[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

2015-12-01 20:55:27
Tuesday, Dec 1, 2015 8:43 PM Chris Lewis wrote:
The reality is that if the user wasn't already conscious of their privacy and 
striving to preserve it through continuous vigilance, they've already 
completely outed themselves.

For example, if you're expecting to use a nicknamed gmail account, that email 
conversation with Amazon with your credit card info or Facebook with your 
real name last year, has outed that gmail account forever - gmail hides 
received lines remember?

I think you are misunderstanding the reasoning behind hiding the IP address in 
the received header.   It is not because the IP address associates the email 
address with your identity.   In all likelihood, the email address is very 
strongly associated with your identity, as you say.   One of the primary uses 
of email addresses _is_ to establish an identity, after all.

The purpose of obscuring the IP address is to avoid an association between the 
_IP address_ and your identity.   This accomplishes several useful privacy 

- If you regularly post to a public mailing list, as we both do, nobody can 
scrape the mailing list for Received headers and figure out whether or not I am 
at home, in order to find an opportune time to break into my home.
- If you post to a public mailing list, that doesn't reveal information about 
where you live to people who might want to harass you.
- An MiTM attack on your email service provider that prevents TLS encryption of 
your mail will not give the attacker information linking your identity to 
specific IP addresses.

Whether these are issues that we need to be concerned about it certainly 
something we can debate.   I definitely agree that _just_ obscuring the IP 
address in the Received header isn't enough to protect you.   But if it's not 
obscured, that's definitely enough to out you.

It's far better to train them in the reality of what they need to do to 
preserve their own privacy, than the impossibility of trying to 
privacy-protect everything (and still have something anybody wants to use).

This is literally impossible.   We don't demand that airline passengers take 
part in making sure that the airplane is safe to fly.   Why do we expect people 
with similar levels of knowledge about the operation of email to understand how 
to preserve their privacy?

Sent from Whiteout Mail -

My PGP key:

Attachment: pgpgI2vr6cRDh.pgp
Description: PGP signature

ietf-smtp mailing list
<Prev in Thread] Current Thread [Next in Thread>