
I began testing PGP a few days ago ( I'm a PGP newbie ) and I found that it gives out the key ID of an encrypted message . From this you can get the identification of the recipient of the message , if it's someone who has publicaly distributed his key (keyserver , homepage ...) . So even if you are unable to decode the message you can find who is the recipient of a given message . I think this is a big privacy problem . The problem is carried along when you encrypt a message for multiple recipients , you get the key IDs of all the recipients and same problem as above . I think something like 'blind email copy' should be used , because the recipients don't have to know the identity of each other . Comments from long time PGPer will be welcome