ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

2015-12-01 17:52:37


--On Tuesday, December 01, 2015 21:10 +0000 Richard Clayton
<richard(_at_)highwayman(_dot_)com> wrote:

...
If you want to have very limited data in your email header
fields then you should look at the systems that you operate
yourself and clean up the information at that point. You'll
probably get a poorer delivery experience when sending to MAGY
and others -- but that's your tradeoff.

Or one can look at a slightly different question for which
"operate a mail system oneself" it, itself, a privacy compromise
(or an optimization that favors different concerns)

I actually think this is the key to at least one part of the
issue.   Many of us with current or historical experience
operating mail systems of assorted sizes and complexity are
hearing the current questions and charter draft as "how do we
weaken the way mail works in order to get some additional
privacy about location?"  As Stephen points out, such questions
cause fairly several allergic reactions.   Any results that
require protocol (or required value) changes would also
encounter (at least for MUAs other than webmail variations) the
extremely slow deployment and adoption times for such changes
and a different sort of allergic reaction.  Suppose that,
instead, the question was closer to: "if a user had a serious
desire to protect her location, especially against pervasive
surveillance by state actors and too-curious message recipients,
how would she do that with existing systems?"  One answer is
that she would sign up for a mail account with whichever of MAGY
(or MASYF) seemed least inclined to report client/user location
information and, ideally, had the maximum number of her
correspondents.   She would, of course, conceal her actual
identity and normal locations from them, perhaps by choosing a
clever user identity but if necessary by lying.  

Presto: very little location information would be disclosed and
SMTP requirements would largely be a non-issue.  One might have
to address the question of whether one trusted MAGYF more or
less than a curious and overly-intrusive government, but wasn't
the question.

     john



_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

<Prev in Thread] Current Thread [Next in Thread>