privacy problem: text/html parts pull in network resources

Jinwoo Lee jinwoo68 at gmail.com
Thu Jan 29 10:14:27 PST 2015


On Thu, Jan 29, 2015 at 10:03 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> On Wed 2015-01-28 18:57:25 -0500, Jinwoo Lee wrote:
>> Do you mind if I add a boolean defcustom, which determines whether to
>> block remote images?  Its default value will be T (block), but people
>> who want to see remote images can customize it.
>
> I have no objection to this kind of knob in an already fiddly config
> space.  In the other thread, i see the discussion of whether this should
> expose something fancier than a boolean, but given the number of
> possible rendering backends, i don't know how well we can support any of
> these options reliably.
>
> What should notmuch do when the customization variable is set to t
> (block remote images) but the html rendering backend doesn't support
> blocking remote images?
>
> It seems dangerous/disingenuous to offer the option to the user but not
> be able to enforce it in this case.  Should having this set to t
> restrict the range of html renderers to only those that we can force to
> respect it?

I'm not very knowledgeable in the notmuch codebase, but I think I agree
with your concern about this customization variable being dangerous or
misleading users.

+1 to restricting renderers.

>
>         --dkg
> _______________________________________________
> notmuch mailing list
> notmuch at notmuchmail.org
> http://notmuchmail.org/mailman/listinfo/notmuch


More information about the notmuch mailing list