[clug-talk] anti email harvesting (was Website Changes)
Nick W
nickw77 at shaw.ca
Fri Nov 19 09:21:48 PST 2004
> As a user I have always disliked the form submission quite a bit,
> because it does not leave me with a record of my submission in my mail
> client's "Sent" folder; So when given the choice I avoid those forms.
The form could have an optional field to send you a copy at your discretion,
of course etting anonyminity at 0, unless perhaps you used a 'proxy' email
addy as you mentioned in anopther post. But as I argue later in this note,
email is not anonymous either.
>
> In addition, I have lost some messages, due to accidentally closing the
> browser window or tab before having sent the message. This happens once
> in a while when one is multi-tasking or interrupted while composing a
> message. My email client tends to be much more forgiving that way - it
> asks, if I want to save the draft message before it quits the
> application. So personally, I just don't find a submission form
> particularly user friendly.
Another scenario that used to happen with some sites is the session would time
out while you were composing a message.
>
> And the submission form is not a particularly high guarantee of
> anonymity for the user of the form. Unless the sender sits behind a
> gateway or proxy mechanism of some kind, which is shared by many people,
> in many cases the identity of the sender could be correlated via IP
> addresses rather easily, if a reasonably recent email from the sender is
> available.
Is this not just as true for email?
> So while the website operator / recipient of the form based
> message may promise not to check IP addresses, this is of little
> consolation to anyone with a bit more technical savvy, who desires
> guaranteed anonymity.
Which realistically doesn't exist in the scenario you've given where the
recipient has a list of IPs to compare to. Unless the user releases their IP
and gets a new one just before submission, but that won't work on shaw
anyway. It would only semi-work on telus as you can narrow it down to a city,
perhaps even a certain area of the city by IP group. If there's a will theres
a way...
> I bet most of us could figure out the identity of
> a high percentage of CLUG members by IP address. In some cases it may
> narrow it down to 2-3 people because they are sitting behind a common
> gateway or proxy-server, but even that is not particularly anonymous.
so is there another solution? Switch proxies every hour perhaps [if you can
find that many]?
>
> But since I can send regular emails to the CLUG folks, it doesn't bother
> me that the form is on the CLUG site for those people who feel
> differently than me :)
>
but that is far from anonymous...
my thoughts,
Nick
More information about the clug-talk
mailing list