27 lines
1.4 KiB
Plaintext
27 lines
1.4 KiB
Plaintext
MBOX-Line: From Neil_Hunsperger at symantec.com Fri May 15 16:18:56 2015
|
|
To: imap-protocol@u.washington.edu
|
|
From: Neil Hunsperger <Neil_Hunsperger@symantec.com>
|
|
Date: Fri Jun 8 12:34:54 2018
|
|
Subject: [Imap-protocol] Registration of keyword which enables
|
|
fetching external images
|
|
In-Reply-To: <5f24e38f-5968-4367-97f6-fa4008f582fd@flaska.net>
|
|
References: <5f24e38f-5968-4367-97f6-fa4008f582fd@flaska.net>
|
|
Message-ID: <14D026C7F297AD44AC82578DD818CDD047B37C34E0@TUS1XCHEVSPIN35.SYMC.SYMANTEC.COM>
|
|
|
|
Hi Jan,
|
|
|
|
> This is done
|
|
> for privacy reasons so that we don't leak information about the recipient
|
|
> by accident. However, once a request to a given external URL has been made,
|
|
> the privacy issue doesn't matter anymore (the information has leaked
|
|
> already). It is therefore typically safe to make this per-message setting
|
|
> permanent
|
|
|
|
Additional requests may leak additional information. Examples:
|
|
|
|
* I've viewed an offer letter 10 times and thus may be interested enough to be squeezed for more money.
|
|
* I was paging through last week's email to find something and my MUA downloads external images from "politically-sensitive-topic.org" while I'm now travelling overseas in a country where that topic is illegal.
|
|
* I allowed downloading linked images from my desktop MUA and now my other devices respect that setting, exposing information on the complete set of MUA software I use and the region I'm currently in.
|
|
|
|
-Neil
|