Send Bristol mailing list submissions to
bristol@mailman.lug.org.uk
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.lug.org.uk/mailman/listinfo/bristol
or, via email, send a message with subject or body 'help' to
bristol-request@mailman.lug.org.uk
You can reach the person managing the list at
bristol-owner@mailman.lug.org.uk
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Bristol digest..."
Today's Topics:
1. Re: Security of LUG (MFPA)
----------------------------------------------------------------------
Message: 1
Date: Thu, 3 Sep 2015 13:30:58 +0100
From: MFPA <2014-667rhzu3dc-lists-groups@riseup.net>
To: "Allen Coates on Bristol and Bath Linux User Group"
<bristol@mailman.lug.org.uk>
Subject: Re: [bristol] Security of LUG
Message-ID: <1003630986.20150903133058@my_localhost>
Content-Type: text/plain; charset=utf-8
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi
On Wednesday 2 September 2015 at 1:34:17 AM, in
<mid:55E64409.8060002@cidercounty.org.uk>, Allen Coates wrote:
MFPA:
>> What personal data are we talking about, apart from email address?
> Anything the administrators care to store about me.
All they need is the email address, plus password and subscription
settings. They could potentially store things like IP address, what
browser/operating system/MUA/etc. but they need none of this so should
not bother.
> Don't forget it's not just my data being stored. If
> someone compromises the server, they will have a
> complete list of all the subscribers.
As Amias said, they could see all active subscribers from the list
archives. Extra security here would only benefit inactive subscribers
(or those who join with one email address to post and a different one
to receive the list's messages).
> Depending on
> how things are organised, perhaps of all the
> subscribers to all the LUGs in the country.
I would guess that were true: the settings page allows some
options to be set "globally" for every mailing list that you are a
member of on mailman.lug.org.uk, and there is a "list my other
subscriptions" button.
> In quantities like that, even "just" a name / email
> pair will become valuable.
That is available from the list archives. On the subscription page,
there is a box for name as well as for email address. It is clearly
marked as optional; I don't think it should be there at all as it is
not needed.
Unless the list prunes those that are inactive or bouncing, the
membership list would contain lots dead email addresses.
> It's a pipe-dream, I know, but I would like to think
> that *ALL* personal data - however trivial - is
> protected.
Unfortunately that is not possible. Where I live is personal data -
definitely non-trivial - that cannot be protected because people who
have no need to know where I live can see me coming and going.
I would like to think that personal data were:-
1. only stored with the data subject's explicit permission,
2. only stored if absolutely needed,
3. only used for the precise purpose for which it were provided,
4. only used by those to whom it were provided,
5. securely deleted as soon as no longer needed or as soon as so
instructed by the data subject, and
6. freely available for secure inspection at any time by the
subject of that personal data.
Even the Data Protection Act is found wanting on most of those points.
- --
Best regards
MFPA <mailto:2014-667rhzu3dc-lists-groups@riseup.net>
Rose rose to put rose roes on her rows of roses.
-----BEGIN PGP SIGNATURE-----
iQF8BAEBCgBmBQJV6D2uXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwAegIAIXD6AmlVO2+vUM3n2LTt2PM
rw6B4aBf6OCnMnGQKHg9trXStz3ytyPCNhxv5DYdev5l1StyAM2Xamtark0BCcih
easpY8cqO0RDDLPPGreihkZ+1Em4ymvBXg1iz+jmyIX3jUT+xbsGJ79a6XP/ibDQ
VrPAUANHHzWOPmUR3BF2lCuLsiqR+NLYIh+deVOiJzfZDlVoBvMDAADr25olYu25
MUkX5ZqbhZHBSAhBKCKOJ4FrNRlE4lf4EuJWzs5QHKJeZeBMptrlBHEFN8tP3rCC
Tw6OeBEe36SxMfcEIdYM8AR3qWVeiUkZKAqwAiR+kWnTu5f6CoV/8J+1qBWFNZOI
vgQBFgoAZgUCVeg9t18UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45ILxAQC7xxlAEtXzGvRD43I2EmpO77HT
JeD7xbVyQWlL90Q/XwEAyvgcsbcVxbgcfkxt4EFiz11Dn2dZPqO9zI2V+q8AbgU=
=vk3Z
-----END PGP SIGNATURE-----
------------------------------
Subject: Digest Footer
_______________________________________________
Bristol mailing list
Bristol@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/bristol
------------------------------
End of Bristol Digest, Vol 616, Issue 10
****************************************
Tidak ada komentar:
Posting Komentar