[Gendispatch] Re: web bugs vs security wrappers, url/web-trackers and IETF mailing lists
John Levine <johnl@taugh.com> Sat, 28 June 2025 00:38 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: gendispatch@mail2.ietf.org
Delivered-To: gendispatch@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id B37923AC2497 for <gendispatch@mail2.ietf.org>; Fri, 27 Jun 2025 17:38:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.4
X-Spam-Level:
X-Spam-Status: No, score=-4.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="jJQ56AYl"; dkim=pass (2048-bit key) header.d=taugh.com header.b="RXlZNd4q"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BDJA1XUdYSE8 for <gendispatch@mail2.ietf.org>; Fri, 27 Jun 2025 17:38:26 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 0896B3AC2492 for <gendispatch@ietf.org>; Fri, 27 Jun 2025 17:38:20 -0700 (PDT)
Received: (qmail 4636 invoked from network); 28 Jun 2025 00:38:20 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding:cleverness; s=1219685f397c.k2506; t=1751071090; x=1751416690; bh=g4VyALgm1e862E38dOuXMWFFSQqlBeYu4zW0dljunfo=; b=jJQ56AYlJNqLDUUr9ExpiT0ZVj5kqEg1vnmkxh+VG1iwlTZklSEjzyvHmL/JtAfcdAlNkkeLplMbPEADLT/5BRr2JjCdg+vhfHfEB9VxnbhFvXUWZHyN4XH/cKoR/UdZlX+ScBB6axl4/d2UMucuGWCovvHKO1wfdgTIAQOU1n7OemQuK1d9M5KviT/14E/mrBvpdTuLJpzkeUtQjMCiS/Fq7Tz+VofmqBjm8+HTR/sscCHOgytKJsLMjdZ+08BQRYcBpOfnqADBi/OrKhCuXisKJ54nXt23SWr50We4OERHiIT/qEaFyIspgjj8bu7n/N8M0Kgd9R76eM91jps9FA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding:cleverness; s=1219685f397c.k2506; bh=g4VyALgm1e862E38dOuXMWFFSQqlBeYu4zW0dljunfo=; b=RXlZNd4qrvDur6Xf90aoW/ncj3344qmll0SN3yNR0lUHKWwlQ4aU2J3Ef9voj20R45ynxGVQgn802RJBqloL9OQR0OePE2PDEWMUB7h/husgKoMf0Pv4S4zgC6zqpMtgKmaSoP2XBzAqM+/bj/CkknuDT+8oeSHYBKzjd/wmYpHgTeNYuz7Gmq/7jw39ESS3gSWMvsbWGiiFe5ndkUA7ATyA0TgqMrc9BaTE8Zmq+BZj6XpkKzmYD57XM8n/Acb/E+/GJfGVubDGXotdDcsSOpZjR0l/mkmSk9BigGLD8xWzzsqH+kJnx0LSG4Kp0lICSu4vry1b/lJ2Cb8sPKHZ8w==
Received: from ary.qy ([IPv6:2001:470:1f07:1126:0:78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126:0:78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 28 Jun 2025 00:38:19 -0000
Received: by ary.qy (Postfix, from userid 501) id 6CA15D062D78; Fri, 27 Jun 2025 20:38:19 -0400 (EDT)
Date: Fri, 27 Jun 2025 20:38:19 -0400
Message-Id: <20250628003819.6CA15D062D78@ary.qy>
From: John Levine <johnl@taugh.com>
To: gendispatch@ietf.org
In-Reply-To: <MN2PR17MB4031C92C253E6588B59829A4CD7AA@MN2PR17MB4031.namprd17.prod.outlook.com>
Organization: Taughannock Networks
References: <29285.1750961438@obiwan.sandelman.ca> <MN2PR17MB4031C92C253E6588B59829A4CD7AA@MN2PR17MB4031.namprd17.prod.outlook.com>
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Message-ID-Hash: O4OZSNJPEV7JN2TWCEYHA7MH5JXPNODY
X-Message-ID-Hash: O4OZSNJPEV7JN2TWCEYHA7MH5JXPNODY
X-MailFrom: johnl@iecc.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: rsalz@akamai.com
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Gendispatch] Re: web bugs vs security wrappers, url/web-trackers and IETF mailing lists
List-Id: General Area Dispatch <gendispatch.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/gendispatch/YFyIP9BLC1VDi9wK5eFDGqaZn2Y>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gendispatch>
List-Help: <mailto:gendispatch-request@ietf.org?subject=help>
List-Owner: <mailto:gendispatch-owner@ietf.org>
List-Post: <mailto:gendispatch@ietf.org>
List-Subscribe: <mailto:gendispatch-join@ietf.org>
List-Unsubscribe: <mailto:gendispatch-leave@ietf.org>
It appears that Salz, Rich <rsalz@akamai.com> said: >-=-=-=-=-=- > >https://datatracker.ietf.org/doc/draft-richardson-no-trackers-in-archives/ > >I think this is a bad idea. I think the idea of the IETF doing any kind of modification to what gets put in its archives is the start of a very slippery slope. I misunderstood what this draft is about, and I suspect I'm not the only one. Commercial bulk mail often contains web bugs (which they euphemistically call web beacons), little one pixel images that they stick in the HTML in hope that the recipient's mail program will fetch them and the sender can tell that someone looked at the mail. They're awful, but they're also vanishingly rare in the mail on our lists and that's not what this is about. Inbound mail security filters such as the ones from Proofpoint often wrap URLs in the text of a message to point at the security provider so it can sniff the URL and see if it's malicious before redirecting to it. If someone replies to or forwards such a message, we all get to see the wrapped version. Those are sort of annoying but I do not believe that they're intended to spy on anyone, they're to block malware. If it's really really easy to make the mail archive unwrap them when displayed, OK (keeping in mind that there are multiple providers that wrap in different ways, and there's no promise that any provider will keep wrapping the same way they do today), but I do not think they are an important problem and I would not spend much time or money on this. R's, John
- [Gendispatch] url/web-trackers and IETF mailing l… Michael Richardson
- [Gendispatch] Re: url/web-trackers and IETF maili… Salz, Rich
- [Gendispatch] Re: url/web-trackers and IETF maili… Jay Daley
- [Gendispatch] Re: url/web-trackers and IETF maili… John Levine
- [Gendispatch] Re: url/web-trackers and IETF maili… Salz, Rich
- [Gendispatch] Re: web bugs vs security wrappers, … John Levine
- [Gendispatch] Re: url/web-trackers and IETF maili… S Moonesamy
- [Gendispatch] Re: url/web-trackers and IETF maili… Salz, Rich