email privacy

[Carl Remsen]

I am rather concerned that my private email address has started appearing in brackets next to my avatar name when I receive copies of inworld messages (IMs) to my private email inbox, how can I stop this? 

[Madelaine McMasters]

Hi Carl,

I'm not sure I understand. When I get offline IM's forwarded to my email address, they necessarily contain my e-mail address, as that's how they get to me. I see that in the "To:" field of the forwarded message. Are you saying that the chat transcript includes both lines of text from the person originating the IM, and a line of text that seems to be a response from you to that person, containing your e-mail address? If so, that's a huge bug and I've not heard of it before. File a bug report.

If it's a matter of your e-mail address appearing within the e-mail sent to you from the SL forwarder, that's not a problem. The e-mail is addressed only to you, and already has your identity in it, or it would not get to you. Having your identity repeated in the subject or body of the message has no effect on your privacy.

[KarenMichelle Lane]

To build on Maddy's spot on answer, it is also safe to respond to someone whose IM is forwarded to you via your RL email address. Instant Message management is a 2 step process with SL. To begin with observe these reply rules.

1) Your reply should not include the original message + it's headers for obvious reasons [Your RL email address is included].

2) Your reply also needs to conform to the character limits if IM's in general [1023 bytes or single-byte characters maximum.]

OK, so your reply is ready, When you send it, you are sending it to the SL IM External Mail Server. It in turn packages up the body of your message and forwards it onward to the person who sent it to you. That avatar name h4qcmq4ubglx4uz5d6chka55wszgva4tmlsafjuuqdwklphsr7enlob5bbf6tanj@im.agni.lindenlab.com in the from address is the forwarding address and it is unique and valid for up to 5 days.

Your avatar name will be the sender with no RL information provided [unless you included a signature in the response to the message with RL info in it].

Easy as pie and just as safe too. [unless Maddy is making her jailbreak special pies again]

[Carl Remsen]

Thanks Maddy. Just to clarify, is my email address in the "To" field visible to the sender at any time? I just wanted to check this out as I have never seen my email address appear next to my avatar name in over four years in SL. I just want to make sure that any avatar, friend or otherwise cannot see my email address unless I choose to send it to them

[KarenMichelle Lane]

Your account email address is not sent when you reply to anyone in SL . A temporary email identifier is created for you just like the one created for the forwarded IM. You see your email address in the TO: field because the LL Mail Servers are sending this to YOU. This is a properly formatted email address.

[Carl Remsen]

ok thanks Karen. Just wanted to check this out as I have never seen this before in over four years of being in SL

[Madelaine McMasters]

Carl, when someone IM's you while you're offline, LL takes their message and wraps it in an e-mail envelope to you. LL's servers know your e-mail address, so they stuff it in the "To:" field and mail it off. The person who IM'ed you is completely unaware that's happening. As with any other e-mail message, all the internet servers that are in the path your message takes on its journey from LL's servers to your computer will know your e-mail address, and that the message is coming from LL. But they won't know the content of the message. I just examined the header for the last IM->e-mail message I've received, and it does contain my SL avatar name "Madelaine McMasters" as well as my e-mail address in the "To:" field. This is expected behavior for e-mail messages, as you generally do not refer to people by their e-mail addresses, but rather by their names. This does, however, reveal a vulnerability in any actual e-mail, as it does connect your "name" with your private e-mail address. Any compromised server in the path your e-mail takes would be able to scrape that association from the e-mail's unencrypted header. Header's cannot be encrypted, as that would make them undeliverable.

So, the lesson to be learned here is that, for maximum security, you should create an e-mail address that you use specifically for Second Life, so that a compromise of a mail server/relay out there in the wild, wild, internet will not out you. That's what I've always done, that's what KarenMichelle does, and that's what I recommend you do.

But your original concern that everybody who IM's you will learn of your e-mail address, and potentially your RL identity, is actually nothing to worry about!

That you just noticed this may be the result of your e-mail program or service provider recently changing the way they represent messages to you.

[italoiu]

:matte-motes-evil: