Bug#793508: kmail: contacts gravatar.com to fetch face images of senders of opened mails by default
Package: kmail Version: 4:4.14.10-2 Followup-For: Bug #793508 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I also see this happen. Suddenly, one of my coworkers had a donkey in every mail he sent. This effectively leaks information about who I receive mail from to any network operator on the route to the internet. - -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.1.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/lksh Init: systemd (via /run/systemd/system) Versions of packages kmail depends on: ii kde-runtime 4:15.08.0-2 ii kdepim-runtime4:4.14.10-2 ii kdepimlibs-kio-plugins4:4.14.10-1 ii libakonadi-calendar4 4:4.14.10-1 ii libakonadi-contact4 4:4.14.10-1 ii libakonadi-kde4 4:4.14.10-1 ii libakonadi-kmime4 4:4.14.10-1 ii libakonadiprotocolinternals1 1.13.0-8 ii libc6 2.19-19 ii libcalendarsupport4 4:4.14.10-2 ii libfollowupreminder4 4:4.14.10-2 ii libgcc1 1:5.2.1-16 ii libgpgme++2v5 4:4.14.10-1 ii libgrantlee-core0 0.4.0-3 ii libincidenceeditorsng44:4.14.10-2 ii libkabc4 4:4.14.10-1 ii libkalarmcal2 4:4.14.10-1 ii libkcalcore4 4:4.14.10-1 ii libkcalutils4 4:4.14.10-1 ii libkcmutils4 4:4.14.10-3 ii libkdecore5 4:4.14.10-3 ii libkdepim44:4.14.10-2 ii libkdeui5 4:4.14.10-3 ii libkio5 4:4.14.10-3 ii libkleo4 4:4.14.10-2 ii libkmanagesieve4 4:4.14.10-2 ii libkmime4 4:4.14.10-1 ii libknotifyconfig4 4:4.14.10-3 ii libkontactinterface4a 4:4.14.10-1 ii libkparts44:4.14.10-3 ii libkpimidentities44:4.14.10-1 ii libkpimtextedit4 4:4.14.10-1 ii libkpimutils4 4:4.14.10-1 ii libkprintutils4 4:4.14.10-3 ii libksieveui4 4:4.14.10-2 ii libmailcommon44:4.14.10-2 ii libmailimporter4 4:4.14.10-2 ii libmailtransport4 4:4.14.10-1 ii libmessagecomposer4 4:4.14.10-2 ii libmessagecore4 4:4.14.10-2 ii libmessagelist4 4:4.14.10-2 ii libmessageviewer4 4:4.14.10-2 ii libpimcommon4 4:4.14.10-2 ii libqt4-dbus 4:4.8.7+dfsg-3 ii libqt4-network4:4.8.7+dfsg-3 ii libqt4-xml4:4.8.7+dfsg-3 ii libqtcore44:4.8.7+dfsg-3 ii libqtgui4 4:4.8.7+dfsg-3 ii libqtwebkit4 2.3.4.dfsg-4 ii libsendlater4 4:4.14.10-2 ii libsolid4 4:4.14.10-3 ii libstdc++65.2.1-16 ii libtemplateparser44:4.14.10-2 ii perl 5.20.2-6 Versions of packages kmail recommends: ii gnupg-agent 2.1.7-2 ii gnupg2 2.1.7-2 ii kdepim-doc 4:4.14.10-2 pn kdepim-themeditors ii ktnef 4:4.14.10-2 ii pinentry-gnome3 [pinentry-x11] 0.9.5-4 ii pinentry-gtk2 [pinentry-x11]0.9.5-4 ii pinentry-qt4 [pinentry-x11] 0.9.5-4 Versions of packages kmail suggests: pn clamav ii kaddressbook4:4.14.10-2 ii kleopatra 4:4.14.10-2 ii procmail3.22-25 pn spamassassin | bogofilter | annoyance-filter | spambayes | bsf - -- no debconf information -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQJOBAEBCAA4BQJV7sKHMRpodHRwczovL3d3dy5kb21pbmlrLWdlb3JnZS5kZS9n cGctcG9saWN5LnR4dC5hc2MACgkQt5o8FqDE8pbPHA//f9+OoQ8YwolnAkfuvlS9 RKsolaMje1k/dAsru/Rxl/4FenUecVtRqBbR+VLxWojksrj7i+lKow3bZmTo/vGc gwzgpgEOjnB/PEFvq1WsvcdUUJ0BxtQ7FOgZ6c0eE5nBx8+s30exn/fJR6zuXP3V hlRsn7BjH2gzZkq3GT6uJIWIniQ55fr3ClqHjvyTdtp8gVLNoqKIhX/8/EEtxFrC Jxwd4HaennvrOyNHW6lR7DIU4V5Qr02NRyIcqhH/YkgYAFq0vge65XfTvKOZ3kbk kNrMRWojZH7UefvrB3913YlxwI640zbdJrrlSpkiRbwQBV5es8gjO/KhHH2QN7wf +CV/DDhtPGvw8K0HzBYzZbX6pbQ3KvV91cTXRkMsD3BcfGn0/mKSQn/W6r6FckLJ QxEoWoiqRm1b+8PIqOgQm7zBt+BODEBGZ1+uDZFvA4kd4BrmZLw2pM9+p5pM78wZ Z0vobWRM+vKTKot55gbFr/fuVUd6uK3d2k4XbQZPXejrvaxIjLY0H4dvRslED17e YDE7m13N3+1PIUU9Xtt+1H4tvZBmG780lfjchKQA59scyOuB6ZDeimaeNbdmJ461 AEjyn3hhPzdbs7gx4WbwbSPR8zE1vhwsISvREPafsSGba/lbGMEsmaTce+j3G6Xt kUGtIWRVf5SLOF7JyAmKvbk= =x/fp -END PGP SIGNATURE-
Bug#793508: kmail: contacts gravatar.com to fetch face images of senders of opened mails by default
Package: kmail Version: 4:4.14.5-1 Severity: important Dear Maintainer, I just found out after reading kde-pim upstream mailing list that KMail as packaged in Debian experimental, I am not sure whether the Sid version is also affected, contacts gravatar.com to fetch face images of senders of opened mails by defaultĀ¹. This was not the intention of the developer adding gravatar.com support to it. I just posted the following information to debian-kde mailing list: --- If you do not want KMail to connect to gravatar.com to find faces for mail identities, you can disable it in Configure / Appearance / Message window (last one roughly translated from german). --- But as not everyone reads it and this is a privacy leak, it may make sense to upload a package that changes the default. As to the thread the enabled by default mistake has been fixed in KF5 based kmail which is due to release with KDE Applications 15.08 in August. Please note it is not my intention to point fingers or such. I assume good intentions, errors can happen. So this is just about fixing the privacy leak being enabled by default. [1] kde-pim mailinglist, Thread [Kde-pim] how does kmail find face-like images from mail senders ? started by Martin Koller, specifically: Message-ID: 2126112.rfxk9ju...@collossus.ingo-kloecker.de Message-ID: 1996527.JvW9aqgcpS@linux-19td Mailinglist archive at https://mail.kde.org/pipermail/kde-pim/ is currently broken. Thanks, Martin -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.2.0-rc3-tp520-btrfstrim+ (SMP w/4 CPU cores; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages kmail depends on: ii kde-runtime 4:14.12.3-1 ii kdepim-runtime4:4.14.6-1 ii kdepimlibs-kio-plugins4:4.14.6-1 ii libakonadi-calendar4 4:4.14.6-1 ii libakonadi-contact4 4:4.14.6-1 ii libakonadi-kde4 4:4.14.6-1 ii libakonadi-kmime4 4:4.14.6-1 ii libakonadiprotocolinternals1 1.13.0-7 ii libc6 2.19-19 ii libcalendarsupport4 4:4.14.5-1 ii libfollowupreminder4 4:4.14.5-1 ii libgcc1 1:5.1.1-14 ii libgpgme++2 4:4.14.6-1 ii libgrantlee-core0 0.4.0-2 ii libincidenceeditorsng44:4.14.5-1 ii libkabc4 4:4.14.6-1 ii libkalarmcal2 4:4.14.6-1 ii libkcalcore4 4:4.14.6-1 ii libkcalutils4 4:4.14.6-1 ii libkcmutils4 4:4.14.2-5 ii libkdecore5 4:4.14.2-5 ii libkdepim44:4.14.5-1 ii libkdeui5 4:4.14.2-5 ii libkio5 4:4.14.2-5 ii libkleo4 4:4.14.5-1 ii libkmanagesieve4 4:4.14.5-1 ii libkmime4 4:4.14.6-1 ii libknotifyconfig4 4:4.14.2-5 ii libkontactinterface4a 4:4.14.6-1 ii libkparts44:4.14.2-5 ii libkpgp4 4:4.14.5-1 ii libkpimidentities44:4.14.6-1 ii libkpimtextedit4 4:4.14.6-1 ii libkpimutils4 4:4.14.6-1 ii libkprintutils4 4:4.14.2-5 ii libksieveui4 4:4.14.5-1 ii libmailcommon44:4.14.5-1 ii libmailimporter4 4:4.14.5-1 ii libmailtransport4 4:4.14.6-1 ii libmessagecomposer4 4:4.14.5-1 ii libmessagecore4 4:4.14.5-1 ii libmessagelist4 4:4.14.5-1 ii libmessageviewer4 4:4.14.5-1 ii libpimcommon4 4:4.14.5-1 ii libqt4-dbus 4:4.8.7+dfsg-1 ii libqt4-network4:4.8.7+dfsg-1 ii libqt4-xml4:4.8.7+dfsg-1 ii libqtcore44:4.8.7+dfsg-1 ii libqtgui4 4:4.8.7+dfsg-1 ii libqtwebkit4 2.3.4.dfsg-3 ii libsendlater4 4:4.14.5-1 ii libsolid4 4:4.14.2-5 ii libstdc++65.1.1-14 ii libtemplateparser44:4.14.5-1 ii perl 5.20.2-6 Versions of packages kmail recommends: ii gnupg-agent 2.0.28-3 ii gnupg2 2.0.28-3 ii kdepim-doc 4:4.14.5-1 pn kdepim-themeditors none ii ktnef 4:4.14.5-1 ii pinentry-gnome3 [pinentry-x11] 0.9.5-2 ii pinentry-gtk2 [pinentry-x11]0.9.5-2 ii pinentry-qt4 [pinentry-x11] 0.9.5-2 Versions of packages kmail suggests: ii bogofilter1.2.4+dfsg1-3 pn clamav