Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

"Robert A. Rosenberg" <hal9001@panix.com> Fri, 04 December 2015 05:03 UTC

Return-Path: <hal9001@panix.com>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2274F1B2DCA; Thu, 3 Dec 2015 21:03:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30W0tMfaAcnW; Thu, 3 Dec 2015 21:03:50 -0800 (PST)
Received: from mailbackend.panix.com (mailbackend.panix.com [166.84.1.89]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDFE01B2DC8; Thu, 3 Dec 2015 21:03:50 -0800 (PST)
Received: from [192.168.1.241] (ool-4571974e.dyn.optonline.net [69.113.151.78]) by mailbackend.panix.com (Postfix) with ESMTPA id A17971720E; Fri, 4 Dec 2015 00:03:49 -0500 (EST)
Mime-Version: 1.0
Message-Id: <p06240407d286ca9198c9@[192.168.1.241]>
In-Reply-To: <1449197323648-4e74dacc-8bacef9a-217d6196@fugue.com>
References: <20151130042819.10658.qmail@ary.lan> <1448858775386-ceecd236-8b11ac04-a03b4438@fugue.com> <01PTPUIP3IUK01729W@mauve.mrochek.com> <11d014e5-9a6a-4b78-92a1-8e0a1e0a905d@gulbrandsen.priv.no> <lGTaHvC8ygXWFAuu@highwayman.com> <57B818513A0069189BA3CF41@JcK-HP8200.jck.com> <1449014394167-7d2dec58-2c6a9ae8-33fc8e7a@fugue.com> <565E4CCF.3080901@mustelids.ca> <20151202032522.GB12713@gsp.org> <1449027304809-2b32a944-6d383650-49f2a64c@fugue.com> <20151202225124.GA18695@gsp.org> <p06240403d286acd52687@[192.168.1.241]> <1449197323648-4e74dacc-8bacef9a-217d6196@fugue.com>
X-Mailer: Eudora for Mac OS X 6.2.4 (MacOS 10.5.8)
Date: Thu, 3 Dec 2015 23:53:10 -0500
To: Ted Lemon <mellon@fugue.com>
From: "Robert A. Rosenberg" <hal9001@panix.com>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/Ii3tFsyYLcSF467HE_9qw2jPGUM>
X-Mailman-Approved-At: Fri, 04 Dec 2015 00:11:43 -0800
Cc: shutup@ietf.org, ietf-smtp@ietf.org
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2015 05:03:52 -0000

At 02:48 +0000 on 12/04/2015, Ted Lemon wrote about Re: [ietf-smtp] 
[Shutup] Proposed Charter for the "SMTP Hea:

>Thursday, Dec 3, 2015 9:39 PM Robert A. Rosenberg wrote:
>>  If the message is HTML, then putting a 1x1 web-bug image in the 
>>HTML will trigger the info UNLESS the user's MUA is set to NOT 
>>automatically retrieve images.
>
>That retrieving images is the default behavior of most MUAs, and 
>that it is even possible to do without cryptographically validating 
>the ID of the sender in _any_ MUA, is an example of what I am 
>talking about when I say that UI design is vitally important to 
>protecting users' privacy.
>
>Obviously if you have an MUA that behaves so stupidly, then your 
>privacy is forfeit.   At present, that's most MUAs.   This is 
>something that I hope MUA implementors will wise up to, and we ought 
>to be advising them to if we aren't already.

As you can see from my X-Mailer header (which BTW [since we are 
talking about leaking info] leaks the fact that I am using a Mac and 
what MacOS Version I am running) I use Eudora. One of its settings 
(which I have set) tells the MUA to NOT fetch images and to wait 
until I click on the image icon to replace the icon with the actual 
image. Thus I see the icon whenever I am sent a Web-Bug in lieu of 
the bug calling home.