Slashdot Mirror

← Back to Stories (view on slashdot.org)

Deja News Privacy Questioned

Posted by ryuzaki0 on from the one-for-the-paranoid dept.

theGEEK writes "An internet 'watchdog' discovered that Deja News is actually logging their users e-mail traffic." Is this related to the recent thing about them tracking every click through redirector scripts? Personally I'm not threatened, but I'm not a privacy nut either. What do you think?

7 of 93 comments (clear)

  1. It's their server by valis · · Score: 4

    If you choose to use DejaNews for anything, any information you provide to them is thiers. Accept it. You are responsible for your own privacy, they are prefectly justified in tracking every link you click on. It's a FREE SERVICE. If you don't like it, don't use it.

    (And I AM a privacy nut)

  2. Read again!! by sjames · · Score: 4

    Most of the comments here are about keeping logs of mail that goes through their servers. IMHO, that's normal and expected, nobody should have a complaint there. (If you do, use a remailer)

    The problem is that they have a link for the sender's email address. One might expect it to be a simple mailto: but it is not. It is a link to a CGI on their server which logs the information, and then redirects to an actual mailto.

    In other words, they go out of their way, and add load to their already busy server in order to log that you decided to email the user. That happens even if the email does NOT go through their servers.

    Personally, I doubt very much that they would add all that load to their server in order to NOT use the information gathered. I sure wouldn't.

    Unlike a mail log, this IS a violation of privacy for the simple reason that they are collecting user information beyond what is customary, and they are not informing the user. As a side note, most ISPs DO inform the customer that their email is not to be considered private and that it may (read will) be logged.

  3. better dump /var/log/maillog by MentlFlos · · Score: 4

    This is so stupid. According to everything I read on that ZD page,they know what email was sent and to whom AND they (oh my gosh) know the IP's too!

    Lets see, I am currently in charge of the e-mail server at work. I can go into /var/log/maillog and tell you the EXACT same info. Hell, I can even tell you when people are checking their mail.

    Does this mean I'm collecting email addresses because I keep a log file of the traffic on my server? I even back up the server to tape so I must be archiving this info for my evil plan to send e-mail to everyone on the planet.

    The bottom line is... Who gives a shit. Its a log file. People are becoming WAY to sensitive about this kind of stuff.

    The smallest company to the largest corperation should have backups of their data. If this includes log files of when email was sent.. so-be it.

    Hmmm, I also have root on the mail server which gives me the ability to read the email too. Why havent I seen a news-flash on the admins ability to read e-mail that is not their own?

    I'll just file this one under FUD
    ---------------------------------------
    The art of flying is throwing yourself at the ground...
    ... and missing.

  4. DejaNews by daviddennis · · Score: 4

    They put redirects on the email addresses, but they can't track the actual mail being sent - that's between you and your mail server, not DejaNews.

    I'm not clear on what commercially valid use could be made of this information - I can see how they want to know, in the aggregate, what URLs their users visit, but I can't see any commercial merit in knowing who I write to. Perhaps someone from DejaNews can respond to this.

    Of course if you're concerned about this, there is an easy fix - don't click on the email link. The email address is easily visible in the message headers, and you can bring up a new email window and cut/paste or type in the address yourself. The link is just a convenience for lazy people - such as myself, and - probably - most of us.

    D

    ----

  5. No big deal? Get a Clue!!! by geoGIF · · Score: 5

    There seem to be a lot of people out there (especially sys admins), who are saying, "This is no big deal. Everyone store logs, etc." Hello. Excuse me...you're not getting it. Lets all be clear here on exactly what's going on.

    Go to DejaNews and look at a Usenet posting. Next to the Author's name, you'll see that DejaNews was nice enough to provide a link with the authors email address so that with a simple click you can email the author. Fair enough, that's helpful (and something I expect). The problem is, it's NOT a simple mailto:foo@bar.com link. It links back to DejaNews. DejaNews sees this, and says to itself, "Hey, Joe Blow just clicked on a link to email foo@bar.com." Then it redirects to something link mailto:foo@bar.com, which causes your mail client to pop up, all ready to email to foo@bar.com. At this point, DejaNews is out of the picture (you're sending email to foo@ on your PC using your mail client and your IPS' SMTP server). But DejaNews has already made a note that you at least clicked on the link to email them (you could change your mind and cancel and DejaNews wouldn't know the difference). The point here is that DejaNews doesn't have to do it this way. They could've simply put the link to the person's email directly on the page (which would've been much simpler), in which case they would have no way of knowing if you clicked it. They're specifically going out of their way to make note of the fact that you clicked on the link to email someone. Someone, somewhere, made a deliberate, conscious decision to go to the extra trouble of logging this. It's not some incidental log.

    Realistically, I do think it's that big of deal. But this is not the simple sendmail log that all the I-love-to-jump-to-conclusions idiots who've only skimmed the story without actually understanding it are claiming it is.

    Randy Weems
    reems@nospam.hotmail.com

  6. privacy rhymes with crazy by maan · · Score: 4

    Alright, so dejanews knows which ip address sent an e-mail to whom. Well, Rob right here on slashdot can know precisely at what time of the day i visited his site. Microsoft can have a detailed log of their visitors. Logging is something that any sensible sysadmin does. Someone who manages a service as important as dejanews' or any other site needs some info. It could be to improve performance in certain areas, or to show some people who work with ties (people with big salaries who decide where the money goes) that the thing they're paying for is worth it. They need to show advertisers (their main source of revenue) that their investment is not worthless.

    It is true however that such info could have some use. But such things should remain confidential to the company and not be publiczed such as on zdnet. This stuff has been going on for more than a yer now, and it didn't bother anyone, even if they didn't know it. Why should they start today?

    True. Maybe Dejanews should have said somewhere in the fine print that they were doing this (and actually, maybe they do). But don't say that because they log who you e-mail to infringes your privacy. Please...

    Maan
    bsat@iprolink.ch

    (I hope you don't mind that I log the e-mails I receive. Do you really wanna see this kind of disclaimers on sites...)

  7. Mail Logs by scotto · · Score: 4

    Although I do worry about online privacy, I think
    it is unfair to single out DejaNews like this. By
    default Sendmail logs the sender and recipient of
    every piece of email it handles, and Sendmail is on
    something like 90% of all computers that handle
    Internet email. This information has valid uses,
    such as tracking down spammers, and identifying
    misconfigured mail servers and clients.