--- /dev/null
+Return-Path: <dkg@fifthhorseman.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by olra.theworths.org (Postfix) with ESMTP id F035D431FC9\r
+ for <notmuch@notmuchmail.org>; Tue, 27 Jan 2015 19:47:33 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 2.438\r
+X-Spam-Level: **\r
+X-Spam-Status: No, score=2.438 tagged_above=-999 required=5\r
+ tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+ by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id eG74-x1mUycZ for <notmuch@notmuchmail.org>;\r
+ Tue, 27 Jan 2015 19:47:30 -0800 (PST)\r
+Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])\r
+ by olra.theworths.org (Postfix) with ESMTP id A8741431FAF\r
+ for <notmuch@notmuchmail.org>; Tue, 27 Jan 2015 19:47:30 -0800 (PST)\r
+Received: from fifthhorseman.net (ool-6c3a0662.static.optonline.net\r
+ [108.58.6.98])\r
+ by che.mayfirst.org (Postfix) with ESMTPSA id 73BF4F984;\r
+ Tue, 27 Jan 2015 22:47:27 -0500 (EST)\r
+Received: by fifthhorseman.net (Postfix, from userid 1000)\r
+ id 20B81201F8; Tue, 27 Jan 2015 22:47:35 -0500 (EST)\r
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>\r
+To: David Bremner <david@tethera.net>,\r
+ notmuch mailing list <notmuch@notmuchmail.org>\r
+Subject: Re: privacy problem: text/html parts pull in network resources\r
+In-Reply-To: <87fvay3g0g.fsf@maritornes.cs.unb.ca>\r
+References: <87ppa7q25w.fsf@alice.fifthhorseman.net>\r
+ <87fvay3g0g.fsf@maritornes.cs.unb.ca>\r
+User-Agent: Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1\r
+ (x86_64-pc-linux-gnu)\r
+Date: Tue, 27 Jan 2015 22:47:35 -0500\r
+Message-ID: <871tmfin1k.fsf@alice.fifthhorseman.net>\r
+MIME-Version: 1.0\r
+Content-Type: text/plain\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Wed, 28 Jan 2015 03:47:34 -0000\r
+\r
+On Sun 2015-01-25 12:51:43 -0500, David Bremner wrote:\r
+> Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:\r
+>\r
+>> If i send a message with a text/html part (either it's only text/html,\r
+>> or all parts are rendered, or it's multipart/alternative with only a\r
+>> text/html subpart) and that HTML has <img\r
+>> src="http://example.org/test.png"/> in it, then notmuch will make a\r
+>> network request for that image.\r
+>>\r
+>> This is a privacy disaster, because it enables an e-mail sender to use\r
+>> "web bugs" to tell when a given notmuch user has opened their e-mail.\r
+>\r
+> I've just pushed Austin's shr related series to master, so this problem\r
+> should be fixed as of commit b74ed1c. One tradeoff that we should at\r
+> least remark in NEWS, if not actually fix, is that I think there is now\r
+> no way to view such images in notmuch. I don't know offhand what other\r
+> html renderers will do.\r
+\r
+thanks for this, David and Austin!\r
+\r
+Other html-rendering mail clients that are privacy-conscious will often\r
+provide a button or mechanism to indicate that some remote resources\r
+were requested by the page but weren't fetched (e.g. a button saying\r
+something like [Load Remote Images...]). I have no idea who actually\r
+clicks on those buttons (or why), though, and even if we wanted them,\r
+we'd only want to add a button on an image that actually had remote\r
+network resources to load, and i don't know how we'd get that\r
+information propagated back up the rendering stack to make such a\r
+display decision. So i'm fine with leaving it this way for now.\r
+\r
+ --dkg\r
projects / notmuch-archives.git / commitdiff