ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

2015-12-02 04:52:14
On 02/12/2015 10:31, Martijn Grooten wrote:
On Wed, Dec 02, 2015 at 10:10:38AM +0000, Paul Smith wrote:
It would have to change per message to make it untrackable
I think a reasonable compromise would be for this blob to stay constant
for (user,IP address) for some time. This would allow spam filters to
link emails to the same sending machine, but wouldn't link emails to
website visits from the same IP address.

That would still allow someone to 'track' you by comparing the blob to your home/work/mobile blobs

It wouldn't work if the user is unknown (eg for ISPs who validate customers based on IP address, rather than SMTP authentication), and it may 'expose' more information since the blob now "identifies" the user rather than just the IP address as there is now.

It might stop you linking website visits to IP addresses (does anyone do that?), but what if the website requests email validation by asking you to reply to an email it sends to the user? Now, people have access to the 'blob', and can link that to the IP address of the user with a high degree of probability.

I'm not convinced there's any way to 'hide' IP address information other than removing it totally, which arguably reduces spam detection, which is a much greater risk to privacy than tracking IP addresses from Received headers. It seems to be a well-intentioned idea that will actually make things worse rather than better.

A working group is fine, as long as the charter is clearly something like "explore the possibility of hiding header information and, if it's sensible, then work out how it may be done", and not "work out how to hide header information". i.e. -as long as it can accept that it may be a bad idea and shouldn't be done at all. That doesn't seem to be the intention behind the proposed charter - that seems to be "we're going to do it regardless, this WG is to work out what we can remove".




_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

<Prev in Thread] Current Thread [Next in Thread>