captive portal detection in Thunderbird

Bryan Clark clarkbw at gnome.org
Tue Jun 28 21:58:55 UTC 2011


On Tue, Jun 28, 2011 at 10:19 AM, Ben Bucksch <ben.bucksch at beonex.com>wrote:

> On 28.06.2011 01:02, Bryan Clark wrote:
>
>>
>>
>> *Privacy*
>>
>>
>> Obviously there can be privacy concerns with information collection as I'm
>> making a web call on the users behalf every time the network goes up / down
>> or Thunderbird is started.
>>
>
> Yes, that's why instead, you could do that only when you get a certain
> error code while trying to connect to the mail server. If you get
> "connection refused", "timeout" or similar, you make that web call.
>
> (Yes, you need to hook up to whatever UI shows the mail connection errors.
> bienvenu can surely help.)
> This then also serves as a diagnostic tool in case of other network
> problems.
>

Agreed, I think this is the right direction.  Currently I don't see a way
for this to happen in an add-on but I think at least as an integrated
solution this could work fairly well.


> To further counter the privacy issues, I think you should ask the user.
> Something like "The connection to the mail server a.b.com failed. To
> diagnose whether your Internet connection works, we'd like to open a
> webpage. [OK] [Ignore]"


I agree that would give the user a choice of privacy but this is where I
don't agree the above choice is real.  A real choice (which exists via the
preference) is to change the URL to your own service which offers the static
test of "is the internet working".  By using your own static URL you can
control the kind of logging that happens. This is a somewhat difficult task
for most users to setup themselves.

An organization like Mozilla has a privacy policy and terms of use which
would cover this static URL like the other URLs displayed and should state
that we don't gather information about people without explicitly asking.

I think it would be a fallacy of privacy would be to give a user the option
of "do you want me to fix this? (even though you may lose some privacy)".
 If this service were going to collect information after the user clicks OK
then we should state exactly what is being collected, but I assume that if
Mozilla ran a service like this it wouldn't collect data without asking.
 i.e. Your level of privacy would be exactly the same.  By clicking OK there
is an increased possibility of a privacy loss but your level of privacy wrt
Mozilla (data collection etc) has remained exactly the same. If you are
truly risk averse then you should likely have all your own services setup
and Mozilla should certainly have instructions available for you to do that.

I can see how this gives a sense of control over the possible risk but I
don't feel like most users have the understanding of the technology to make
the right choice since they don't likely know what information can be
gathered.


>  However this is no different than the Thunderbird start page
>>
>
> (Yes, this is a "call home" privacy problem, too, and should IMHO be
> changed to an about: page.)


But here again, you can switch this page out to get real privacy and the
Mozilla privacy policy covers this page and others.

I appreciate your comments but I don't want this thread to be about the
general privacy issues in Thunderbird so please create a new one if you want
to further discuss it.  I just wanted to include this section because there
are questions of privacy with a "dial-home" option but the existing privacy
policies don't allow for collection of data without explicit consent so this
no different than a general problem you're welcome to discuss. (likely on
the governance list and not tb-planning)

Cheers,
~ Bryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20110628/a3cb126c/attachment.html>


More information about the tb-planning mailing list