[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian-private and Gmail



On Wed, Dec 06, 2006 at 03:34:49PM +0100, Pierre THIERRY wrote:
> Scribit Andreas Tille dies 06/12/2006 hora 14:09:
> > > Please ignore paranoid people.
> > To be honest you have to regard any nonencrypted mail as world
> > readable and you can be nearly sure that all your mails are recorded
> > at a place where you have no control over it.
> 
> I thought that very few ISP have really the will and disk space to
> record everything that comes from and to their cusotmers.

  I think every ISP on the planet has the resource to do that for every
text-only protocol. Just make the counts, you'll see that's only a few
terabytes for a reasonnably sized ISP (if you track only mails, HTTP
navigation and things like that) per month, wich on SATA drives costs
sth like 500€. Please point me to an ISP that has not the cash to pay
6k€ (even debian can pay that for a RM nowadays) of disks, and maybe the
same price for the servers that has them ? that's less than what costs a
sysadmin for 3 monthes (from the employer PoV).

  the point is, ISP are:
  1) unaware they have the resource to do it ;
  2) don't know how to do it because oracle won't fit on only 1Tbyte
     hard drive ;
  3) oracle is too slow to store all the mails they deal with in a day
     in less than a week.

  so I'd say, the real problem with google is that:
  1) they are aware that they can log everything with very cheap
     material (compared to the value of the information stored),
  2) they also know *how* to do it efficiently (without oracle) and have
     the skilled people to do that.
  3) they know how to write the tools to analyze those contents and
     extract the valuable informations from it (not everybody knows how
     to deal with 1Tb of data).

> The real problem with Google seems to be that 1) they have all the
> infrastructure needed to keep and use it 2) they clearly state that
> they will keep everything.
>
> Shouldn't that make a difference?

  no because my neighbour could spy my phone cable (magnetically) and
read the ethernet packets to read debian-private when I get the mails
arriving to my SMTP (clear text protocol). If someone wants to read
debian-private, he just can, if he wants it hard enough. You want truly
private debian-private ? then use gpg-encryption, through a mailing list
system that would decrypt mails addressed to him with his public
gpg-key, and recrypt them to every recipient with the appropriate key.
But please, do we really need that ?

  in fact, if you *really* think debian-private has to be so much
protected, then I think we should just close debian-private, because it
begins to take too much importance in a project that has among its key
principles: transparency and openess.
-- 
·O·  Pierre Habouzit
··O                                                madcoder@debian.org
OOO                                                http://www.madism.org

Attachment: pgphNkzQwNahm.pgp
Description: PGP signature


Reply to: