At 02:48 +0000 on 12/04/2015, Ted Lemon wrote about Re: [ietf-smtp]
[Shutup] Proposed Charter for the "SMTP Hea:
Thursday, Dec 3, 2015 9:39 PM Robert A. Rosenberg wrote:
If the message is HTML, then putting a 1x1 web-bug image in the
HTML will trigger the info UNLESS the user's MUA is set to NOT
automatically retrieve images.
That retrieving images is the default behavior of most MUAs, and
that it is even possible to do without cryptographically validating
the ID of the sender in _any_ MUA, is an example of what I am
talking about when I say that UI design is vitally important to
protecting users' privacy.
Obviously if you have an MUA that behaves so stupidly, then your
privacy is forfeit. At present, that's most MUAs. This is
something that I hope MUA implementors will wise up to, and we ought
to be advising them to if we aren't already.
As you can see from my X-Mailer header (which BTW [since we are
talking about leaking info] leaks the fact that I am using a Mac and
what MacOS Version I am running) I use Eudora. One of its settings
(which I have set) tells the MUA to NOT fetch images and to wait
until I click on the image icon to replace the icon with the actual
image. Thus I see the icon whenever I am sent a Web-Bug in lieu of
the bug calling home.
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp