¿ªÔÆÌåÓý

Re: Member list vs. member directory


 

Shal

I understand everything you say, and where you're coming from, but as things stand I really don't think the distinction between the member list and the directory can be considered a privacy feature.

I also don't accept that other email-based lists' inability to hide members' email addresses from email recipients is any reason why groups.io shouldn't do better if it can. Many list servers are donkeys years old, from a different world where people were much less concerned about privacy invasion, identity theft and so on. I would suggest that in this era, anything that can (cost effectively) be done to reduce unnecessary leakage of personal information is worth considering. I wish I could say that users who are concerned about this are worried about nothing, but I can't justify such a position.

Anyway, I've made my point and clearly it's not one that seems to carry much weight, so I'm happy just to leave it at that rather than continue to debate this. But it will continue to niggle me...

-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Shal Farley
Sent: 20 November 2017 19:43
To: [email protected]
Subject: Re: [GMF] Member list vs. member directory

Richard,

> ... on the other hand, this is completely blown out of the water by > the fact that everyone who receives posts by email can see every > poster's email address ...

That's basically in the nature of email lists (as opposed to online fora). There are ways around it, but most email lists operate with the sender's From: address forwarded in the clear.

The theory behind the truncation on the web site is that a spammer can't just join a group and scrape everyone's email addresses out of the archive. They would have to lurk and receive messages for some time - and historically spammers haven't shown that kind of patience.

Having members' email addresses in each other's mail folders, and possibly address books, does represent some vulnerability to compromised email accounts, but generally this has been seen as a much lower probability of exposure than just scraping them out of the group's site.

> But the thing is, there is really no reason for your email address to > have been included in the message headers in the first place, since > it's not required for the message to be delivered to me.

That's true.

And as I mentioned in my prior reply a variety of proposals for how Groups.io might handle this have been discussed in beta@ in the past.
But for now Groups.io operates within the tradition of email lists, which makes sense given Groups.io's origins.

> Of course there may be other considerations that would make such a > proposal unfeasible (for example the SMTP RFCs may specify that the > original headers must be preserved exactly when a message is > distributed to a mailing list, ...

I don't think there's anything to prohibit a service like Groups.io generating the outbound messages with completely replaced headers, as if the message originated at Groups.io - basically making messages posted by email equivalent to those posted on site.

Yahoo Groups' feature to allow members to hide their email address does this in a rather direct (and unnecessarily draconian) way: members who choose to hide cannot post by email, they must post on site. That's one of the reasons I don't use that feature myself.

> I think I might put an explicit statement in my groups' descriptions > and welcome messages that brings attention to this situation.

That's probably a good idea, especially if your group members largely haven't participated in conventional email lists, or Yahoo Groups which do not allow members the ability to hide (my impression is that the overwhelming majority do not allow it - it isn't the default).

Shal

Join [email protected] to automatically receive all group messages.