emacs-orgmode@gnu.org archives
 help / color / mirror / code / Atom feed
* On the protection of emails in the archives
@ 2021-04-08  8:29 Guillaume MULLER
  2021-04-08  9:13 ` Russell Adams
                   ` (3 more replies)
  0 siblings, 4 replies; 10+ messages in thread
From: Guillaume MULLER @ 2021-04-08  8:29 UTC (permalink / raw)
  To: emacs-orgmode


[-- Attachment #1.1: Type: text/plain, Size: 1027 bytes --]

Hi all,

I recently sent an email on this mailing list (see https://orgmode.org/list/b1e778c5-acbf-8a17-c9bf-dcb6693e9845@univ-st-etienne.fr/ )

Since then, I'm receiving spams on the email address I used to send the message.

After some research, it seems that this email address only appears on 2 websites, notably this orgmode.org mailing list archive.

Would it be possible to configure the archive to obfuscate / hide the email addresses inorder to protect its users?

According to what I understand, this list uses the "GNU mailman" software, which in turn uses "Pipermail" for the archive. From what I read in the docs (https://www.gnu.org/software/mailman/mailman-member/node40.html ), the default configuration should be that the email addresses are protected : "The HTML archives which are created by Pipermail (the archiving program which comes default with Mailman) contain only obscured addresses.". So is there a particular reason why this option has been disabled?

Thanks for your feedback

GM


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 236 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: On the protection of emails in the archives
  2021-04-08  8:29 On the protection of emails in the archives Guillaume MULLER
@ 2021-04-08  9:13 ` Russell Adams
  2021-04-08 19:12 ` Daniele Nicolodi
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 10+ messages in thread
From: Russell Adams @ 2021-04-08  9:13 UTC (permalink / raw)
  To: emacs-orgmode

Guillaume

On Thu, Apr 08, 2021 at 10:29:00AM +0200, Guillaume MULLER wrote:
> Hi all,
>
> I recently sent an email on this mailing list (see https://orgmode.org/list/b1e778c5-acbf-8a17-c9bf-dcb6693e9845@univ-st-etienne.fr/ )

Yes you did, and the official archive is here where the list is hosted.

https://lists.gnu.org/archive/html/emacs-orgmode/2021-04/msg00184.html

> Since then, I'm receiving spams on the email address I used to send the message.

Welcome to the tragedy of the commons known as the Internet.

> Would it be possible to configure the archive to obfuscate / hide the email addresses inorder to protect its users?

We do. The GNU mailing list archive that hosts the mailing list does.

I can't say regarding the other. Maybe someone else can check it.




------------------------------------------------------------------
Russell Adams                            RLAdams@AdamsInfoServ.com

PGP Key ID:     0x1160DCB3           http://www.adamsinfoserv.com/

Fingerprint:    1723 D8CA 4280 1EC9 557F  66E8 1154 E018 1160 DCB3


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: On the protection of emails in the archives
  2021-04-08  8:29 On the protection of emails in the archives Guillaume MULLER
  2021-04-08  9:13 ` Russell Adams
@ 2021-04-08 19:12 ` Daniele Nicolodi
  2021-04-09  6:14 ` Kyle Meyer
  2021-04-09 15:58 ` Jean Louis
  3 siblings, 0 replies; 10+ messages in thread
From: Daniele Nicolodi @ 2021-04-08 19:12 UTC (permalink / raw)
  To: emacs-orgmode

On 08/04/2021 10:29, Guillaume MULLER wrote:
> Hi all,
> 
> I recently sent an email on this mailing list (see https://orgmode.org/list/b1e778c5-acbf-8a17-c9bf-dcb6693e9845@univ-st-etienne.fr/ )
> 
> Since then, I'm receiving spams on the email address I used to send the message.
> 
> After some research, it seems that this email address only appears on 2 websites, notably this orgmode.org mailing list archive.

A Google search demonstrates otherwise.

> Would it be possible to configure the archive to obfuscate / hide the email addresses inorder to protect its users?

In this time and age, it is not an useful anti-spam measure. It is much
more likely that your email address is harvested from the address book
or the received emails of someone that has their email account
compromised because of a weak password (or, in this case, from any other
website that publishes it).

Cheers,
Dan



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: On the protection of emails in the archives
  2021-04-08  8:29 On the protection of emails in the archives Guillaume MULLER
  2021-04-08  9:13 ` Russell Adams
  2021-04-08 19:12 ` Daniele Nicolodi
@ 2021-04-09  6:14 ` Kyle Meyer
  2021-04-09  6:58   ` Tim Cross
  2021-04-09 15:58 ` Jean Louis
  3 siblings, 1 reply; 10+ messages in thread
From: Kyle Meyer @ 2021-04-09  6:14 UTC (permalink / raw)
  To: Guillaume MULLER; +Cc: emacs-orgmode

Guillaume MULLER writes:

> Hi all,
>
> I recently sent an email on this mailing list (see
> https://orgmode.org/list/b1e778c5-acbf-8a17-c9bf-dcb6693e9845@univ-st-etienne.fr/
> )
>
> Since then, I'm receiving spams on the email address I used to send
> the message.
>
> After some research, it seems that this email address only appears on
> 2 websites, notably this orgmode.org mailing list archive.

Your email address can also be harvested from the lists.gnu.org
archives.  Inspect the output of

  $ curl -fSsL https://lists.gnu.org/archive/html/emacs-orgmode/2020-07/msg00125.html
  $ curl -fSsL https://lists.gnu.org/archive/mbox/emacs-orgmode/2020-07

> Would it be possible to configure the archive to obfuscate / hide the
> email addresses inorder to protect its users?

<https://orgmode.org/list> and its upstream source
<https://yhetil.org/orgmode> are public-inbox
(<https://public-inbox.org/>) archives.  There's an option (disabled by
default) to configure address obfuscation.  However, in my view email
obfuscation is giving you a false sense of security.  Ignoring other
ways spammers get your address, you're posting to a public space, and
your address can be harvested (and, as shown above, not just from these
public-inbox archives).

And this isn't something specific to Org mode's archives.  Just as some
examples, take a look at <https://lore.kernel.org/git/>,
<https://issues.guix.gnu.org/>,
<https://lists.sr.ht/~sircmpwn/sr.ht-discuss/>, or
<https://lists.gnu.org/archive/html/emacs-devel/2021-04/msg00285.html>.

Anyway, that being said and despite my opinion on this, I'm considering
turning on obfuscation at <https://orgmode.org/list> and
<https://yhetil.org/orgmode>.  There's at least one issue that'd need to
be fixed before doing so though:
<https://public-inbox.org/meta/87a6q8p5qa.fsf@kyleam.com/>.


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: On the protection of emails in the archives
  2021-04-09  6:14 ` Kyle Meyer
@ 2021-04-09  6:58   ` Tim Cross
  2021-04-09 16:01     ` Jean Louis
  0 siblings, 1 reply; 10+ messages in thread
From: Tim Cross @ 2021-04-09  6:58 UTC (permalink / raw)
  To: emacs-orgmode


Kyle Meyer <kyle@kyleam.com> writes:

> Guillaume MULLER writes:
>
>> Hi all,
>>
>> I recently sent an email on this mailing list (see
>> https://orgmode.org/list/b1e778c5-acbf-8a17-c9bf-dcb6693e9845@univ-st-etienne.fr/
>> )
>>
>> Since then, I'm receiving spams on the email address I used to send
>> the message.
>>
>> After some research, it seems that this email address only appears on
>> 2 websites, notably this orgmode.org mailing list archive.
>
> Your email address can also be harvested from the lists.gnu.org
> archives.  Inspect the output of
>
>   $ curl -fSsL https://lists.gnu.org/archive/html/emacs-orgmode/2020-07/msg00125.html
>   $ curl -fSsL https://lists.gnu.org/archive/mbox/emacs-orgmode/2020-07
>
>> Would it be possible to configure the archive to obfuscate / hide the
>> email addresses inorder to protect its users?
>
> <https://orgmode.org/list> and its upstream source
> <https://yhetil.org/orgmode> are public-inbox
> (<https://public-inbox.org/>) archives.  There's an option (disabled by
> default) to configure address obfuscation.  However, in my view email
> obfuscation is giving you a false sense of security.  Ignoring other
> ways spammers get your address, you're posting to a public space, and
> your address can be harvested (and, as shown above, not just from these
> public-inbox archives).
>
> And this isn't something specific to Org mode's archives.  Just as some
> examples, take a look at <https://lore.kernel.org/git/>,
> <https://issues.guix.gnu.org/>,
> <https://lists.sr.ht/~sircmpwn/sr.ht-discuss/>, or
> <https://lists.gnu.org/archive/html/emacs-devel/2021-04/msg00285.html>.
>
> Anyway, that being said and despite my opinion on this, I'm considering
> turning on obfuscation at <https://orgmode.org/list> and
> <https://yhetil.org/orgmode>.  There's at least one issue that'd need to
> be fixed before doing so though:
> <https://public-inbox.org/meta/87a6q8p5qa.fsf@kyleam.com/>.

I totally agree. I have no issue if 'hiding' email addresses can be done
and has no other unfortunate side effects, but I don't believe it
actually achieves much, so don't care if the default is not changed.

I think you have to accept that the email address you use in public mail
lists is going to be harvested and as others have mentioned, a lot of
email harvesting occurs when someone who has your address in their
address book has their system compromised.

The only sane action is good spam filtering. While I know a lot of
people complain about the Google gmail spam filtering, for me it is
remarkably accurate. It is unusual for me to see even a couple of spam
messages in my inbox every few months. My spam/junk box usually gets
around 10-15 messages a day and occasional messages flagged as spam
which are not (usually because the sender's mail server isn't doing SPF
or any of the other spam prevention headers correctly). Takes me about 1
minute to scan and 'delete forever' each day, so no big problem.  
-- 
Tim Cross


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: On the protection of emails in the archives
  2021-04-08  8:29 On the protection of emails in the archives Guillaume MULLER
                   ` (2 preceding siblings ...)
  2021-04-09  6:14 ` Kyle Meyer
@ 2021-04-09 15:58 ` Jean Louis
  3 siblings, 0 replies; 10+ messages in thread
From: Jean Louis @ 2021-04-09 15:58 UTC (permalink / raw)
  To: Guillaume MULLER; +Cc: emacs-orgmode

* Guillaume MULLER <guillaume.muller@univ-st-etienne.fr> [2021-04-08 11:30]:
> Hi all,
> 
> I recently sent an email on this mailing list (see https://orgmode.org/list/b1e778c5-acbf-8a17-c9bf-dcb6693e9845@univ-st-etienne.fr/ )
> 
> Since then, I'm receiving spams on the email address I used to send the message.
> 
> After some research, it seems that this email address only appears on 2 websites, notably this orgmode.org mailing list archive.
> 
> Would it be possible to configure the archive to obfuscate / hide
> the email addresses inorder to protect its users?

While your assumption is that you are getting spam because your email
is published on those websites, this does not say it is true cause of
you getting spam.

It is enough that you give your email address to anybody, like a
friend or associate, and you can start getting spam.

Mailing list archives do not obfuscate email addresses, and in
automated data harvesting that is easily solved.

Please note, it is more important for people to communicate and be
able to reach each other than taking care of individual spam
problems.

My side spam is mostly being solved automatically, server side, by
using Spamhouse. You may advise to your email service provider to use
that feature or some other feature.

Spam problem is not a remote problem, not something on outside parties
to solve, it is to be solved on your side. You may train your email
client to recognize spam. Email is not and never was perfect.


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

Sign an open letter in support of Richard M. Stallman
https://rms-support-letter.github.io/



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: On the protection of emails in the archives
  2021-04-09  6:58   ` Tim Cross
@ 2021-04-09 16:01     ` Jean Louis
  2021-04-09 22:32       ` Tim Cross
  0 siblings, 1 reply; 10+ messages in thread
From: Jean Louis @ 2021-04-09 16:01 UTC (permalink / raw)
  To: Tim Cross; +Cc: emacs-orgmode

* Tim Cross <theophilusx@gmail.com> [2021-04-09 10:06]:
> The only sane action is good spam filtering. While I know a lot of
> people complain about the Google gmail spam filtering, for me it is
> remarkably accurate.

Maybe, but then you may also receive email mostly form public
providers. My experience from stories of recipients tells me Google is
not accurate, many genuine emails are missed.

Nobody should use Google for emails. Why trust some 100,000 staff
members with personal information?


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

Sign an open letter in support of Richard M. Stallman
https://rms-support-letter.github.io/



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: On the protection of emails in the archives
  2021-04-09 16:01     ` Jean Louis
@ 2021-04-09 22:32       ` Tim Cross
  2021-04-10  0:43         ` Jean Louis
  0 siblings, 1 reply; 10+ messages in thread
From: Tim Cross @ 2021-04-09 22:32 UTC (permalink / raw)
  To: Jean Louis; +Cc: emacs-orgmode


Jean Louis <bugs@gnu.support> writes:

> Nobody should use Google for emails. Why trust some 100,000 staff
> members with personal information?

Please do not tell me what I should or shold not do. I am an adult 
and am perfectly capable of making up my own mind thank you. 
-- 
Tim Cross


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: On the protection of emails in the archives
  2021-04-09 22:32       ` Tim Cross
@ 2021-04-10  0:43         ` Jean Louis
  2021-04-10  1:27           ` Tim Cross
  0 siblings, 1 reply; 10+ messages in thread
From: Jean Louis @ 2021-04-10  0:43 UTC (permalink / raw)
  To: Tim Cross; +Cc: emacs-orgmode

Sorry Tim. While that is my opinion, it is not meant to be taken
personally, I am corresponding with many people with Google account,
that is really nothing personal.

My opinion is for safety of users and awareness, though. Would you
stubmle upon similar opinions on websites, it would not be taken that
way. I did not mean to.

Examples of privacy nightmare:
https://medium.com/digitalprivacywise/why-you-should-stop-using-google-chrome-6c934c9a827c

Example of surveillannce:
https://en.wikipedia.org/wiki/PRISM_(surveillance_program)


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

Sign an open letter in support of Richard M. Stallman
https://rms-support-letter.github.io/



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: On the protection of emails in the archives
  2021-04-10  0:43         ` Jean Louis
@ 2021-04-10  1:27           ` Tim Cross
  0 siblings, 0 replies; 10+ messages in thread
From: Tim Cross @ 2021-04-10  1:27 UTC (permalink / raw)
  To: Jean Louis; +Cc: emacs-orgmode


Jean Louis <bugs@gnu.support> writes:

> Sorry Tim. While that is my opinion, it is not meant to be taken
> personally, I am corresponding with many people with Google account,
> that is really nothing personal.
>

Your statement was personal and if that was not your intent, then think
before you post and ensure what you write is what you mean. 

> My opinion is for safety of users and awareness, though. Would you
> stubmle upon similar opinions on websites, it would not be taken that
> way. I did not mean to.
>

Completely irrelevant. I did not join the org list to be lectured by you
on privacy or your Google paranoia. I'm sure you can find a more
appropriate outlet for such opinions. 


> Examples of privacy nightmare:
> https://medium.com/digitalprivacywise/why-you-should-stop-using-google-chrome-6c934c9a827c
>
> Example of surveillannce:
> https://en.wikipedia.org/wiki/PRISM_(surveillance_program)

I'm not at all interested in your opinion on Google. This is an org mail
list. If it does not relate to org or the list, I don't think it belongs
here. 

-- 
Tim Cross


^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2021-04-10  1:42 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-08  8:29 On the protection of emails in the archives Guillaume MULLER
2021-04-08  9:13 ` Russell Adams
2021-04-08 19:12 ` Daniele Nicolodi
2021-04-09  6:14 ` Kyle Meyer
2021-04-09  6:58   ` Tim Cross
2021-04-09 16:01     ` Jean Louis
2021-04-09 22:32       ` Tim Cross
2021-04-10  0:43         ` Jean Louis
2021-04-10  1:27           ` Tim Cross
2021-04-09 15:58 ` Jean Louis

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).