[Standards] XHTML <img/> presence leak
ian.paterson at clientside.co.uk
Fri Mar 2 10:54:49 UTC 2007
Your presence would be leaked if someone sends you an XHTML <img/> for
which the URI points to an HTTP server that they control. If you are
online (or the moment you come online later) then your client will
request the image (perhaps just a single transparent pixel) when it
displays the message to you. The HTTP server simply reports the request
to the person who wants to discover your presence.
I think a note about this would be a helpful addition to XEP-0071.
Perhaps clients should ask/warn their user before displaying such inline
images received from non-subscribers (probably including a "Don't ask me
More information about the Standards