Discussion Forum: Thread 274645 |
|
|
| | Author: | PhoenixClank | Posted: | Sep 8, 2020 10:53 | Subject: | encrypt e-mails containing addresses | Viewed: | 96 times | Topic: | Suggestions | Status: | Open | Vote: | [Yes|No] | |
|
| As you may know, e-mail is normally not end-to-end encrypted. Traffic between
two servers may be encrypted with TLS, but every server an e-mail passes can
read that e-mail in plain text.
This is a huge privacy concern since BrickLink's order confirmation e-mail
contains my actual real-life address, and that of the seller.
My suggestion is to please make an effort to encrypt e-mail to recipients wo
support it, for example by looking up their public key in a well-known key server
(such as keys.openpgp.org, the default of the enigmail add-on), or just by adding
an option to upload one's public key somewhere in the My Settings page.
|
|
| | | | | |
| | | | Author: | cosmicray | Posted: | Sep 8, 2020 11:33 | Subject: | Re: encrypt e-mails containing addresses | Viewed: | 30 times | Topic: | Suggestions | |
|
| In Suggestions, PhoenixClank writes:
| As you may know, e-mail is normally not end-to-end encrypted.
|
That is highly variable. If the recipient is using POP3, then I agree that there
is exposure. But using an email client, which makes use of HTTPS, and which is
being transported across an encrypted cellular link, then WPA2, should provide
some protection.
| This is a huge privacy concern since BrickLink's order confirmation e-mail
contains my actual real-life address, and that of the seller.
|
| My suggestion is to please make an effort to encrypt e-mail to recipients wo
support it, for example by looking up their public key in a well-known key server
(such as keys.openpgp.org, the default of the enigmail add-on), or just by adding
an option to upload one's public key somewhere in the My Settings page.
|
Perhaps a PGP encrypted orders download, as an alternative to email distribution
? The existing email layout has not substantially changed since 2000 (when I
was on 56K modems). There should still be a minimal email notification, but how
much information is present might be a starting point.
Nita Rae
|
|
|
| | | | | |
| | | | Author: | qwertyboy | Posted: | Sep 8, 2020 12:41 | Subject: | Re: encrypt e-mails containing addresses | Viewed: | 26 times | Topic: | Suggestions | |
|
| In Suggestions, PhoenixClank writes:
| As you may know, e-mail is normally not end-to-end encrypted. Traffic between
two servers may be encrypted with TLS, but every server an e-mail passes can
read that e-mail in plain text.
This is a huge privacy concern since BrickLink's order confirmation e-mail
contains my actual real-life address, and that of the seller.
My suggestion is to please make an effort to encrypt e-mail to recipients wo
support it, for example by looking up their public key in a well-known key server
(such as keys.openpgp.org, the default of the enigmail add-on), or just by adding
an option to upload one's public key somewhere in the My Settings page.7
|
I highly doubt this will get implemented. If you are worried about this info
reaching you in plain text, you can opt to disable messages-to-email and only
use the BL messages. That won't do anything for emails with your info going
to the seller, but then again your proposed change won't help there either
as _very_ few sellers will use OpenPGP or similar.
Niek.
|
|
|
| | | | | | | | | |
| | | | | | Author: | cosmicray | Posted: | Sep 8, 2020 12:51 | Subject: | Re: encrypt e-mails containing addresses | Viewed: | 19 times | Topic: | Suggestions | |
|
| In Suggestions, qwertyboy writes:
| but then again your proposed change won't help there either
as _very_ few sellers will use OpenPGP or similar.
Niek.
|
If a seller were using an order management app, that used the BL APIs, does that
data cross the wire encrypted ?
Nita Rae
|
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | qwertyboy | Posted: | Sep 8, 2020 13:06 | Subject: | Re: encrypt e-mails containing addresses | Viewed: | 22 times | Topic: | Suggestions | |
|
| In Suggestions, cosmicray writes:
| In Suggestions, qwertyboy writes:
| but then again your proposed change won't help there either
as _very_ few sellers will use OpenPGP or similar.
Niek.
|
If a seller were using an order management app, that used the BL APIs, does that
data cross the wire encrypted ?
|
Yes, the BL API is accessed through "https" connections.
Niek.
|
|
| | | | | |
| | | | Author: | jeslego | Posted: | Sep 8, 2020 14:01 | Subject: | Re: encrypt e-mails containing addresses | Viewed: | 35 times | Topic: | Suggestions | |
|
| In Suggestions, PhoenixClank writes:
| As you may know, e-mail is normally not end-to-end encrypted. Traffic between
two servers may be encrypted with TLS, but every server an e-mail passes can
read that e-mail in plain text.
This is a huge privacy concern since BrickLink's order confirmation e-mail
contains my actual real-life address, and that of the seller.
My suggestion is to please make an effort to encrypt e-mail to recipients wo
support it, for example by looking up their public key in a well-known key server
(such as keys.openpgp.org, the default of the enigmail add-on), or just by adding
an option to upload one's public key somewhere in the My Settings page.
|
If you need this level of security, you may wish to consider using an address
other than where you live.
|
|
|
|
|
|
|