all?

@KrzysiekJ well that's kind of two parts... The most safe web page *is* a text-only web page 🙂
CDNs have been known to be pwnd in order to send out malicious javascript here and there. Text can hardly be malicious by itself (although there have been cases of exploits through font rendering, but I'd still count those as quite exotic).
Plain-text however is very "unappealing", thus the argument for it, no matter how strong or good on any axis, will always fail at "people don't like it"

@KrzysiekJ on the note of the article though, it starts of by saying that "users should not click on stuff" is bad. Then goes on stating we should "stop giving users the option to click on stuff" by using text only mail 😄

@kunev A text-only page is the safest page in a sense, but it’s somewhat like stating that staying at home is the best way to not be hit by a truck. :)

@KrzysiekJ there are different degrees to it. It really depends on what you want to achieve. To extend your parallel, requiring megabytes of js for a website that should ultimately shows news in text format, is like saying you need to drive a truck in order to go to the corner store and buy a loaf of bread. Trucks are cool, but there are lots and lots of things they are not required for and might even actually be harmful when used in such cases 😄

@KrzysiekJ but big fancy trucks with horns an flames painted on the side are far more cool than walking those 50 meters to the store and carrying your loaf of bread in a bag on the way back.

Now when you're doing things that in essence are visual and interactive, like games or some fancy data visualization, obviously plain text gets you nowhere 🙂


But also email clients tend to be less secure than browsers, and people tend to be more trusting of outlook than chrome.

Are there even any good PGP supporting desktop clients anymore?

@ajroach42 That’s roughly what I’m pointing at. Email clients are used in a less secure way, hence in a typical setup it is difficult to authenticate message. This seems to be a bigger problem than format, as once I trust the sender, I may care less about links (similarly as I would treat them when browsing trusted web resource).

Thunderbird once had the extension named Enigmail. I would bet that it still works.