[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

2015-12-02 09:20:24
Wednesday, Dec 2, 2015 10:12 AM Dave Crocker wrote:
Absent hard data that shows efficacy, both of you are wrong.

Not leaking data is 100% effective at not leaking data.

At base, we don't know how to prevent folks from getting scammed, while
still allowing them to interact with the outside world.

We know that revealing their personal information is harmful.   We know that 
this information is used, in real world situations, to cause harm to real 
people.   We do not know which specific sources are used, so it may well be 
that nobody is currently using the Received header field to do it.   It may be 
that the Received header field is not currently the weakest link.   However, it 
is clearly a weak link: as soon as I wanted to see what information my email 
was revealing, all I had to do was go to the ietf-smtp archive and look at my 
recent messages to the archive, and there the Received headers were, available 
for the world to see.

Lots of people are sure they know the right answer here, but none of
them can document efficacy.  Worse, most of the ways people cite have
already been demonstrated to be inadequate or unachievable.

Redacting IP address information from SMTP submission servers is very 
achievable, as witness the fact that the major email providers are doing it.   
Whether it actually prevents peoples' demonstrably violated privacy from being 
used against them is indeed unknown.

Sent from Whiteout Mail -

My PGP key:

Attachment: pgpBpWdCa6oei.pgp
Description: PGP signature

ietf-smtp mailing list
<Prev in Thread] Current Thread [Next in Thread>