[Standards] XHTML <img/> presence leak

Matthew O'Gorman mogorman at astjab.org
Fri Mar 2 14:21:44 UTC 2007


Isn't this a client implementation problem?  also you could run a
proxy or tor to secure your anonymity. ^_^

mog

On 3/2/07, Ian Paterson <ian.paterson at clientside.co.uk> wrote:
> Your presence would be leaked if someone sends you an XHTML <img/> for
> which the URI points to an HTTP server that they control. If you are
> online (or the moment you come online later) then your client will
> request the image (perhaps just a single transparent pixel) when it
> displays the message to you. The HTTP server simply reports the request
> to the person who wants to discover your presence.
>
> I think a note about this would be a helpful addition to XEP-0071.
> Perhaps clients should ask/warn their user before displaying such inline
> images received from non-subscribers (probably including a "Don't ask me
> again" checkbox).
>
> - Ian
>
>



More information about the Standards mailing list