From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id CFB00431FC9 for ; Wed, 21 Jan 2015 14:39:13 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: 0.138 X-Spam-Level: X-Spam-Status: No, score=0.138 tagged_above=-999 required=5 tests=[DNS_FROM_AHBL_RHSBL=2.438, RCVD_IN_DNSWL_MED=-2.3] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vRvldbayjeuK for ; Wed, 21 Jan 2015 14:39:10 -0800 (PST) Received: from outgoing.csail.mit.edu (outgoing.csail.mit.edu [128.30.2.149]) by olra.theworths.org (Postfix) with ESMTP id 9ADEE431FBC for ; Wed, 21 Jan 2015 14:39:10 -0800 (PST) Received: from [104.131.20.129] (helo=awakeningjr) by outgoing.csail.mit.edu with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1YE3vZ-0002TM-KD; Wed, 21 Jan 2015 17:39:09 -0500 Received: from amthrax by awakeningjr with local (Exim 4.84) (envelope-from ) id 1YE3vZ-0001pR-4A; Wed, 21 Jan 2015 17:39:09 -0500 Date: Wed, 21 Jan 2015 17:39:09 -0500 From: Austin Clements To: Daniel Kahn Gillmor Subject: Re: privacy problem: text/html parts pull in network resources Message-ID: <20150121223909.GL22599@csail.mit.edu> References: <87ppa7q25w.fsf@alice.fifthhorseman.net> <20150121211407.GK22599@csail.mit.edu> <87k30fq0hx.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87k30fq0hx.fsf@alice.fifthhorseman.net> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: notmuch mailing list X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2015 22:39:14 -0000 Quoth Daniel Kahn Gillmor on Jan 21 at 4:36 pm: > On Wed 2015-01-21 16:14:07 -0500, Austin Clements wrote: > > I have a fix for this on shr buried deep in an old patch series that I > > never got back to: id:1398105468-14317-12-git-send-email-amdragon@mit.edu > > > > For shr, the key is to set shr-blocked-images to ".". > > I've just done this, but it doesn't seem to help. > > > However, IIRC, in the current notmuch message rendering pipeline, mm > > overrides this variable with something computed from > > gnus-blocked-images. That said, I'm not sure why gnus-blocked-images > > isn't *already* taking care of this, but that's probably the place to > > start digging. > > gnus-blocked-images is set for me to the function > gnus-block-private-groups, but i don't know what that is (the function > is undocumented afaict). Setting gnus-blocked-images to a regexp of "." > seems to work for me, though. In notmuch, mm will wind up calling (gnus-block-private-groups nil). Unfortunately, gnus apparently considers nil to be a news group rather than a "private group" (gnus speak for email, I think), so gnus-block-private-groups returns nil (meaning *don't* block images) rather than ".". Probably notmuch should override the gnus-blocked-images variable, since the default value is simply wrong for notmuch. Maybe something along the lines of the following should go around our text/html handler? (let ((gnus-blocked-images (if (eq gnus-blocked-images 'gnus-block-private-groups) ;; mm uses gnus-blocked-images to control image loading. ;; However, the default value of gnus-blocked-images ;; doesn't work for notmuch because ;; gnus-block-private-groups depends on gnus variables we ;; don't set. Override it to disallow network image ;; loading. "." ;; Use the user's customized value. gnus-blocked-images))) ...) Long live abstraction!