I was recently asked if I would mind switching to another email
address and not use a Gmail address "because of privacy concerns."

I wasn't offended, yet the person I replied to seems to think perhaps
I was.  What I said in my reply to her was that I wouldn't mind, as
long as anyone else using a webmail account was asked to do the same
thing.  There are others who use Yahoo and various other webmail
services on the list in question.

The group in question has no archives and she is of the belief that
because there are  no Yahoogroups archives (for group members or
moderators) that Yahoogroups hasn't kept the messages on a server.

The thing that gripes me about people lately with this Privacy thing
with Gmail is that Gmail is doing what *every* other webmail service
out there is doing -- keeping deleted messages on their server but not
making them available to anyone.  The difference with Gmail is that
they are upfront and honest about what they are doing.

Also ... if you wanted to get technical about it, every ISP that
allows people who use their service to access their messages on the
web should have the same concern, yes?

So how would you educate people that feel that Gmail has more of a
privacy issue than other webmail services and ISPs that have the
ability to check messages on the web? Moreso other webmail services
than the ISPs.

I'm not one that looks over my shoulder all the time for "Big
Brother."  I DO live a realistic life, but I live life to enjoy it,
not to find people lurking in the shadows.

How would you reason with someone like this?  BTW....this person also
suggested that they "may have to start encrypting messages for the
group" and if that happens....I'm gone, that's way too much distrust
for my way of thinking (and the group isn't a very active one).

Don't ask me why I'm still on the list - it's a nice group to talk to
when they talk!

    I was replying to a question email last night with gmail (the
discussion was about the best bird identification books for Southern
California).  After I clicked reply, I glanced to the right and saw this
awesome list Google had found of books (and authors listed), totally on
subject.  Under that, Google listed all sorts of bird interest groups to
search/join.

   That's pretty cool - a search with no mouse clicks ;-).

    Nola
    Nola...@gmail.com

06:56 AM 06/28/2004 -0700, Simmie said something like:

Don't ask me why I'm still on the list - it's a nice group to talk to
when they talk!

Simmie

I am on another list which has banned all Gmail addresses.

That is OK with me. Incidentally I do know my ISP does not keep any records
of backups of messages. It is part of their privacy agreement, and people
like them because of that.

I did see another post somewhere which did suggest that if you have no
archives on yahoogroups that there would be no messages to backup so
nothing kept by the yahoogroup. People do like this option in some groups,
in others it is totally silly, depends on the group and what it is all about.

Yes I would use encryption on ALL my email if I knew how to do it, but I
don't understand it. I think people really should be careful of what they
put on the internet, it is well known that it is not secure.

Basically I think it boils down to what information is being put out there
and I would always respect the wishes of the other people in a group.

AF

Fuzzy

On Tue, 29 Jun 2004 00:05:26 +0930, Aeolia Farm

If someone decides to ban a Gmail address then they need to go wild and ban
all the webmail addresses and all the ISP addresses ... basically they need
to retreat back to snail mail!

Most of the people who are falling for this BS are probably the same people
who are spreading the viruses around the net because they still believe
that all those attachments are necessary.

JMHO

Paul

----

One to many encryption is kind of difficult, however, especially with
standard public key encryption, which is what most mail encryption I've
seen uses (ie, PGP).  In that case, you can share your public key, which
people use to encrypt the message, and then you use the private key to
decrypt it.  In one to many, everyone would have to have the public and
private key... so you might as well just use private key encryption
only.

One way around this would be for the list to have a public key, and you
encrypt all mail to the list with its public key.  The list would then
have everyone's public key, and would decrypt the incoming message, and
then encrypt individual copies for every user on the list.  This means
the list can decrypt the messages, however, so if you don't trust the
list host, this gets you nothing.

In the end, though, any encryption scheme only works as far as the fact
that in order for the end reader to read it, it has to be decrypted.
They can then do anything they want with it at that point.

If you aren't using encryption, email is like a post card:

http://www.cert.org/homeusers/email_postcard.html

As for the "keeps copies after you delete it", the same is true for your
own hard drive, hence the existance of undelete utilities.  Unless you
use military grade scrubbers on your hard disk, some amount of data
could be recovered given enough money and need.

Once you start adding redundancy, backup copies, and snapshots, it
becomes fairly obvious that any reliable system is going to have copies
lying around for some amount of time after something is deleted.

On other differentiater between a larger service like the webmail
companies, and your local ISP:  your local ISP is likely to have a lot
fewer accounts, may even know who you are personally, and have much less
stringent safe guards in place, or have less knowledge when presented
with legal subpoena and the like.  Would your local ISP have gone to bat
against the RIAA asking for information about P2P users like Verizon
has?  The shear scale of the larger companies makes it a lot less likely
that your account would be compromised, or that such a compromise would
have any affect.

In any case, any of this is a matter of degree, and people using these
tools need to make an informed decision about what degree of risk they
are willing to deal with.  I'm very curious about what the topics are on
these groups which people feel require this level of privacy, I would
guess they would probably fall into the camp of things I wouldn't want
to discuss in any kind of forum, mostly because I trust other people a
lot less than I trust the technical side of things.

I'm not sure if any list software supports the encryption scheme I
suggested, it wouldn't be that hard to do, but the number of people who
use or understand encrypted mailers... the audience would be pretty
small.

Oh, and there's nothing that prevents a webmail account from supporting
encryption, the problem would be that the data would be decrypted by the
webmail account to show you the message on your screen, so in theory the
webmail account provider could decrypt your mail at any time.  There are
ways you can try and make that harder by encrypting the private key with
another key that you'd have to type in, but then they could capture
that... looking for perfect security seems impossible.

Also, providing search over encrypted messages is another interesting
challenge, since obviously decrypting every message and searching it is
a bit slow.

Oh, and one other point, if you start using encryption, you are most
likley also authenticating your messages as well, ie you're making it
easier to prove that you actually wrote the messages.  In general, email
is fairly easy to forge, and its much harder to prove that you wrote a
message, but with encryption, access to the private key is probably a
much smaller group of people, and in general much harder, so its easier
to prove that you wrote the message.

Anyways, that's my opinion.  If you want Google's opinion, that's online
here:

http://gmail.google.com/gmail/help/more.html

Brandon

On 06/28/04 Simmie uttered the following other thing:

If you only want certain people to be able to read a message, you can
exchange key information with those certain people ahead of time.  In
other words, you make up a new key pair, and give only certain people
your public key, but things like this were never really meant to be
done with asymmetric keys very easily.

Where things like PGP and GPG and such excel is verifying a sender.
One creates a key pair and registers it with a trusted third party,
and then can send messages encrypted under his private key, and
everyone can grab the public key from the trusted third party, and
verify that the sender MUST have been genuine since only the
registrant of that public key could possibly have the corresponding
private key.

That said, if you want real security, you really need to build a key
infrastructure directly into the system.  For email, that ship has
already sailed.

Fuzzy
--
"Men may doubt what you say, but they will believe what you do."
*Lewis Cass {1782-1866 American Politician}

That's what GMail is doing - and Yahoo and Hotmail and any other
reliable mail provider, whether webmail or pop mail.

--
hth,
texas critter

--
hth,
texas critter

     http://hoaxbusters.ciac.org
     http://www.snopes.com
     http://www.symantec.com/avcenter/hoax.html

 *****************************************************
*****************************************************

It is suggested you research forwards before sending them out.<<<<<

The file is named appropriately "hoax_shortand-not-so-sweet.txt"  *LOL*

Sue

My second pet peeve is fools that don't clean up forwards, don't delete all
the email addresses and then don't use bcc: to protect the addresses of
their friends.

I stirred up a hornets nest one time when some unknown person asked me how I
got her address.  I simply looked back through the forwards and told her
that her good friend So&So sent it to me in a forwarded message that was
forwarded through 13 other people who all sent it to tons of other people,
one of whom was a friend of mine who sent it to me.

I told her to expect to see her SPAM increase dramatically with friends like
that spreading her email around.  Poor girl didn't know whether to kill me
or kiss me.  I told her how to use the bcc: function and I bet she told a
few "friends" how to use it also.  :-))

[hours later] Done!  Where do I pick up my yacht?

*grin*

--
hth,
texas critter

On Mon, 28 Jun 2004 22:02:56 -0500, texas critter

1. don't send forwards as attachments - send the original instead even if it
takes a few more minutes -  if that's more time than you have, don't send
the forward.  Trust me, no one will miss it.

2. delete everyone's email address from the forward you are sending so you
are not circulating a bunch of people's email addresses around the internet.

3. pick and choose.  I forward very seldom anymore. I mostly send
interesting things to mailing lists I'm a member of.  Why?  Because if
people are interested in receiving email on a certain topic, they will join
a mailing list for that topic.

4. Know the special interests of each person and send THEM forwards about
that topic ONLY, NO general forwards. My special interests are anything on
Weight loss surgery or obesity ... and pro life news and news about
violinists, also some health topics like statin drugs, medical error etc.  I
really appreciate folks who send me items about my special interests because
sometimes I can miss things.

5. If you are a personal friend of mine and you are really thinking of me,
PLEASE DO write me a letter with a few words updating me on the news in your
life.  That is so much more welcome than some weather beaten forward which
I've probably seen anyway.  It's not really thinking of the person to
mindlessly hit the forward button, (in my opinion)

6. If you are someone I know from a mailing list, send your forward to that
mailing list, not me.  If it's off topic for that mailing list, you can
pretty well figure out it's off topic to send to ME personally.

To explain: Since I run a large web-net and am owner of 14 online
communities (some of them very large), and also am a webdeveloper, email
takes me 3-6 hours a day to read and respond to ... WITHOUT forwards.  If I
see an email from a friend's email address, I don't want to delete without
opening.  But if I open the email and it's just a weatherbeaten forward
which someone has probably sent me already, then I've just lengthened my
time on the computer.  You see where that might be a problem?

thanks for understanding,
Sue who has been buried in forwards lately<<<<<<<

I would like to say this was effective. It was partially effective.  Those
who send me forwards now, clean them up a bit more.  But they are STILL
sending the forwards.  [shakes head] I give up.... ***sigh***

Sue who thinks that those who sent me forwards didn't really bother to read
MY email

--
hth,
texas critter

7.  If, after reading this, you STILL want to send me a FWD please put my
email address in the BCC: field.  DO NOT put it in the TO: or CC: field as
that exposes my address to harvesting by spammers as well as everybody you
forward to.

Marina

On Tue, 29 Jun 2004 17:43:20 -0400, DSW32952