[tor-talk] reply-to: list surprising on a privacy-centric list

Greg Troxel gdt at work.lexort.com
Wed Jan 11 14:47:56 UTC 2012


I just sent a private reply to a posting here.  I was surprised that
reply began to compose a message to the list instead of to the
individual sender as it should have, but did notice in time.  The
problem of course is the Reply-To: header that points to the list.

I know there are pro and anti list reply-to camps.  In my view, the
biggest problem with list reply-to is that people using MUAs as they
were designed can easily intend to send a private reply and instead have
it posted to the world.  That is a serious privacy bug, and it's
surprising that the tor list is set up this way, since TBB etc. goes to
great lengths to prevent privacy-leak mistakes.

(I noticed the problem on the gmane gateway, but public archives of the
list show the header too.  Sorry if this is fixed already and also a bug
in gmane and I'm wrongly ranting.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20120111/4c90b6ef/attachment.pgp>


More information about the tor-talk mailing list