[Mailman-Users] Major problems with privacy and mailman lists and harvesters
dragon at crimson-dragon.com
Tue May 27 19:48:01 CEST 2008
Michael Welch wrote:
>Steve Murphy wrote at 10:03 AM 5/23/2008:
> >I've noticed in the mailman-users archives, that if I view info by
> thread (using the mailman archives as an example,) which site is
> 2.1.10 based, that all email addresses are present, but with a
> simple obfuscation. (the "@" has been changed to " at ".) I can't
> help but to think that this simple obfuscation is a joke. Any
> harvester written in the past number of years would be smart enough
> to capture such accurately.
>I think the Topica listserver had a great way to deal with email
>addresses in archives. You could see a semblance of the email
>address, but no way could you deduce the real address. If you are
>logged into the site, each is still obscured, but is a live link
>that opens up an email-like dialog box -- with the real address
>still obscured. But it does send an email to the real address for
>the obscured address.
>Pretty good way of dealing with the problem, but I have no idea if
>something like this could be coded into Mailman archives.
---------------- End original message. ---------------------
Doing so is definitely possible, but it would require that the
archive pages be served via a CGI program and that you have some sort
of database of those e-mail addresses that said CGI process would access.
If I am not mistaken, I believe that there is currently a wrapper
script that handles access control to private archives but which gets
bypassed if the archive is public. The current architecture under
pipermail is that the actual archive pages themselves are just static
HTML files and the wrapper script only has the function of setting
and checking an access token in a cookie to access them if the
archive is private.
Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
More information about the Mailman-Users