[Standards] XHTML <img/> presence leak
Matthew O'Gorman
mogorman at astjab.org
Fri Mar 2 08:21:44 CST 2007
Isn't this a client implementation problem? also you could run a
proxy or tor to secure your anonymity. ^_^
mog
On 3/2/07, Ian Paterson <ian.paterson at clientside.co.uk> wrote:
> Your presence would be leaked if someone sends you an XHTML <img/> for
> which the URI points to an HTTP server that they control. If you are
> online (or the moment you come online later) then your client will
> request the image (perhaps just a single transparent pixel) when it
> displays the message to you. The HTTP server simply reports the request
> to the person who wants to discover your presence.
>
> I think a note about this would be a helpful addition to XEP-0071.
> Perhaps clients should ask/warn their user before displaying such inline
> images received from non-subscribers (probably including a "Don't ask me
> again" checkbox).
>
> - Ian
>
>
More information about the Standards
mailing list