Hiya, On 06/12/15 19:31, Ned Freed wrote: > The claim has been made - and still is made in the draft under consideration > - > that IP addresses in Received: field are of significant value to state actors > and should be removed for that reason alone. But that claims fails because > state actors have the ability to get a better version of that information from > transaction logs.
I don't think I've seen substantiation of "significant value" to state actors for the specific case of message author's IP addresses in Received: fields. OTOH, access to transaction logs should depend on the jurisdiction in which those are located though whereas if SMTP is not (or badly) protected via STARTTLS then those fields will be visible to monitoring devices. And it also seems likely that that data will be stored if it can be stored [1] as one real pattern seems to be that those doing PM will attempt to get data via every possible avenue, even when they have a way to convince or force service providers to co-operate. [1] http://leaksource.info/2015/02/25/pony-express-cse-spying-on-canadians-emails-to-government/ So while I've not seen specific information that these fields have been used after e.g. having been recorded via tempora or similar, it seems credible to assume that that can be done (and hence is being done). > Unless you can demonstrate that state actors have an easier time going after > message content - and that's demonstratably false in the United States and > probably most of other jurisdictions - the specifics of what restrictions > apply > to state actors overall are entirely irrelevant. > > And once again, this does *not* constitute an argument that there aren't > *other* privacy implications for IP addresses in Received: fields that are > worth considering. It's an argument against a specific claim that has been and > continues to be made. Right. There's also the case of leaked data, e.g. in the hacking team leak case, ([2] search down the page for "homing pigeon"), those fields in that tranche of stolen/leaked data did expose specific information that might otherwise not have been extractable. I'm not sure if I'd call that additional information significant or not, given all the rest of the things the folks who did [2] could deduce from the data. [2] http://labs.rs/en/metadata/ (Note that I'm assuming that when [2] says "email headers reveal the IP address of the sender" they mean from Received: fields, and not something else.) And to be clear, none of the above is meant to contradict the arguments folks have made about using this information for reasonable purposes. I figure this is just a part of the analysis of the trade offs that a WG would have to do. (Or that someone could just go and do now before there's a WG.) Cheers, S. _______________________________________________ Shutup mailing list [email protected] https://www.ietf.org/mailman/listinfo/shutup
