ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

2015-12-02 03:22:00
On 01/12/2015 23:59, Ted Lemon wrote:
Tuesday, Dec 1, 2015 6:52 PM John C Klensin wrote:
Suppose that,
instead, the question was closer to: "if a user had a serious
desire to protect her location, especially against pervasive
surveillance by state actors and too-curious message recipients,
how would she do that with existing systems?"
John, I think that I already explained why this isn't a good question to ask.   We don't 
want privacy just for people who think in advance, "hm, email in general isn't 
private, and I know that I am going to need privacy, so I will use this other service in 
order to gain privacy."   We want the email to already have been private when the 
need for it to be private arises, without the user who needs this privacy having a mental 
model that would allow the aforementioned questions to be asked, to say nothing of being 
answered.

Regarding my personal mail server, one instance is in Dallas and the other in 
Frankfurt.   Regardless of where I happen to be on any given day, any 
geolocation done on the headers will reveal that I am in a data center in one 
of those two cities.   Since I am not in either of those data centers, I am 
protected from any revelations about my actual location through header fields 
in my email.   Of course, you can tell that the mail came from me, but that's 
what I want, so it's okay.

IP geolocation won't (usually) tell anyone exactly where you are.

According to Geolocation databases, an IP address of one of my business customers based in Huddersfield, UK, is either in Hereford, Beulah, Rochdale, or just the UK. So, Geolocation isn't really working closer than country level.

The actual user's computer is going to be 192.168.15.something, so that being in the header isn't going to locate the user in any way to someone not involved in the business.

If you are a bigger business and have a range of IP addresses, then the geolocation MAY give more information, but it's not a given. Relying on it for anything more precise than a country is taking a big risk.

My business has 3 small IP address ranges (three ISPs for redundancy):
The first one is either in Silvertown, Holmfirth or London depending on which Geolocation database I look at. I have no idea where Silvertown is, Holmfirth isn't bad , and London is not very precise, as well as being 200 miles away.

The second is either in a city called 'Paul' (that's my name - not a city), or Mitcham (no idea?) or Rochdale (my ISP) or the UK.

The third is in Exeter (Sowton Industrial Estate, apparently - quite precise, but 257 miles away...) or just the UK

(FWIW, my home IP range which is from the same ISP as the second one above, and in the same town as that, is either in 'Paul' (again), Brenchley or Rochdale, so it looks as if some of them just give random details if they don't know the answer... Rochdale I understand as that's the ISP, but Brenchley, Mitcham or Beulah are just random)



_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

<Prev in Thread] Current Thread [Next in Thread>