[tor-bugs] #32558 [Internal Services/Tor Sysadmin Team]: clarify what happens to email when we retire a user
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 17 12:32:29 UTC 2020
#32558: clarify what happens to email when we retire a user
-------------------------------------------------+---------------------
Reporter: anarcat | Owner: tpa
Type: task | Status: new
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #32519 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+---------------------
Comment (by teor):
Replying to [comment:3 anarcat]:
> Furthermore, I think it misses a key idea that should be formally
proposed:
>
> 4. '''email is private, forwards for function'''. ie. with exceptions,
emails keep working when we grant people access to @torproject.org. this
includes "corporate" people that were not admitted to "core". emails are
'''not forwarded''' ever, except in rare cases where accounts legitimitaly
belonging to TPI/TPO should be reset and are associated with a personal
email address. all "function-level" communications should happen through
official channels ("fundraisigin@", "accounting@", "torproject-admin@",
etc)
>
> I understand there are strong feelings, especially in TPI, that we
*need* to be able to forward people's emails when they leave. I would
argue that is a sign of a problem in our communications more than a policy
that we should adopt formally.
>
> If people contact anarcat@ instead of torproject-admin@, that's a
problem which we need to fix, for example. If only because it's possible
that I eventually leave the organisation, or more likely go on a long
vacation, during which time it's absolutely irrelevant to write me
directly for help about TPA. I constantly remind people of this, and it
generally works. If we do *not* institute that policy correctly, we will
have a lot of trouble keeping track of those roles in the first place -
using forwards is not really going to help us anyways.
Sending email to a person also makes it very difficult for us to
distribute workload. Some people have a huge email workload. And they
could do with some help handling it.
Using role-based addresses is one solution to this issue. Multiple people
can get access to a role-based account. And people can redirect all their
role-based mail when they are busy with other tasks, or when they go on
leave.
> Besides, it seems to me we are trying two different and somewhat
unrelated problems:
>
> * A. '''what happens when someone leaves''': do they keep their
forward?
> * B. '''can we read other people's mail''': specifically, when A
happens, do we, can we, should we forward their emails to some one else?
I also think we should be very careful of the ethical and legal
implications of reading other people's mail. We talk a lot about human
rights, and the right to privacy. We should recognise and respect the
privacy rights of Tor staff and volunteers.
We also work with people in Europe, and other jurisdictions with strong
privacy laws. I'm not a lawyer, but we should talk to lawyers before
creating policies where we read other people's mail.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32558#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list