Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Ted Lemon <mellon@fugue.com> Tue, 01 December 2015 19:04 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AD941B2F22; Tue, 1 Dec 2015 11:04:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.912
X-Spam-Level:
X-Spam-Status: No, score=-1.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vo9Dq3jCHipJ; Tue, 1 Dec 2015 11:04:19 -0800 (PST)
Received: from fugue.com (mail-2.fugue.com [IPv6:2a01:7e01::f03c:91ff:fee4:ad68]) by ietfa.amsl.com (Postfix) with ESMTP id E29C31B2F28; Tue, 1 Dec 2015 11:04:17 -0800 (PST)
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="----sinikael-?=_1-14489966548200.7075463170185685"
From: Ted Lemon <mellon@fugue.com>
To: shutup@ietf.org
In-Reply-To: <20151201184328.18674.qmail@ary.lan>
References: <20151201184328.18674.qmail@ary.lan>
Date: Tue, 01 Dec 2015 19:04:14 +0000
Message-Id: <1448996655129-d579be8c-03e00e5b-24fb7ed0@fugue.com>
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/0dWb27YZpUgiXWio5qzgWhhoNRQ>
Cc: ietf-smtp@ietf.org
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2015 19:04:21 -0000

Tuesday, Dec 1, 2015 1:43 PM John Levine wrote:
> If you're depending on the header writing practices of random
> submission servers to keep you from being doxxed, you're not very
> bright.

Can we dispense with the insults?   How does this add value to the discussion?

> The doxxing crowd routinely use social engineering to call up
> and get people to provide the information from the logs.

Yes, and sometimes they succeed, and the times that they succeed, that's when the harm they do makes the news.   The times they fail, we don't hear about.

> If you really need to keep your location private, use a Tor connection
> to gmail or yahoo webmail.

As a rule, people don't know they need a specific kind of privacy until it's too late.   People who are, at present, in the happy state of not knowing they need privacy are in that state for one of two reasons.   One, they haven't actually said anything to offend some random 13-year-old sociopath out on the Internet yet.   Two, the privacy safeguards that they need are in place, and the sociopath they offended fails to get their info.

What we are talking about doing here is making the second case more likely.   This is important work that's worth doing.   It's not the case at all that people who fail to protect their own privacy are "not very bright."   Frequently they are very bright, but simply didn't imagine that they would be screwed over by the infrastructure they are using in such a blatant and unpleasant way.

The reason that people get screwed over in this way is because we, who understand about privacy and understand how to deliver it, did not make it a priority.   That's what this discussion is about.   So please don't belittle people whom we have failed by claiming that they should somehow have anticipated the problem.   That really is our job, not theirs.


--
Sent from Whiteout Mail - https://whiteout.io

My PGP key: https://keys.whiteout.io/mellon@fugue.com