>> So, training HAS to be done, otherwise people will lose privacy. > >Look, I'm really sorry to keep harping on this, because I know it's a bit off >topic and probably >annoying, but your model of how to do security for end users is simply wrong. >...
Different people are different and it is not helpful to pretend that all end users are the same. Most people say they care about privacy, but their actions show that they actually don't, e.g., they'll trade their password and SSN for a candy bar. Some people really do care about privacy. I don't know if you've ever talked to someone who runs a battered women's shelter, but I have. For them, their privacy is really a matter of life and death, and they have to deal with impressively complex threats. I've heard direct reports of malware that installs keyloggers that report back to the hostile spouse. These people boot their computers from a CD to use webmail through Tor, and buy burner phones in bulk. The kind of stuff we're talking about redacting here is completely irrelevant to them, since as I said, they are not so dim as to depend on their mail provider's logging practices for their safety. Christian's point about bulk collection is a reasonable one, but just as the collection affects a lot of people, the security benefits from good header logging affect a lot of people, too. We need to start by understanding how they're really used and what the benefits are. >From what we've heard here from people who run significant mail systems for real users, the benefits are substantial. R's, John _______________________________________________ Shutup mailing list [email protected] https://www.ietf.org/mailman/listinfo/shutup
