1 Return-Path: <dkg@fifthhorseman.net>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by olra.theworths.org (Postfix) with ESMTP id F035D431FC9
\r
6 for <notmuch@notmuchmail.org>; Tue, 27 Jan 2015 19:47:33 -0800 (PST)
\r
7 X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
\r
11 X-Spam-Status: No, score=2.438 tagged_above=-999 required=5
\r
12 tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled
\r
13 Received: from olra.theworths.org ([127.0.0.1])
\r
14 by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
\r
15 with ESMTP id eG74-x1mUycZ for <notmuch@notmuchmail.org>;
\r
16 Tue, 27 Jan 2015 19:47:30 -0800 (PST)
\r
17 Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])
\r
18 by olra.theworths.org (Postfix) with ESMTP id A8741431FAF
\r
19 for <notmuch@notmuchmail.org>; Tue, 27 Jan 2015 19:47:30 -0800 (PST)
\r
20 Received: from fifthhorseman.net (ool-6c3a0662.static.optonline.net
\r
22 by che.mayfirst.org (Postfix) with ESMTPSA id 73BF4F984;
\r
23 Tue, 27 Jan 2015 22:47:27 -0500 (EST)
\r
24 Received: by fifthhorseman.net (Postfix, from userid 1000)
\r
25 id 20B81201F8; Tue, 27 Jan 2015 22:47:35 -0500 (EST)
\r
26 From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
\r
27 To: David Bremner <david@tethera.net>,
\r
28 notmuch mailing list <notmuch@notmuchmail.org>
\r
29 Subject: Re: privacy problem: text/html parts pull in network resources
\r
30 In-Reply-To: <87fvay3g0g.fsf@maritornes.cs.unb.ca>
\r
31 References: <87ppa7q25w.fsf@alice.fifthhorseman.net>
\r
32 <87fvay3g0g.fsf@maritornes.cs.unb.ca>
\r
33 User-Agent: Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1
\r
34 (x86_64-pc-linux-gnu)
\r
35 Date: Tue, 27 Jan 2015 22:47:35 -0500
\r
36 Message-ID: <871tmfin1k.fsf@alice.fifthhorseman.net>
\r
38 Content-Type: text/plain
\r
39 X-BeenThere: notmuch@notmuchmail.org
\r
40 X-Mailman-Version: 2.1.13
\r
42 List-Id: "Use and development of the notmuch mail system."
\r
43 <notmuch.notmuchmail.org>
\r
44 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
\r
45 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
46 List-Archive: <http://notmuchmail.org/pipermail/notmuch>
\r
47 List-Post: <mailto:notmuch@notmuchmail.org>
\r
48 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
49 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
\r
50 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
51 X-List-Received-Date: Wed, 28 Jan 2015 03:47:34 -0000
\r
53 On Sun 2015-01-25 12:51:43 -0500, David Bremner wrote:
\r
54 > Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:
\r
56 >> If i send a message with a text/html part (either it's only text/html,
\r
57 >> or all parts are rendered, or it's multipart/alternative with only a
\r
58 >> text/html subpart) and that HTML has <img
\r
59 >> src="http://example.org/test.png"/> in it, then notmuch will make a
\r
60 >> network request for that image.
\r
62 >> This is a privacy disaster, because it enables an e-mail sender to use
\r
63 >> "web bugs" to tell when a given notmuch user has opened their e-mail.
\r
65 > I've just pushed Austin's shr related series to master, so this problem
\r
66 > should be fixed as of commit b74ed1c. One tradeoff that we should at
\r
67 > least remark in NEWS, if not actually fix, is that I think there is now
\r
68 > no way to view such images in notmuch. I don't know offhand what other
\r
69 > html renderers will do.
\r
71 thanks for this, David and Austin!
\r
73 Other html-rendering mail clients that are privacy-conscious will often
\r
74 provide a button or mechanism to indicate that some remote resources
\r
75 were requested by the page but weren't fetched (e.g. a button saying
\r
76 something like [Load Remote Images...]). I have no idea who actually
\r
77 clicks on those buttons (or why), though, and even if we wanted them,
\r
78 we'd only want to add a button on an image that actually had remote
\r
79 network resources to load, and i don't know how we'd get that
\r
80 information propagated back up the rendering stack to make such a
\r
81 display decision. So i'm fine with leaving it this way for now.
\r