--On Monday, December 07, 2015 02:34 +0000 John Levine
<[email protected]> wrote:
>...
> This is increasingly looking like a RG, not a WG. There's a
> lot of speculation about what aspects of mail messages and
> SMTP sessions have what privacy implications, with an
> extremely premature focus on IP address logging. I'd much
> rather back up a step or two and see if we can catalog the
> aspects of mail messages with estimates of the privacy
> benefits and risks of each, keeping in mind the context.
>
> For example, how much new information is there in the date
> stamp in a Received header in the usual case that it's a few
> seconds after the timestamp in the Date: header? On the other
> hand, most Received headers have a unique ID that's really
> handy to identify the message and the path it took (That's how
> you tell who's sending spam reports from AOL and Yahoo, even
> though they redact all the addresses.)
>
> That would be a useful catalog, and we can think about models
> that look at the net personal information, and diagnostic and
> anti-abuse information provided by various combinations of
> features or the lack thereof. That would be interesting on
> its own, and would give us a much better foundation from which
> to consider changes that could produce an actual overall
> privacy improvement.
This strikes me as a really good idea. This is probably what
John has in mind but, to be explicit, if it could also catalog
(not just allow "thinking about"), for each item, the
substantive uses to which any relevant aspect or datum is being
legitimately put today, differentiating things that are
specifically anti-spam from anti-phishing and mitigation of
malware and other types of attacks, that would be even better.
As many people have suggested in the previous threads, "more
privacy", whether about location or other information, is not
free but involves tradeoffs with other priorities and it is
important to consider the tradeoffs and balance.
For me at least, Dave Crocker's subsequent comments reinforce
that view.
john
_______________________________________________
Shutup mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/shutup
