[liberationtech] (advice sought) Public safety and configuration of list

Mon Apr 22 22:59:55 PDT 2013

3 lines summary of what follows:

There is NO way that the list admin can prevent list members from
putting in danger other people who ask for help to the list, so stop
worrying too much about this and don't mess anymore with the headers.

On Mon, Apr 22, 2013 23:45:47 PM -0400, Michael Allan wrote:

>   Experts on the list advise and inform on matters such as
>   encrypting communications, protecting infrastructure from cyber
>   attack, and protecting onself from personal danger.

in ~2 years I've been a subscriber here, I don't remember anything
that would be in the "personal vulnerable situation" category, that is
the starting point for all the concerns that follow. Anyway:

> the software adds a Reply-To header pointing to L, which is the
> address of the list itself.  The message is then passed on to the
> subscribers.  The meaning of the added Reply-To header is, "Q asks
> that you reply to her at L." [3]
> Note that this is false information; Q does not ask that.

Partly not correct (Q implicitly asked, or accepted that, the moment
he or she subscribed to a MAILING LIST, that as everybody knows are
places for public discussion. Especially when they have public
archives), partly irrelevant:

a) at least HALF of the fault in the scenario that you keep torturing
   yourself with is not on "P". It is on "Subscriber Q dumb enough to
   reply with helpful information" about a "PERSONAL VULNERABLE
   SITUATION" [only] to the list, instead of being
   mature/sensible/smart enough to:

   	1) answer to list ONLY in the vaguest possible terms ("I'll
   	get back to you on that") if at all

	2) send any advice that may help but provocate reply with
   	sensitive data in a completely SEPARATE message, that the list
   	doesn't see at all

	3) eventually, post to the list for future reference a summary
	of general advice for cases like that, purged of personal data

   if a "tired and distracted" person asks for advice to a not
   stressed person, and the second person replies "OK, let's talk this
   over just on the edge of a cliff", is the distracted person the
   only one to blame if she falls off the cliff? In other words, the
   only problem and fault in your scenario is not point 4 (P replies
   with private info) but point 3 (Q replies with helpful info, but in
   a totally braindead way, when he or she should really know better)

b) many people, like me, set their mail clients to recognize lists and
   automatically send replies to list messages ONLY to the list.
   Regardless of how much the admin played with the headers.

c) oh, and of course there still are the people who routinely and
   blindly "reply to all" to whatever they get in their inbox

> POSSIBLE EXPLOIT THAT INCREASES THE DANGER

hmm... 

>   Might not this exploit be perceived as feasible?

yes. Just don't expect to solve it with mailing list management. If,
instead, the only goal is to give Stanford and the list admin wants a
legal basis to not be sued, that's OK.

>   While Stanford University is evaluating these safety concerns and
>   has yet to make a decision, it should return the configuration to
>   its default setting. The default setting is known to be safe.

The default setting is known to provide very little of the specific
safety you want, for the reasons I explained. If replying to messages
from this list can put other people in danger, this is something that
ALL list members must individually commit to avoid, whenever they
answer.

Oh, and maybe "Q" people so DUMB to not check whether they are
replying on or off list when somebody's LIFE may be in danger
shouldn't subscribe in the first place, should they now?

So, personally I (re)vote for keeping reply-to to the list, but do as
you wish because I'll keep MY email client to "Reply-to List" anyway
(which proves my point), because it's infinitely more convenient than
having different behavior from all the other tens of mailing lists I
am subscribed to.

Marco F.
http://mfioretti.com