Xref: utzoo news.sysadmin:3082 comp.mail.uucp:4748
Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!ucsd!ucbvax!hoptoad!gnu
From: gnu@hoptoad.uucp (John Gilmore)
Newsgroups: news.sysadmin,comp.mail.uucp
Subject: Passing proprietary messages through competitors or other sites
Message-ID: <11613@hoptoad.uucp>
Date: 19 Jul 90 16:40:14 GMT
Organization: Cygnus Support, Palo Alto
Lines: 27

Within the last two months I have had to warn two different sites
about passing proprietary traffic via hoptoad.

One was a computer company that was sending complete product plans for
a future product (still in development).  They had routed the message
via sun, apple, and me, among others!

Another was a peripheral company which appeared to be sending the
C source code for the firmware that runs inside the peripheral.  This
site had more sense, only sending it via pacbell and hoptoad, neither
of which is in the peripheral market.  It turns out that they expected
there to be a direct link, but uucp was temporarily broken by the sysadmin,
and it got handed off to a mail router, which sent it indirectly.

System administrators should strongly remind their users that info sent
via ordinary Usenet or Internet mail is NOT private.  It can be disclosed
at multiple locations along the way, either intentionally or by accident.
On many sites it can be read by ordinary users while parked there in
transit.  There are no guarantees of privacy here, folks.

And I strongly suggest that any site that sends sensitive traffic,
NOT run an automatic uucp router.  The router doesn't know what's an
internal site, what's an innocuous site, and what's a competitor's site.
-- 
John Gilmore      {sun,pacbell,uunet,pyramid}!hoptoad!gnu        gnu@toad.com
 The Gutenberg Bible is printed on hemp (marijuana) paper.  So was the July 2,
  1776 draft of the Declaration of Independence.  Why can't we grow it now?