MozillaZine

Full names as mail reciepient ( data exposure?)

Discussion of general topics about Mozilla Thunderbird
userExperience
 
Posts: 1
Joined: March 12th, 2017, 7:29 pm

Post Posted March 12th, 2017, 7:46 pm

Hello,

from my point of view this is a security flaw, bug, NSA-/google-Feature request.
Reproduce:
1. add a new contact with a full name. Lets say:
Name: Mark French
Mail: 1234@gmail.com
2. write a mail to this adress
3. check mailbox of 1234@gmail.com
4. the receipient-field shows "Mark French <1234@gmail.com>"

I'd say this is a clear exposure of private data.
- Through this "everybody" will get clear data which mail adress is linked to what specific name if only a few people saved the full name
- Image you want to always remember, how you feel about your contact and type "the stupid guy Mark French" as name. This will be exposed

you get the idea, guess.

How it should be:
Full names in the adress book should only be mapped locally. Sending a mail should always only be done through the mail-address (only!)

And now some might say
[list=]
[*] everybody is doing it like this
[*] you can change the "display name"
[*] Some [insert big company here] forced us to
[/list]

but
[list=]
[*] is just an excuse
[*] is complicated for most users and will result in inconvenience when using the mail adress
[*] well... I guess that might be a reason. Nobody likes the gun to his head
[/list]


This is my opinion about this fact. Am I the only one who's caring about that, or is there any chance to get a different behavior in the future?

( posting this thread here was on purpose. I felt it's wrong to post it at bugs or features )


regards

mgagnonlv
 
Posts: 602
Joined: February 12th, 2005, 8:33 pm

Post Posted March 13th, 2017, 11:42 am

I would say it's nice for all participants in an email to see eachother's full name and address. It is less necessary with modern addresses that typically look like myname@mycompany.com, but some private citizens have funny email addresses like singloudly@provider.com or qq11@22.com (I made these up, but I have some correspondents – even business ones – with addresses even stranger than that). So having multiple "to" or "CC" makes sense when you actually send to a limited group of people who each need to take part in a discussion.

The real issue is actually with users sending informational bulletins with everyone in CC instead of BCC. Blind Carbon Copy means that nobody but the addressee with see their address; it prevents address harvesting by other parties and the infamous "reply to all" 50 people!
Michel Gagnon

Return to Thunderbird General


Who is online

Users browsing this forum: No registered users and 1 guest