[imp] Email Privacy Test
Simon Wilson
simon at simonandkate.net
Thu May 1 10:46:15 UTC 2014
----- Message from Rick Romero <rick at havokmon.com> ---------
Date: Wed, 30 Apr 2014 20:04:57 -0500
From: Rick Romero <rick at havokmon.com>
Subject: Re: [imp] Email Privacy Test
To: Michael M Slusarz <slusarz at horde.org>
Cc: imp at lists.horde.org
> Quoting Michael M Slusarz <slusarz at horde.org>:
>
>> Quoting Michael M Slusarz <slusarz at horde.org>:
>>
>>> Quoting Simon B <simon.buongiorno at gmail.com>:
>>>
>>>> On 30 Apr 2014 13:34, "Rick Romero" <rick at havokmon.com> wrote:
>>>>> I have IMP 6.1.7, and I pass the test.
>>>>>
>>>>> The email you recieved CONTAINS the img src='#' tag - so your browser
>>>>> followed it. I'm running Firefox 17.0.1 ESR, and no problem. But
>>>>> Chrome caused the srcset error to get flagged - probably because of
>>>>> the
>>>>> javascript in the From field. It's looks broken in Chrome compared
>>>>> to FF.
>>>>>
>>>>> I suppose IMP could escape that though.
>>>>>
>>>>> Rick
>>>>>
>>>>> Quoting Simon Wilson <simon at simonandkate.net>:
>>>>>
>>>>>> Hi List,
>>>>>>
>>>>>> I just tried the privacy test at https://emailprivacytester.com, and
>>>>>> my
>>>>>> setup is failing one of the tests:
>>>>>>
>>>>>> "Test - Img srcset attr
>>>>>>
>>>>>> In the <body> of the HTML part, place a tag as follows:
>>>>>>
>>>>>> <img src="#" srcset="http://TRACKING_URL/ 1x">"
>>>>>>
>>>>>> Any ideas on how I can tighten this one up?
>>>>>>
>>>>>> This is on Imp 6.1.7, php 5.3.28.
>>>>
>>>> I don't know what imp I have, I have a git install that hasn't been
>>>> updated in a few months, but about half of my tests are red :(
>>>>
>>>> The only consolation is the android client is 50% worse...
>>>
>>> Strange, because IMP tested 100% the last time I looked at this a few
>>> months ago (believe it was 6.1 branch). On all browsers.
>>
>> http://bugs.horde.org/ticket/12886
>>
Not the same issue I don't think. This is an img srcset tag that is
triggering, not SVG.
>
> I don't think that's the same - plus it'll vary by site. If IMP is
> configured to display inline images automatically (though I don't have an
> SVG viewer defined), then the tests associated with the image tracking will
> go red. If your account is set to automatically respond to read requests,
> then another set of tests will go red.
>
> My install is set to not show anything inline, or take any action, without
> user intervention. I thought that was the default and my install passed
> 100%, except for the case of Chrome and what I assume was due to the
> Javascript in the From address, maybe that check has been added or Chome
> changed since December..
>
> Rick
> --
Interesting - it only triggers when opening from Imp in Chrome. Open
up Horde in Firefox and open the email and it does not trigger.
Purely as a matter of interest - Samsung email on my S4 opens a
webpage triggered by the email. Very nasty and very wrong. It also
triggers the Audio tag.
Simon
--
Simon Wilson
M: 0400 12 11 16
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 1339 bytes
Desc: PGP Public Key
URL: <http://lists.horde.org/archives/imp/attachments/20140501/99c5c030/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: PGP Digital Signature
URL: <http://lists.horde.org/archives/imp/attachments/20140501/99c5c030/attachment-0001.bin>
More information about the imp
mailing list