-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can you ensure that you won't expose user emails in future? #6
Comments
If you want this guarantee you need to run the server yourself in an environment you trust. |
This question is not about servers getting hacked and keys thus exposed, but about a commitment of the project owners to not add this functionality, or at least before they add this giving users the options ot opt out/remove their keys. |
I think the advertised intent of the project is equivalent to any casual agreement you would get from them on a github issue tracker (neither carries legal binding). |
Could you please quote the intent about not exposing user emails in future? Couldn't find any. |
ok, this is pointless. |
I think that should be covered by our privacy guidelines: https://www.mailvelope.com/en/privacy-policy |
@toberndo Do you mean it is already covered or that it should be added? |
@dreamflasher I thought is is covered with:
|
Maybe it is? I'm unsure about it, because keyservers currently work the way that you share your key and then it's possible to sync with them to get a list of all keys and thus of all emails. So I would think that these keyservers are complient with German law? I am not a legal expert, but I would guess if there is something in the AGB saying "by uploading your keys, you are willing that your email addresses are publicly available" then I would guess that is legal? |
Are you nuts?? It's a PUBLIC EMAIL DIRECTORY. It's basically a phone book, for Christs sake! Here is you, calling the phone company, and asking them to publish your phone number, but not your name..... Think about that. Get back to us when you figure out what German law says about publishing a phone number with no name in a phone book. On a serious note, if you ACTUALLY have a 'Secret' level clearance with the government or the military, or you're an activist in a toxic country.. MAYBE you shouldn't be publishing your email address in a public directory. Maybe. Let's just throw it at the wall and call it a 'best practice', m'kay? p.s. I'm posting this on a zombie thread, because in this day and age I can TOTALLY see other people reading this thread and getting confused about what a 'phone book' is, and what it's used for. |
Nonsense. Get your facts straight.
|
@crogonint Tone and language of your comment are not appropriate for this forum. Our privacy policy has been updated since this thread was created and reads now as:
Still according to GDPR usage of the data is bound to a certain purpose and it would violate GDPR if we sell this data to some random third party. Just publishing the complete data on the website would violate the integrity and confidentiality principles of the GDPR. |
If that's true, I wasn't aware of it. Oh, wait.. so you CAN'T search this keyserver at all?? It's strictly for mailvelope to serve keys? Well that's annoying. How do I share my mailvelope generated keys out to a public keyserver? If what you say is true, I apologize for being completely out of line. I still don't see why a spammer would want to raid a keydirectory, though. There's got to be a million other ways to get a qualified email address (one that they know someone is looking for a loan, or looking to buy a car, etc.). Still, I suppose some spammers just send out ridiculous nonsense to just about anybody. You might consider using Yahoo email, they had an INSANE spam filter back in the day. Personally, I'm going to give GMX a try for a while. They basically have all of the features I like in gmail, except they're not Google, spying on everything I do. ;) |
I don't upload my public key to a normal keyserver because this exposes my email address to spammers. Right now your keyserver perfectly prevents this as one can only lookup by email (and not by name, nor just syncing the whole database) -- can you ensure that you will stick to this behavior in future?
The text was updated successfully, but these errors were encountered: