Re: [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG

Martijn Grooten <martijn@lapsedordinary.net> Sun, 06 December 2015 21:10 UTC

Return-Path: <martijn@lapsedordinary.net>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D2DA1B2C4A for <shutup@ietfa.amsl.com>; Sun, 6 Dec 2015 13:10:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.82
X-Spam-Level:
X-Spam-Status: No, score=0.82 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_NET=0.611, HOST_MISMATCH_COM=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8xcgyclVdRDZ for <shutup@ietfa.amsl.com>; Sun, 6 Dec 2015 13:10:40 -0800 (PST)
Received: from mail.lapsedordinary.net (thinksmall.vps.bitfolk.com [85.119.83.85]) by ietfa.amsl.com (Postfix) with ESMTP id BAC7A1B2C48 for <shutup@ietf.org>; Sun, 6 Dec 2015 13:10:40 -0800 (PST)
Received: by mail.lapsedordinary.net (Postfix, from userid 1000) id C81FD343FE; Sun, 6 Dec 2015 21:10:39 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lapsedordinary.net; s=mail; t=1449436239; bh=vqoSD5HPQsRcxjo+P8/gNrmh4QTU5TY0vPrfCKg+JZc=; h=Date:From:To:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=f1btriF6Dlfd5+G+q7z2+/YKMaTJhteJbbSC6m64e8Lf5abnF0ijkkbvnOucx9srb 2XvWxpr0SH1r1wvH2RZ+u6b6hEfUA+4gAUHc5tos8Ol6SjdYL8RbegWV0ZPrb4HUjj U3RIumeiQ31WTTm0SglT3mkxQQIwwb6d9YdyRuH8=
Date: Sun, 6 Dec 2015 21:10:39 +0000
From: Martijn Grooten <martijn@lapsedordinary.net>
To: shutup@ietf.org
Message-ID: <20151206211039.GA9984@lapsedordinary.net>
References: <6.2.5.6.2.20151205205343.0c75fed0@elandnews.com> <01PTXQAJ1Y2400HE89@mauve.mrochek.com> <05b301d1304c$bf6f3880$3e4da980$@huitema.net> <566493BA.8050707@mustelids.ca>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="envbJBWh7q8WU6mo"
Content-Disposition: inline
In-Reply-To: <566493BA.8050707@mustelids.ca>
User-Agent: Mutt/1.5.20 (2009-06-14)
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/5RTcDMjU1km9tyuNwTZ8OWZaBkg>
Subject: Re: [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Dec 2015 21:10:42 -0000

On Sun, Dec 06, 2015 at 02:59:54PM -0500, Chris Lewis wrote:
> I was never so glad as to see something as the wide-scale deployment
> of callerid a few years later.

But for Caller ID to work in cases like the one you describe, you
wouldn't need to know the phone number (which often includes the
location) of the caller; a "cryptographic blob" identifying their phone
line would suffice.

I am not a lawyer, but I believe IP addresses are considered personal
data in some countries; the European Court of Justice is currently
looking into the issue. I don't think it's impossible for a court to
decide that because of this, providers should strip (submission) IP
addresses from emails.

Or perhaps one of the many tracking companies is already using this to
correlate emails sent to website visits. This could lead to outrage
among privacy activists and a call for providers to strip submission IP
addresses.

Hence I believe it is worth seeing if we can come up with guidelines on
what information can be removed/redacted/cryptographically blobbed in
email headers, so that senders' privacy is improved, yet the ability to
block and fight abuse isn't significantly harmed.

I do think the proposed charter is a bit too strong on the need to
remove headers which, given comments here, probably isn't very helpful.
I would be in favour of a more open-minded charter, but I do think there
is a need for a WG like this one.

Martijn.