[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

2015-12-02 16:51:32
On Wed, Dec 02, 2015 at 03:35:04AM +0000, Ted Lemon wrote:
This is a stereotype, which very clearly is not grounded in any kind
of serious, statistically sound survey of real-world users. 

Neither is my assertion that the ocean is wet, but everyone with
real-world experience knows it's true.

But if you really must: I suggest setting up an address, subscribing
it to at least a thousand different and topic/location-varied mailing
lists and then pushing all the incoming traffic through a procmail
filter that stashes everything for future analysis.  Then wait
a few years.  Or decades.  My corpus has about 25 years' worth of
traffic and is about 40G, gzip'd.  Message count is around 24M.
You can then, for example, write a script (or find one) that
strips off headers or signature blocks or whatever and tosses
them into a hopper for analysis.

What you will very quickly discover is that users are *deliberately*
handing out far more and far more useful information about themselves
than their mail servers are *incidentally* handing out.  You're fretting
over a tiny breadcrumb when there's a full buffet sitting on the table.


p.s. Speaking of real-world users, if I want to know somebody's
(current) IP address, one reliable technique is to get them to click
on a unique link that corresponds to a URL on a web server whose logs
I can access.  Thus if I want Joe Cool to cough up his current
IP address, I can say:

        "Hey, Joe, why dontcha check this out?

        Thanks, man."

I can ask Joe to do this via any means available -- email, IM,
IRC, text, etc.  And "Joe", for a value of "Joe" approximating
"darn near everyone", will do it.  (If this were not true, then
phishing, drive-by malware downloads, etc., would not be so
incredibly successful.)  Various methods of encouraging Joe
to comply exist, as noted by Marcus Ranum:

        "There have been numerous interesting studies that indicate that
        a significant percentage of users will trade their password for
        a candy bar, and the Anna Kournikova worm showed us that nearly
        1/2 of humanity will click on anything purporting to contain
        nude pictures of semi-famous females."


Like I said above: this is *one* reliable technique: there are many others.

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>