From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: David Bremner <david@tethera.net>,
notmuch mailing list <notmuch@notmuchmail.org>
Subject: Re: privacy problem: text/html parts pull in network resources
Date: Tue, 27 Jan 2015 22:47:35 -0500 [thread overview]
Message-ID: <871tmfin1k.fsf@alice.fifthhorseman.net> (raw)
In-Reply-To: <87fvay3g0g.fsf@maritornes.cs.unb.ca>
On Sun 2015-01-25 12:51:43 -0500, David Bremner wrote:
> Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:
>
>> If i send a message with a text/html part (either it's only text/html,
>> or all parts are rendered, or it's multipart/alternative with only a
>> text/html subpart) and that HTML has <img
>> src="http://example.org/test.png"/> in it, then notmuch will make a
>> network request for that image.
>>
>> This is a privacy disaster, because it enables an e-mail sender to use
>> "web bugs" to tell when a given notmuch user has opened their e-mail.
>
> I've just pushed Austin's shr related series to master, so this problem
> should be fixed as of commit b74ed1c. One tradeoff that we should at
> least remark in NEWS, if not actually fix, is that I think there is now
> no way to view such images in notmuch. I don't know offhand what other
> html renderers will do.
thanks for this, David and Austin!
Other html-rendering mail clients that are privacy-conscious will often
provide a button or mechanism to indicate that some remote resources
were requested by the page but weren't fetched (e.g. a button saying
something like [Load Remote Images...]). I have no idea who actually
clicks on those buttons (or why), though, and even if we wanted them,
we'd only want to add a button on an image that actually had remote
network resources to load, and i don't know how we'd get that
information propagated back up the rendering stack to make such a
display decision. So i'm fine with leaving it this way for now.
--dkg
next prev parent reply other threads:[~2015-01-28 3:47 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-21 21:00 privacy problem: text/html parts pull in network resources Daniel Kahn Gillmor
2015-01-21 21:14 ` Austin Clements
2015-01-21 21:36 ` Daniel Kahn Gillmor
2015-01-21 22:39 ` Austin Clements
2015-01-21 21:46 ` David Bremner
2015-01-22 7:25 ` Tomi Ollila
2015-01-25 17:51 ` David Bremner
2015-01-28 3:47 ` Daniel Kahn Gillmor [this message]
2015-01-28 4:44 ` Jinwoo Lee
2015-01-28 23:57 ` Jinwoo Lee
2015-01-29 18:03 ` Daniel Kahn Gillmor
2015-01-29 18:14 ` Jinwoo Lee
2015-01-30 12:12 ` David Edmondson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871tmfin1k.fsf@alice.fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=david@tethera.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).