privacy problem: text/html parts pull in network resources

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Jan 29 10:03:43 PST 2015


On Wed 2015-01-28 18:57:25 -0500, Jinwoo Lee wrote:
> Do you mind if I add a boolean defcustom, which determines whether to
> block remote images?  Its default value will be T (block), but people
> who want to see remote images can customize it.

I have no objection to this kind of knob in an already fiddly config
space.  In the other thread, i see the discussion of whether this should
expose something fancier than a boolean, but given the number of
possible rendering backends, i don't know how well we can support any of
these options reliably.

What should notmuch do when the customization variable is set to t
(block remote images) but the html rendering backend doesn't support
blocking remote images?

It seems dangerous/disingenuous to offer the option to the user but not
be able to enforce it in this case.  Should having this set to t
restrict the range of html renderers to only those that we can force to
respect it?

        --dkg


More information about the notmuch mailing list