[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

2015-12-04 15:10:26
Friday, Dec 4, 2015 3:42 PM Rich Kulawiec wrote:
1. Such links are often customized on a per-user per-message basis
with unique URLs.  Thus *any* hit on that URL from anywhere must
have come from that user [1] and via that particular message.
It may not disclose their IP address but it *does* disclose that
they read the message and when.  This is bad.

Yup.  You have to always fetch, when the mail arrives.   Which could turn into 
a DDoS attack if you do it for all messages, so not ideal without additional 
heuristics.   But I don't see any way around those heuristics without simply 
deleting all URLs from all email messages.

2. Proxying means proxy means proxy log means yet another place where
sensitive information accumulates.  I.e., I don't think it's a good idea
to attempt to fix this issue by MITM'ing connections.

You already have the whole email message if it's not encrypted, so I don't see 
that any additional information is leaking here.   But this is still a good 

3. How do you rewrite a link over an encrypted connection?

If you are running the IMAP server, it doesn't matter whether the connection 
between the user and the server is encrypted.   If you are not, then it's not 
your problem.

I'm not arguing that there isn't a massive privacy problem here.
There is, and I think it's far more worrisome than IP addresses
in Received lines, because it discloses far more information *and it
does so in real time*.  I just don't think solving it will be this easy.

Agreed on both counts.

Sent from Whiteout Mail -

My PGP key:

Attachment: pgp8l2EuBaYhw.pgp
Description: PGP signature

ietf-smtp mailing list
<Prev in Thread] Current Thread [Next in Thread>