On 01/12/2015 23:59, Ted Lemon wrote:
Tuesday, Dec 1, 2015 6:52 PM John C Klensin wrote:
instead, the question was closer to: "if a user had a serious
desire to protect her location, especially against pervasive
surveillance by state actors and too-curious message recipients,
how would she do that with existing systems?"
John, I think that I already explained why this isn't a good question to ask. We don't
want privacy just for people who think in advance, "hm, email in general isn't
private, and I know that I am going to need privacy, so I will use this other service in
order to gain privacy." We want the email to already have been private when the
need for it to be private arises, without the user who needs this privacy having a mental
model that would allow the aforementioned questions to be asked, to say nothing of being
Regarding my personal mail server, one instance is in Dallas and the other in
Frankfurt. Regardless of where I happen to be on any given day, any
geolocation done on the headers will reveal that I am in a data center in one
of those two cities. Since I am not in either of those data centers, I am
protected from any revelations about my actual location through header fields
in my email. Of course, you can tell that the mail came from me, but that's
what I want, so it's okay.
IP geolocation won't (usually) tell anyone exactly where you are.
According to Geolocation databases, an IP address of one of my business
customers based in Huddersfield, UK, is either in Hereford, Beulah,
Rochdale, or just the UK. So, Geolocation isn't really working closer
than country level.
The actual user's computer is going to be 192.168.15.something, so that
being in the header isn't going to locate the user in any way to someone
not involved in the business.
If you are a bigger business and have a range of IP addresses, then the
geolocation MAY give more information, but it's not a given. Relying on
it for anything more precise than a country is taking a big risk.
My business has 3 small IP address ranges (three ISPs for redundancy):
The first one is either in Silvertown, Holmfirth or London depending on
which Geolocation database I look at. I have no idea where Silvertown
is, Holmfirth isn't bad , and London is not very precise, as well as
being 200 miles away.
The second is either in a city called 'Paul' (that's my name - not a
city), or Mitcham (no idea?) or Rochdale (my ISP) or the UK.
The third is in Exeter (Sowton Industrial Estate, apparently - quite
precise, but 257 miles away...) or just the UK
(FWIW, my home IP range which is from the same ISP as the second one
above, and in the same town as that, is either in 'Paul' (again),
Brenchley or Rochdale, so it looks as if some of them just give random
details if they don't know the answer... Rochdale I understand as that's
the ISP, but Brenchley, Mitcham or Beulah are just random)
ietf-smtp mailing list