On 12/01/2015 06:59 PM, Ted Lemon wrote:
Tuesday, Dec 1, 2015 6:52 PM John C Klensin wrote:
instead, the question was closer to: "if a user had a serious
desire to protect her location, especially against pervasive
surveillance by state actors and too-curious message recipients,
how would she do that with existing systems?"
John, I think that I already explained why this isn't a good question to ask. We don't
want privacy just for people who think in advance, "hm, email in general isn't
private, and I know that I am going to need privacy, so I will use this other service in
order to gain privacy." We want the email to already have been private when the
need for it to be private arises, without the user who needs this privacy having a mental
model that would allow the aforementioned questions to be asked, to say nothing of being
The reality is that if the user wasn't already conscious of their
privacy and striving to preserve it through continuous vigilance,
they've already completely outed themselves.
For example, if you're expecting to use a nicknamed gmail account, that
email conversation with Amazon with your credit card info or Facebook
with your real name last year, has outed that gmail account forever -
gmail hides received lines remember?
It's far better to train them in the reality of what they need to do to
preserve their own privacy, than the impossibility of trying to
privacy-protect everything (and still have something anybody wants to use).
ietf-smtp mailing list