Hi, 
Guest
Pic
Sign In

maildev@lists.thunderbird.net

Thunderbird email developers

View all threads

User privacy warning about CLIENTID new feature on 68.0

A
ace
Wed, Jul 10, 2019 7:51 PM

Dňa 7. 7. 2019 o 22:15 Mark Rousell napísal(a):

On 07/07/2019 20:51, Jörg Knobloch wrote:

Perhaps we should at least wait for a word from the inventors of the
client ID.

[...]

I'm not prepared to work on a patch that would a) allocate different
IDs to different accounts, or b) hide the whole thing behind an
option. The original patch authors would need to do that.

Just pull it.

Unless and until this has an opt-in option (which crystal clear
explanation to the end user of its purpose and ramifications) and
per-account IDs it seems pretty obvious now that it has no legitimate
place in Thunderbird.

Why was there such a hurry to add it as a feature, anyway?

I have filed https://bugzilla.mozilla.org/show_bug.cgi?id=1564096 for
the fix to the problem in Thunderbird code.

I already attached a patch that makes the whole feature dormant and
opt-in until the user defines the clientId value manually for a
particular server only.

There is no explanation (or UI) in Thunderbird yet, but I think that is
fine, in my opinion it is the obligation of the server/provider to
explain to the user what this clientID does (it is an uncommon
experimental feature, no server can assume users/client apps will
magically work with it) and how to set it up.

The proponents of the feature can improve upon it later if a
privacy-preserving way for the improvements/automation can be found.

aceman

Dňa 7. 7. 2019 o 22:15 Mark Rousell napísal(a): > On 07/07/2019 20:51, Jörg Knobloch wrote: >> Perhaps we should at least wait for a word from the inventors of the >> client ID. > [...] >> I'm not prepared to work on a patch that would a) allocate different >> IDs to different accounts, or b) hide the whole thing behind an >> option. The original patch authors would need to do that. > > Just pull it. > > Unless and until this has an opt-in option (which crystal clear > explanation to the end user of its purpose and ramifications) and > per-account IDs it seems pretty obvious now that it has no legitimate > place in Thunderbird. > > Why was there such a hurry to add it as a feature, anyway? I have filed https://bugzilla.mozilla.org/show_bug.cgi?id=1564096 for the fix to the problem in Thunderbird code. I already attached a patch that makes the whole feature dormant and opt-in until the user defines the clientId value manually for a particular server only. There is no explanation (or UI) in Thunderbird yet, but I think that is fine, in my opinion it is the obligation of the server/provider to explain to the user what this clientID does (it is an uncommon experimental feature, no server can assume users/client apps will magically work with it) and how to set it up. The proponents of the feature can improve upon it later if a privacy-preserving way for the improvements/automation can be found. aceman
KE
Kai Engert
Thu, Jul 11, 2019 3:33 PM

On 07.07.19 20:34, Philipp Kewisch wrote:

I am in favor of removing this, or at least disabling it by default. A unique id is still something that can be used for tracking a single installation over different geographic locations, even if it is not personal information.

+1 for disabling the feature by default in the upcoming TB 68 release,
and allow more time for discussions.

A unique ID per computer could also be used to track which computer is
used a which time, for example, an unusual use of a work computer at
midnight.

Today, the server provider cannot distinguish "used computer at work
location" from "used laptop at home using a VPN connection into work".
So, even a unique ID per account would give out more information to the
server than we give today.

See also my comments at
https://bugzilla.mozilla.org/show_bug.cgi?id=1564096#c19 which have some
alternative suggestions.

Kai

On 07.07.19 20:34, Philipp Kewisch wrote: > I am in favor of removing this, or at least disabling it by default. A unique id is still something that can be used for tracking a single installation over different geographic locations, even if it is not personal information. +1 for disabling the feature by default in the upcoming TB 68 release, and allow more time for discussions. A unique ID per computer could also be used to track which computer is used a which time, for example, an unusual use of a work computer at midnight. Today, the server provider cannot distinguish "used computer at work location" from "used laptop at home using a VPN connection into work". So, even a unique ID per account would give out more information to the server than we give today. See also my comments at https://bugzilla.mozilla.org/show_bug.cgi?id=1564096#c19 which have some alternative suggestions. Kai
Empathy v1.0   2025 ©emwd.com
Documentation