Thursday, Dec 3, 2015 9:39 PM Robert A. Rosenberg wrote:
If the message is HTML, then putting a 1x1 web-bug image in the HTML will
trigger the info UNLESS the user's MUA is set to NOT automatically retrieve
images.
That retrieving images is the default behavior of most MUAs, and that it is
even possible to do without cryptographically validating the ID of the sender
in _any_ MUA, is an example of what I am talking about when I say that UI
design is vitally important to protecting users' privacy.
Obviously if you have an MUA that behaves so stupidly, then your privacy is
forfeit. At present, that's most MUAs. This is something that I hope MUA
implementors will wise up to, and we ought to be advising them to if we aren't
already.
There are some ways of fixing this without involving the MUA. E.g., if a user
gets email with links to images, rewrite all of the links to point to a proxy
that has a mapping between each rewritten link and the original; if the MUA
fetches against that link, proxy it. This protects the end user's IP address
without requiring that they install a new MUA, and should be the default
behavior of every mail system (but I suspect isn't the default behavior of any,
although I heard Google was contemplating doing something like this).
--
Sent from Whiteout Mail - https://whiteout.io
My PGP key: https://keys.whiteout.io/mellon(_at_)fugue(_dot_)com
pgpJckzGVAQA3.pgp
Description: PGP signature
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp