On 2026-05-21 12:43, Jaroslaw Rafa via mailop wrote:
Dnia 21.05.2026 o godz. 10:40:20 Randolf Richardson, Postmaster via mailop
pisze:
if I see a unique string in
place of an IP address, then I tend to assume that the obfuscating
mail server's postmaster will have a method of decoding, decrypting,
or otherwise looking up what the real IP address was
I more often see nothing pointing to original IP address in the headers at
all than something with unique strings in place of an IP address...
Dnia 21.05.2026 o godz. 14:17:34 John Levine via mailop pisze:
They're not that transient. The IP address assigned to my fiber modem
changes perhaps once a year. Lots of countries consider an end user's IP
address to be PII so I'm not surprised they suppress it.
Considering end user's IP address to be PII is a stupid law in my opinion,
but such a stupid definition has been introduced here in Europe by GDPR:
"‘personal data’ means any information relating to an identified or
identifiable natural person (‘data subject’); an identifiable natural person
is one who can be identified, directly or indirectly, in particular by
reference to an identifier such as a name, an identification number,
location data, an online identifier or to one or more factors specific to
the physical, physiological, genetic, mental, economic, cultural or social
identity of that natural person;"
Many lawyers argue that "online identifier" mentioned in that definition
includes an IP address.
Argued, but not supported.. especially nowadays, when people use CGNAT
or VPN's.. This was just bluster IMHO..
Our Polish data protection law that was in effect before GDPR was adopted
had a better definition IMHO, because it said that personal data is data
that allow to identify a person *without excessive effort*. If you have
person's name or street address, then you can identify that person quite
easily - so that has been considered personal data. But to identify a person
based eg. on a car registration number requires excessive effort, because
you have to involve the police or some government office that has access to
registration numbers database. Similarly, identifying a person based on IP
address requires excessive effort, because you have to involve the ISP
owning the network range in question. So that was not considered personal
data.
But GDPR does not have the clause of "excessive effort", so under GDPR
everything that gives even slightest possibility to identify a person (even
if it would require detective work ;)) can be considered personal data. That
is simply stupid IMHO.
Yeah, especially given that users post their pictures freely on line
with GEO data still intact ;)
No, this is a constant argument by 'privacy advocates', however anyone
providing email service can simply note in their disclosure/signup
information that this is essential information needed for security purposes.
But I don't want to get into a long drawn out argument on this topic, I
am sure the end users that are getting their email accounts compromised
don't care.. and the ISP should realize that the simple act of including
this can reduce support, improve security, and reduce costs..
Especially when often we see those IPs coming from networks that are on
many DROP lists already..
When accessing resources, users should be transparent.. eg they provide
an IP address and password, and USUALLY they are providing a lot of
other fingerprint information, such as client, cookies, etc.. they
should provide where they are accessing it from. But of course this
drags us into should public VPN's and open proxies be allowed to access
anything that requires authentication?
Marking the IP address 'hidden' will simply make your service more of a
target for evil miscreants..
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
