On Wed, Feb 26, 2003 at 10:14:17AM -0800, Lucky Green wrote: > I believe that waiting for code to sanitize user-provided attachments > would delay mixminion indefinitely. As I mentioned in an earlier email, > I don't even believe it feasible to hide the MUA (or OS) once MIME > generated outside of the mixminion system is permitted. (Windows is > going to kill you here...) Are there differences in MIME encoding for different MUAs, or just the content boundary delimiters? If it's the latter, I can see a demime/remime (or just straight re-write) that could happen at the last hop. It's probably not solvable if it's the former, at least with existing MUAs. > The moment the system permits user-provided non-textual attachments, > users' anonymity will be compromised en-masse. I have no opinion if that > fact warrant the conclusion to not include support for such attachments > in the system given the otherwise negative impact on adoption. My opinion would be "warn the users that attachments could compromise their anonymity". I suspect that a determined user will find some way to attach data, even if the system officially disallows attachments. In the world today, I don't think most people would be willing to use a system where they couldn't use attachments of some sort. > I suppose the question is: is it better to have a large number of users > and have some of these user's anonymity be compromised without their > knowing? Or it is better to have a limited number of users who are > unlikely to see their anonymity compromised without their knowing? I > guess time will tell. I think if users are educated about the possible anonymity compromises, they can make their own decisions on the matter. Instead of attaching v-cards, or Word docs that might have identifying info, the ones truly concerned would likely disable v-cards, and maybe print-and-scan, or export docs to text and attach those. Or, as Peter mentioned elsewhere, track down tools to sanitize their documents before attaching. But definitely, plugins or documentation should warn users that what they're doing might conceivably allow them to be traced. -- Michael A. Gurski (opt. [firstname].)[lastname]@pobox.com Hail Eris! -><- All Hail Discordia! O- http://www.pobox.com/~[lastname] 1024/39B5BADD PGP: 3493 A994 B159 48B7 1757 1E4E 6256 4570 1024D/1166213E GPG: 628F 37A4 62AF 1475 45DB AD81 ADC9 E606 1166 213E My opinions are mine alone, even if you should be sharing them. "Peace, commerce, and honest friendship with all nations---entangling alliances with none." --Thomas Jefferson (1743-1826)
Attachment:
pgp00015.pgp
Description: PGP signature