From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id 02A0F431FBC for ; Wed, 28 Jan 2015 15:57:34 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: 2.639 X-Spam-Level: ** X-Spam-Status: No, score=2.639 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DNS_FROM_AHBL_RHSBL=2.438, FREEMAIL_ENVFROM_END_DIGIT=1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bIf3d2beiV4L for ; Wed, 28 Jan 2015 15:57:31 -0800 (PST) Received: from mail-ie0-f174.google.com (mail-ie0-f174.google.com [209.85.223.174]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by olra.theworths.org (Postfix) with ESMTPS id A737C431FAF for ; Wed, 28 Jan 2015 15:57:31 -0800 (PST) Received: by mail-ie0-f174.google.com with SMTP id vy18so26838099iec.5 for ; Wed, 28 Jan 2015 15:57:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:in-reply-to:references:user-agent:date:message-id :mime-version:content-type; bh=CZeHqn05Il8pW1gKIjICIUJUwMnjdwNdmpcL31yPQ1c=; b=pluu0IqSVNPcLVsuRwrk1mwjEBek0wdEMyqdEaNBUQ1EUqGwezu/Vsoo0l4vZIMM5X xbMUn3LfceF/eK2DicFBCsNcdqDeDrO4MLa3Yzy1T0EwotEKfANJLOd6nNIltP+LXiQY RPiT8plqi5VM3MEyctoNS24cDWZzp5Rut0rPLjPSCFGnLbT+H6PjttObctwPLWDty0fk protDkFpA4YJ2QtGZudKuyFNYEcR+m3j0YA7Oss5eUu9epGP/QO1eAtM/A3i31ITAb5A rnMeA9JJDDcUIzx12WtE92na4rF9gLbATqoHlyHUUoKJPPB5OUoriLOkvamwHb2iJ4k0 lzjg== X-Received: by 10.42.95.12 with SMTP id d12mr318766icn.12.1422489449159; Wed, 28 Jan 2015 15:57:29 -0800 (PST) Received: from localhost ([2620:0:1000:407c:8db0:2697:618e:7748]) by mx.google.com with ESMTPSA id hg18sm198261igb.1.2015.01.28.15.57.28 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 28 Jan 2015 15:57:28 -0800 (PST) From: Jinwoo Lee To: Daniel Kahn Gillmor , David Bremner , notmuch mailing list Subject: Re: privacy problem: text/html parts pull in network resources In-Reply-To: References: <87ppa7q25w.fsf@alice.fifthhorseman.net> <87fvay3g0g.fsf@maritornes.cs.unb.ca> <871tmfin1k.fsf@alice.fifthhorseman.net> User-Agent: Notmuch/0.18.1 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-apple-darwin13.2.0) Date: Wed, 28 Jan 2015 15:57:25 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2015 23:57:35 -0000 On Tue, Jan 27, 2015 at 08:44 PM, Jinwoo Lee wrote: > On Tue, Jan 27, 2015 at 07:47 PM, Daniel Kahn Gillmor wrote: >> On Sun 2015-01-25 12:51:43 -0500, David Bremner wrote: >>> Daniel Kahn Gillmor writes: >>> >>>> If i send a message with a text/html part (either it's only text/html, >>>> or all parts are rendered, or it's multipart/alternative with only a >>>> text/html subpart) and that HTML has >>> src="http://example.org/test.png"/> in it, then notmuch will make a >>>> network request for that image. >>>> >>>> This is a privacy disaster, because it enables an e-mail sender to use >>>> "web bugs" to tell when a given notmuch user has opened their e-mail. >>> >>> I've just pushed Austin's shr related series to master, so this problem >>> should be fixed as of commit b74ed1c. One tradeoff that we should at >>> least remark in NEWS, if not actually fix, is that I think there is now >>> no way to view such images in notmuch. I don't know offhand what other >>> html renderers will do. >> >> thanks for this, David and Austin! >> >> Other html-rendering mail clients that are privacy-conscious will often >> provide a button or mechanism to indicate that some remote resources >> were requested by the page but weren't fetched (e.g. a button saying >> something like [Load Remote Images...]). I have no idea who actually >> clicks on those buttons (or why), though, and even if we wanted them, >> we'd only want to add a button on an image that actually had remote >> network resources to load, and i don't know how we'd get that >> information propagated back up the rendering stack to make such a >> display decision. So i'm fine with leaving it this way for now. > > Well, most promotional emails contain remote images and their contents > are incomprehensible without those images. I ignore most of them but I > do read a few of those promotional emails. It would be great to have a > UI for loading remote resources. Do you mind if I add a boolean defcustom, which determines whether to block remote images? Its default value will be T (block), but people who want to see remote images can customize it. > >> >> --dkg >> _______________________________________________ >> notmuch mailing list >> notmuch@notmuchmail.org >> http://notmuchmail.org/mailman/listinfo/notmuch