Friday, Dec 4, 2015 3:42 PM Rich Kulawiec wrote: > 1. Such links are often customized on a per-user per-message basis > with unique URLs. Thus *any* hit on that URL from anywhere must > have come from that user [1] and via that particular message. > It may not disclose their IP address but it *does* disclose that > they read the message and when. This is bad.
Yup. You have to always fetch, when the mail arrives. Which could turn into a DDoS attack if you do it for all messages, so not ideal without additional heuristics. But I don't see any way around those heuristics without simply deleting all URLs from all email messages. > 2. Proxying means proxy means proxy log means yet another place where > sensitive information accumulates. I.e., I don't think it's a good idea > to attempt to fix this issue by MITM'ing connections. You already have the whole email message if it's not encrypted, so I don't see that any additional information is leaking here. But this is still a good point. > 3. How do you rewrite a link over an encrypted connection? If you are running the IMAP server, it doesn't matter whether the connection between the user and the server is encrypted. If you are not, then it's not your problem. > I'm not arguing that there isn't a massive privacy problem here. > There is, and I think it's far more worrisome than IP addresses > in Received lines, because it discloses far more information *and it > does so in real time*. I just don't think solving it will be this easy. Agreed on both counts. -- Sent from Whiteout Mail - https://whiteout.io My PGP key: https://keys.whiteout.io/[email protected]
pgpRmRwuk9CFZ.pgp
Description: PGP signature
_______________________________________________ Shutup mailing list [email protected] https://www.ietf.org/mailman/listinfo/shutup
