[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

2015-12-03 23:03:55
At 02:48 +0000 on 12/04/2015, Ted Lemon wrote about Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Hea:

Thursday, Dec 3, 2015 9:39 PM Robert A. Rosenberg wrote:
If the message is HTML, then putting a 1x1 web-bug image in the HTML will trigger the info UNLESS the user's MUA is set to NOT automatically retrieve images.

That retrieving images is the default behavior of most MUAs, and that it is even possible to do without cryptographically validating the ID of the sender in _any_ MUA, is an example of what I am talking about when I say that UI design is vitally important to protecting users' privacy.

Obviously if you have an MUA that behaves so stupidly, then your privacy is forfeit. At present, that's most MUAs. This is something that I hope MUA implementors will wise up to, and we ought to be advising them to if we aren't already.

As you can see from my X-Mailer header (which BTW [since we are talking about leaking info] leaks the fact that I am using a Mac and what MacOS Version I am running) I use Eudora. One of its settings (which I have set) tells the MUA to NOT fetch images and to wait until I click on the image icon to replace the icon with the actual image. Thus I see the icon whenever I am sent a Web-Bug in lieu of the bug calling home.

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>