-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 John Bambenek <jcb=40bambenekconsulting....@dmarc.ietf.org> wrote: > > But is the risk to self-identification as present when > role-based accounts could be used as opposed to PII? I guess > I'm not understanding the risks of people accidentally > disclosing what they don't intend to.
The risk is this: until people have been burned by over-sharing sensitive information, most are very ill informed about the fact that sharing is risky at all. People literally won't understand that listing their name and phone number, to assert ownership of a domain, ALSO exposes that data to any creative criminal who knows how to wield dig as part of preparing their spear-phishing campaign (as a random example). Or expose their current address to a vindictive ex. Most people won't understand this until it's too late, until they've been burned. Many domain owners are barely technically literate, DNS is not just used by medium and large organizations with dedicated IT staff. Many domain owners do not have an "organizational role" to list, even if that were the encouraged default option. Understanding how your data puts you at risk requires both thinking in an adversarial way, and requires understanding how the technology works. Very few people have that combination of skills, even within tech. As a result, the only reasonable assumption is that any system which encourages the collection (let alone the publication) of personal data must be considered risky, even dangerous. We have too many such systems as it is, we need to think very carefully and need strong justification for creating more of them. Another way to put it: if a system requires you think and exercise care to stay safe, that means the system itself is by default unsafe. Building unsafe systems is not good engineering practice. Cheers, - Bjarni - -- Sent using Mailpile, Free Software from www.mailpile.is -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEELPAMGTG3kMo305suWQtbDAPCJoUFAl0k06YACgkQWQtbDAPC JoWFfAv+PeMuOT6XRtKxN/avTM/W8rzO6Xbb6WEiqLl7a9easTVATtzxqv0g8eY1 l4VW5oiHaZ/EUlo80KQfYsl4R7XnjfH2KW9kmEGHFUZGKe8cW+WUOtlqQDvG21b0 lzCn3r8F7dyq1/2dB8oYFORKiFgvyZ/gdHooi/icQXC1Bmdq/RBPBfBKkfkieJVV pYqiKekHAFy737t5t5J7xu8N5cZVc4Wzfrc8aP/nofguKhGzXp/npV+vcQvGGCQw gCH8ERQ6dZtCMXHtmCT5gQJg+KAHYCWn/Njhbc+9A6xaByho0QmESkeCWi1vdn+v nLh4C1pS7+rRULT0Sl1unj8X8UBzLPFApbT7f27zXD2kF6VljIsLSVHBxzAb30Oq FS0zZTwQLhhI4BckB9uYw/YqHVMDdDRPF1tSLINCEsxBuPIvlb47a1zfUwMFUPdf +VM9i1w7zSFmkJg3RzDxxtzbpqmzKzuCWdytuWkQm6zMWlHO4jbkpBvv4yWskTQ7 aaT5Kux9 =4QSR -----END PGP SIGNATURE-----
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
