[Top] [All Lists]

Re: [ietf-smtp] [Shutup] real life privacy tradeoffs, was Proposed Charter

2015-12-02 10:27:00
Wednesday, Dec 2, 2015 11:06 AM John Levine wrote:
Show your data or please stop making generalizations like this.   This is 
really not helpful.
Hmmn.  If people are this unfamilar with practical user security, and
are unable to type "trade password for a candy bar" into Google, this
is going to be a very slow slog.

John, what is deeply frustrating about this conversation is that every time I 
ask a serious question, I get an answer like this.   Did you look into that 
study?   Can you describe their methodology?   Did they identify potentially 
confounding factors that would introduce bias into the results?   Does their 
methodology account for those factors?   Do they make any sort of case at all 
for why their sample is a representative sample?   You don't know, do you?   
You just read one of the clickbait articles that Google offered you.

The very study you are citing is actually used as an example of bad methodology 
in a textbook, _Elementary Statistics: Looking at the Big Picture_, by Nancy 
Pfenning.   Did the researchers check to see if the people they surveyed gave 
their actual birthday, or their actual password?   Or were they the ones who 
were scammed?   The survey was also done in 2004.   Do you think nothing has 
changed since then?

The reason this has become a slog is that nearly every answer I've gotten for a 
question I've asked, and nearly every criticism I've seen of a statement I've 
made, is of a similar level of quality to the answer you just gave me.  I don't 
mean to single you out--your example study is just too good an example not to 

What this conversation has told me is that nobody on this mailing list actually 
knows the answer to this question: "what are the costs and benefits of 
redacting information from the Received header fields in email messages?"   You 
all think you know the answer, and your intuition is probably not completely 
invalid, but if we actually care what the answer to this question is, we 
probably do need to form a working group to study it a bit more seriously than 
we have done thus far, and we definitely can't rely on the assurances of 
supposed subject matter experts as to what the actual cost is.

Sent from Whiteout Mail -

My PGP key:

Attachment: pgppKLfLW1hUu.pgp
Description: PGP signature

ietf-smtp mailing list
<Prev in Thread] Current Thread [Next in Thread>