[ietf-privacy] Deletion request a couple of months ago
kate_9023+rfc@systemli.org Thu, 29 September 2022 22:21 UTC
Return-Path: <kate_9023+rfc@systemli.org>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6166EC14F693 for <ietf-privacy@ietfa.amsl.com>; Thu, 29 Sep 2022 15:21:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=systemli.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Yr5wuzGT_QX for <ietf-privacy@ietfa.amsl.com>; Thu, 29 Sep 2022 15:20:55 -0700 (PDT)
Received: from mail1.systemli.org (mail1.systemli.org [IPv6:2a11:7980:3::36]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1EB7C14F6EC for <ietf-privacy@ietf.org>; Thu, 29 Sep 2022 15:20:33 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------LBu82wCyr3N9gpasMQvtxHMt"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=systemli.org; s=default; t=1664490028; bh=mnHGg2xhdTswiuj2iIALDLLV7dsMzE611jVYZzrWbh4=; h=Date:From:Subject:To:From; b=nvP6cA3yYPOIkPMPq8SAG2HpPA5ah5iAgntT2+OEU9rVLIcaAwIAS8zhMD55VB0WI UJfXP3s+pPRtqaAsUpBIJM7lt/CelXyjT4s7S0nQMXmC5gpIFSY18tR5UBFmJxq3Tr 5wHEZvf5OHhQEHu9mquNX3usrMlQqe+wA6xyYPx6dNeP7RGvC4QwHSozdngn8TGcay 0sj8Q7KFc6dB0v+tmQwrcdTh65+msYR80WmAhDhu8RB3J9Q9rlr06ycW15ZHUxk+DT SkPcgudNPkH6zt244Y07aNWZY2KMQR/UEnGq6xWMCPuqInQmc1/e8Hm+PTeB/LJRwY leLFY7oOr/X2A==
Message-ID: <dc29373e-5cae-7a57-db15-3f4306afefa3@systemli.org>
Date: Fri, 30 Sep 2022 00:20:26 +0200
MIME-Version: 1.0
From: kate_9023+rfc@systemli.org
To: ietf-privacy@ietf.org
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-privacy/yFuAkoVugAHp_mKo5ijthd9HY8E>
Subject: [ietf-privacy] Deletion request a couple of months ago
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2022 22:21:01 -0000
Hello, I'm sorry, I couldn't find the original posting in mailbox. I refer to this post: https://mailarchive.ietf.org/arch/msg/ietf-privacy/KvLlmoaQDKulyHJCWKLM5HWx0Zg/ But I guess it makes sense to start a new thread anyway. I'm finally able to give this post the attention it deserves. Side note: Sometimes the email traffic at the IETF is quite fast moving and my inbox gets so flooded by this that it is impossible for me to follow the mailing list alongside job and other projects or reply in time. Back to the topic: Even though I see that the email and the name of the questioner have been removed in compliance with the GDPR, I would like to say something about it. Warning, the following is no legal advice. It may contain misinformation, but it's written in the best of my knowledge. Basically, I agree with the person and it is also something I realized negatively that the IETF does not fully inform what is public and what is not. In addition, there may be a different understanding in the US on the subject of "deleting data which is public". In Europe, we have the right to have this data being removed as well and this is strengthened by the GDPR. For us, personal data and data worth protecting also includes the name and the e-mail and even the IP address. Therefore, we are not allowed to simply publish e-mails without extensive information and explicit consent and even if this consent has been obtained, the person has the right to have his data deleted (also, for example, in forums). Whether a name or e-mail is mentioned is irrelevant for the traceability of the topic. Side note: I have noticed that the IETF simply archives everything permanently, even for more than 30 years. This is not really in the sense of data hygiene. Unfortunately, I have often found outdated information that I thought was up to date when I searched for it and acted on it, only to figure out later from members of the community that it was outdated. This means it blocked me in my work and lead to more confusion. This included trying to contact people who had once published an RFC draft, but the email went back due to now being invalid. I would have saved myself a lot of work on my draft if this information would have been deleted. On MastodonPurge the topic of data hygiene is described as: "Remove parts of your personal history from the internet: /Maybe you regret having written something publicly or privately, which new users shoud not see anymore. We all change our opinions over time. Be sure nobody gets's a wrong impression based on outdated posts."/ I agree with that and I also think that some (without naming anyone) are (hopefully) ashamed of insults/harassments they've done on this list in the future. Who knows, they might even have problems with job applications / future employers because of it. I don't believe that someone who said [insert insult here] to someone else 30 years ago should have any relevance today and they don't belong in a permanent archive either (also with the respect of the person who was insulted). The GDPR also encourages IT services to be set up according to the current state of the art. This also includes effective spam protection and protection of e-mail addresses by spammers. I have already talked to some IETF people about this, but I haven't had time to work out a "improve not being spammed" draft yet. Therefore I agree with the questioner. I also have generated an "extra email" for IETF and can see how heavily this is now being used by spam scrapers and I receive about 30 emails a day in my inbox just from the mailing list and the draft. There are many better and modern ways of protection here. I know that now many of you will say that the GDPR does not apply in the US but I consider the IETF an institution to look up to, which (in my opinion - correct me if I am wrong) at some time had on its agenda to make the Internet a better place and which is still looked up to today. Therefore it would be a very good step to implement the idea here as it is an important protection law. Protecting against data theft, promoting secure IT systems, keeping only relevant data and more. And which wouldn't be a better place to start with on increasing privacy and implementing already proven best-practices then on a privacy list itself. tl;dr I think it is important and right to respect and implement deletion requests. - Kate