Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Ted Lemon <mellon@fugue.com> Wed, 02 December 2015 13:50 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDEEE1A8F41; Wed, 2 Dec 2015 05:50:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.912
X-Spam-Level:
X-Spam-Status: No, score=-1.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dItOb2mJwMis; Wed, 2 Dec 2015 05:50:55 -0800 (PST)
Received: from fugue.com (mail-2.fugue.com [IPv6:2a01:7e01::f03c:91ff:fee4:ad68]) by ietfa.amsl.com (Postfix) with ESMTP id B713F1A8F3F; Wed, 2 Dec 2015 05:50:54 -0800 (PST)
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="----sinikael-?=_1-14490642509200.3453761243727058"
From: Ted Lemon <mellon@fugue.com>
To: shutup@ietf.org
In-Reply-To: <565EB238.6060207@pscs.co.uk>
References: <20151130042819.10658.qmail@ary.lan> <1448858775386-ceecd236-8b11ac04-a03b4438@fugue.com> <01PTPUIP3IUK01729W@mauve.mrochek.com> <11d014e5-9a6a-4b78-92a1-8e0a1e0a905d@gulbrandsen.priv.no> <lGTaHvC8ygXWFAuu@highwayman.com> <57B818513A0069189BA3CF41@JcK-HP8200.jck.com> <1449014394167-7d2dec58-2c6a9ae8-33fc8e7a@fugue.com> <565E4CCF.3080901@mustelids.ca> <1449024914920-c367c12b-5b2db232-b118a379@fugue.com> <565EB238.6060207@pscs.co.uk>
Date: Wed, 02 Dec 2015 13:50:50 +0000
Message-Id: <1449064251263-c451a28b-ba1e4af8-62e69b69@fugue.com>
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/pwsV8qLvGWuzdEMhsGcnnWNVsAs>
Cc: ietf-smtp@ietf.org
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 13:50:58 -0000

Wednesday, Dec 2, 2015 3:56 AM Paul Smith wrote:
> The thing is that whatever you do to email, the weak link is always the human. Humans are the ones who respond to Nigerian princes, they're the ones who think it's OK to send their bank password by email to anyone who asks for it in an authoritative way, etc.
> 
> So, training HAS to be done, otherwise people will lose privacy.

Look, I'm really sorry to keep harping on this, because I know it's a bit off topic and probably annoying, but your model of how to do security for end users is simply wrong.   The way you prevent people from getting scammed is to by default not deliver email from people they don't know.   I realize this is anathema to a lot of email folks, but that's why facebook is more popular than email now: facebook doesn't deliver spam from people you haven't friended.

The way you prevent people from getting their passwords ripped is to not give them passwords.   The tokbind working group is working this problem, and the solution they have is a good one, which we will undoubtedly see deployed in the future.   It's true that it's not available now, and the vulnerability that you cite does exist now.   This is a problem we need to solve, not an inevitable quality of online technology.   Security technology based on physical tokens is also getting better/more accessible.   It's worth noting that Nigerian scammers typically scam people who have actual cognitive deficits, not regular people.   People aren't actually all equally gullible, and there are lots of people who are skeptical enough that they can benefit from privacy protections even in the absence of secure token binding and physical tokens.

> Of course, most people don't really care about privacy whatever they say (witness all the personal information posted to Facebook/Twitter/etc) so it doesn't matter that they can't be trained. The ones who do really care about their privacy are the ones who will train themselves if the information is available to them.

This doesn't reflect what people who actually study this issue are saying.   People do care about privacy.   They just can't get it.   Even though they can't get it, they do take measures to get it to the extent that they can.   It's true that not everybody does this, but it is not true that most people just don't care.   If you ask them "do you care about privacy," they might say no, but if for example you ask them "do you care if thieves know whether or not you are out of town," they will say yes.

So saying that because people don't care about privacy, we shouldn't try to protect their privacy, is wrong on two counts: first it's wrong that people don't care about privacy, and second it's wrong that we shouldn't try to protect people from threats of which they are not presently aware.


--
Sent from Whiteout Mail - https://whiteout.io

My PGP key: https://keys.whiteout.io/mellon@fugue.com