EmailDiscussions.com

EmailDiscussions.com (http://www.emaildiscussions.com/index.php)
-   Runbox Forum (http://www.emaildiscussions.com/forumdisplay.php?f=18)
-   -   runbox privacy issues ? (http://www.emaildiscussions.com/showthread.php?t=74415)

jurastar 2 Jun 2019 04:03 PM
runbox privacy issues ?
 
Runbox is a privacy concious service, right?

It turns out (just tested) emails sent through web and smtp all have the same UID in the email header. So all aliasses have the same UID in the header as the main account. Effectively anyone, especially with finances ( big ads business ) can and will know instantly all aliasses used by a same user ...

I would consider it a big privacy issue, no distinctly different identities when using aliasses ... and all in the plain (pgp doesn't encrypt email headers, so it is all linked through the UID in plain sight)

goky 5 Jun 2019 08:42 AM
Thanks for the info...

+1

Runbox care to reply?

dbowdley 6 Jun 2019 05:20 PM
This has been mentioned by a handful of people in recent times, and we understand the concerns. We are looking at alternatives that will prevent aliases and identities from being linked to each other, while still allowing us to track abuse of our services.

jurastar 7 Jun 2019 01:06 AM
Quote:
Originally Posted by dbowdley (Post 610308)
... We are looking at alternatives that will prevent aliases and identities from being linked to each other ...
Meaning, you don't care that much or you have a timeline in which you intend to restore your user's privacy ? (bit harshly put, but the runbox statement is vague as can be, sounding like a never fulfilling politician's promise before elections)

dbowdley 7 Jun 2019 07:55 AM
Quote:
Originally Posted by jurastar (Post 610315)
Meaning, you don't care that much or you have a timeline in which you intend to restore your user's privacy ? (bit harshly put, but the runbox statement is vague as can be, sounding like a never fulfilling politician's promise before elections)
I disagree and would appreciate it if a clear statement was not reinterpreted as meaning something else.

I was careful to say that this was raised with us recently by a small number of people and we have taken that concern seriously enough to be looking (not will be looking at some obscure point in the future) at a way to remove the UID from the headers and put something else in place that won't link aliases to each other. As soon as we have something that will work we will put it in place.

jurastar 9 Jun 2019 11:06 PM
Quote:
Originally Posted by dbowdley (Post 610318)
... As soon as we have something that will work we will put it in place.
That's vague, can be next week, can be "waiting for godot"...

Geir 10 Jun 2019 06:04 PM
Quote:
Originally Posted by jurastar (Post 610336)
That's vague, can be next week, can be "waiting for godot"...
It can also be today, which is the case (for the webmail).

The same for SMTP is in the works.

- Geir

jurastar 11 Jun 2019 05:31 AM
Quote:
Originally Posted by Geir (Post 610351)
It can also be today, which is the case (for the webmail).

The same for SMTP is in the works.

- Geir
Oh goody ! I'll test it when it's fully there. ;)

EDIT: Took the time to test a few moments ago. webmail works, smtp is still crippled with a UID across main account and aliasses. Implement as said by runbox, good point, but feels a little like a half baked solution was put in pllace to shush waiting for godot?

jurastar 27 Jun 2019 05:29 PM
Geir/runbox, Care to update us on EMD ? "Godot" after al ?


All times are GMT +9. The time now is 03:34 AM.


Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy