From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Tim Cross Newsgroups: gmane.emacs.devel Subject: Off Topic (Was Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?) Date: Mon, 21 May 2018 08:24:37 +1000 Message-ID: NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="0000000000008a5afc056caaa698" X-Trace: blaine.gmane.org 1526854999 22017 195.159.176.226 (20 May 2018 22:23:19 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sun, 20 May 2018 22:23:19 +0000 (UTC) To: Emacs developers Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon May 21 00:23:15 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fKWjS-0005eh-TK for ged-emacs-devel@m.gmane.org; Mon, 21 May 2018 00:23:15 +0200 Original-Received: from localhost ([::1]:47857 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fKWla-0000zF-0A for ged-emacs-devel@m.gmane.org; Sun, 20 May 2018 18:25:26 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:42948) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fKWkq-0000hQ-P3 for emacs-devel@gnu.org; Sun, 20 May 2018 18:24:42 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fKWkp-00053N-9B for emacs-devel@gnu.org; Sun, 20 May 2018 18:24:40 -0400 Original-Received: from mail-oi0-x233.google.com ([2607:f8b0:4003:c06::233]:33192) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fKWkp-00053H-2K for emacs-devel@gnu.org; Sun, 20 May 2018 18:24:39 -0400 Original-Received: by mail-oi0-x233.google.com with SMTP id k5-v6so11462515oiw.0 for ; Sun, 20 May 2018 15:24:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=n5j9GQM19Fy+lIzy+8vqEE9PzZ49jJKXfGuyviLQtw0=; b=RuYgSDum9i3bRFgC9Cdu3jhii3NMGLJ2Ky5G6uVpdfcA/uY6lDNGgYfDokAb3kWEgV P/z7CeCcLLIKSZS5AzXzmNdg6FzmfVy76vCC0BM5bgqAtpwJHFnvbAkvHPnsMS6lwq85 /t8q0ge6rkao5f6nFoGr+c691tYs/d7nl0AG5n4vP6FdjigIWOZFnI81OvvDgJcf7i7l NKdQJRZ8ZSPx7b7PiPJEeD7xXXEEtXd/Lieh94J2xg1jkmmo7VW0wyEXNCVqMsS3fyoF 3aZNg3yGkphxzsFZ5Xffhm4n8BlFnbLFyZybS6RqaKe4usxqzeB56sici3OIXqIyhM97 WJiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=n5j9GQM19Fy+lIzy+8vqEE9PzZ49jJKXfGuyviLQtw0=; b=A5bPLHEc8CNsg8IY8D7ZmLVA3ykhGO+dSwNyxLh3tlE392RLj5lb6mhixzqiWGcL8U /laNvTN67CPalCf2uE+/7N2LasoW30BBqxxKAZwgshuCnb6s1X+ZIRJd9HN/7v72gqAm bGWeXfMYqVnGFM2EJ9Lt1XpvXTnE0KJe5AF4ypqvqkD5EXMicsZlyU+HEsOGWBTL6AXH uPaT3IVaPi9fvL7xdOax7LxwH8Fg+u7mhSunJVSWGeSxYIG5o20+7k8XSskDkLU/VzN4 R8w7DwjogE3BSSVgeHCFYnEfr1YpKHRiwVTatZKJ/IBdBM8uC+f3Ih+k8EfsKM69lnhy HKfg== X-Gm-Message-State: ALKqPwfZ0YSC50qHXLvSckpTRi5owanfe7OxKh+wWuSegjbiiW72IX3i WpReFwY380rURMqNkzLlNGrkaLcRDugamEH6scWgsA== X-Google-Smtp-Source: AB8JxZr1IU/neWfVKKA08qJjEw/HS+AXhlr6Zk8ouPPZx2+imy5VY4jX8z2mb6A/yYP9nxQm9rov82D2mimZlLBhavM= X-Received: by 2002:aca:4850:: with SMTP id v77-v6mr9568893oia.354.1526855077877; Sun, 20 May 2018 15:24:37 -0700 (PDT) Original-Received: by 10.201.22.206 with HTTP; Sun, 20 May 2018 15:24:37 -0700 (PDT) X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4003:c06::233 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:225491 Archived-At: --0000000000008a5afc056caaa698 Content-Type: text/plain; charset="UTF-8" On 21 May 2018 at 03:33, Uwe Brauer wrote: > >>> "Richard" == Richard Stallman writes: > > > Slightly off topic, there is software which warns you about tracked > > emails or even tries to block them. However that blocking then causes > > the tracking software to consider it as opened, although it was not > > really opened :-D [1] and which really defeats the whole idea of > > tracking, but this is another topic. > > If that occurs, the 'read reciepts' must be being handled by the server and not the client. or the anti-tracking software is just rubbish. There are essentially 4 techniques I've seen used to track when an email message has been opened 1. Old style image - usually a small transparent png with a unique name. Remote server tracks requests for the image. As each image URL has a unique name, the system is able to map that to a specific message and from there to the recipient. Easy to defeat and can generate lots of false positives (for example, anti-virus software which opens messages and retrieves embedded objects to check them for malicious content etc, messages that are shraed/forwarded etc. 2. Embedded Javascript. Increasingly a problem, especially for browser based email clients. Software like 'ghostery' can help reduce the threat, but Javascript is becoming an increasingly more pervasive virus (still frustrates me that Adobe PDFs support embedded Javascript!). 3. Mail Server Support. Some mail server, like Exchange, support a read receipt extension. Most effective when all servers in the mail transport are Exchange, but other servers are also starting to support such an extension. Probably the hardest one to protect against because the 'tracking' occurs in server land and individuals lack control at this level. Most do offer to turn this feature off on a per client basis, but you have to trust the server honours that request. With exchange, the server knows a lot about your activity due to the way Outlook and exchange communicate. Even if you don't use outlook and just use imap/pop, the server will likely mark a message as being opened once you download it (pop) or open it (imap). About the only thing you can do is forward all your message to a server which is not Exchange. 4. Timed/Limited message servers. There are a few email services which offer the ability for the sender to delete their message after a specified period of time. I don't think these services are very popular, but I have received messages from such services (which I refuse to read). Essentially, you don't actually receive the message - instead, you receive a link to a message and you need to open the remote link in order to read the message. The marketing hype with these services is that you can supposedly delete the message you sent so that it no longer exists - complete rubbish of course as anyone can copy and paste the message (or use some other more sophisticated method to capture it). I hate this one because it plays on people who don't understand technology and gives them a false sense of control rather than reinforcing the reality that once you send/post something, it is out there and you no longer have control over it - almost as stupid as those pointless email footers threatening legal action if you distribute a message sent to you. I'm often tempted to put something like "To all senders - I consider any message sent to me to be my property. I will use, discard, share or publish the contents of such messages as I see fit. Tim -- Tim Cross --0000000000008a5afc056caaa698 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On 21 May 2018 at 03:33, Uwe Brauer <oub@mat.ucm.es> wrote:=
>>> "Rich= ard" =3D=3D Richard Stallman <rms@gn= u.org> writes:

> Slightly off topic, there is software which warns you about= tracked
> emails or even tries to block them. However that blocking = then causes
> the tracking software to consider it as opened, althoug= h it was not
> really opened :-D [1] and which really defeats the who= le idea of
> tracking, but this is another topic.

If that occurs, the 'read reciepts' must be b= eing handled by the server and not the client. or the anti-tracking softwar= e is just rubbish. There are essentially 4 techniques I've seen used to= track when an email message has been opened

1. Ol= d style image - usually a small transparent png with a unique name. Remote = server tracks requests for the image. As each image URL has a unique name, = the system is able to map that to a specific message and from there to the = recipient. Easy to defeat and can generate lots of false positives (for exa= mple, anti-virus software which opens messages and retrieves embedded objec= ts to check them for malicious content etc, messages that are shraed/forwar= ded etc.=C2=A0

2. Embedded Javascript. Increasingl= y a problem, especially for browser based email clients. Software like '= ;ghostery' can help reduce the threat, but Javascript is becoming an in= creasingly more pervasive virus (still frustrates me that Adobe PDFs suppor= t embedded Javascript!).=C2=A0

3. Mail Server Supp= ort. Some mail server, like Exchange, support a read receipt extension. Mos= t effective when all servers in the mail transport are Exchange, but other = servers are also starting to support such an extension. Probably the hardes= t one to protect against because the 'tracking' occurs in server la= nd and individuals lack control at this level. Most do offer to turn this f= eature off on a per client basis, but you have to trust the server honours = that request. With exchange, the server knows a lot about your activity due= to the way Outlook and exchange communicate. Even if you don't use out= look and just use imap/pop, the server will likely mark a message as being = opened once you download it (pop) or open it (imap). About the only thing y= ou can do is forward all your message to a server which is not Exchange.

4. Timed/Limited message servers. There are a few em= ail services which offer the ability for the sender to delete their message= after a specified period of time. I don't think these services are ver= y popular, but I have received messages from such services (which I refuse = to read). Essentially, you don't actually receive the message - instead= , you receive a link to a message and you need to open the remote link in o= rder to read the message. The marketing hype with these services is that yo= u can supposedly delete the message you sent so that it no longer exists - = complete rubbish of course as anyone can copy and paste the message (or use= some other more sophisticated method to capture it). I hate this one becau= se it plays on people who don't understand technology and gives them a = false sense of control rather than reinforcing the reality that once you se= nd/post something, it is out there and you no longer have control over it -= almost as stupid as those pointless email footers threatening legal action= if you distribute a message sent to you.=C2=A0 I'm often tempted to pu= t something like

"To all senders - I consider= any message sent to me to be my property. I will use, discard, share or pu= blish the contents of such messages as I see fit.=C2=A0




Tim
--
Tim Cross

--0000000000008a5afc056caaa698--