[Users] CM "Privacy Issue" discussion - Where am I?

alb348 at gmail.com alb348 at gmail.com
Tue Jan 31 10:23:19 CET 2012

On 2012-01-31 07:47, Christian Hesse wrote:
 > Ok, here is an email, sent from Claws Mail as usual via SMTP.
 > Where am I?

Ok, smarty, it's not clear what point you are trying to prove.
Your email seems to originate from a VPN whose IP is unknown:

leda.vpn.lugor.de (unknown [])

so it can't be geographically pinpointed. Noted.

Now, my question is: do common computer users employ advanced security 
tecniques (as you did) in order to ensure their privacy? They would not 
even be aware of the threats, let alone knowing how to deal with them .

If your point was to prove that you can, in some special cases, use the 
SMTP protocol without  disclosing your location, then yes, you can. But 
how would this benefit the low-tech masses?
If we move to the terrain of advanced IT techniques, the discussion 
acquires a totally different nature. Sure, there are lots of ways to 
avoid having your location identified. You can use a secure tunnel, as 
has already been suggested. You can spoof your headers. You can hack 
into someone else's computer and send emails from there. You can use 
anonymous proxies/remailers. And so on, and on.
But how many computer users do even know about the existence of these 
techniques? Only advanced computer users do.

The gist of my previous emails was simple enough, but I will restate it 
more explicitly: considering that the *average* computer user, oblivious 
to most privacy threats and having a limited IT expertise, will simply 
copy and paste into his email client (Claws Mail or any other client) 
the address of the SMTP server provided by his ISP or by his email 
provider (Google, Yahoo, Hotmail, etc), it would be desirable to 
implement a workaround (which happens to be webmail-based) that would 
overcome that privacy violation. As already noted in previous emails, 
this would only be feasible with *some* webmail services, not with all. 
It would work with Google, for one. And, yes, it would require hard work 
coding and maintaining the workaround (updates will be required). If the 
criticism is "it's not worth the trouble, because of the difficulties 
involved", then I quit advocating this solution (hey, it was just a 
proposal), especially after the dismissive replies that I received so far.

I just wanted to make clear that:
1. the privacy violation is real and, for most (average) users, 
unavoidable (with potentially serious consequences)
2. it would certainly be possible to implement a workaround (as 
demonstrated by the fact that a Thunderbird add-on already exists)

Now I can rest my case.

More information about the Users mailing list