[Standards] XHTML <img/> presence leak

Kevin Smith kevin at kismith.co.uk
Fri Mar 2 14:30:21 UTC 2007


On 2 Mar 2007, at 14:21, Matthew O'Gorman wrote:
> Isn't this a client implementation problem?
Possibly, but a quick note makes sure everyone considers it.

>   also you could run a
> proxy or tor to secure your anonymity. ^_^
That wouldn't secure anonymity. The problem in this case is that an  
image element is sent to a user which is uniquely identifying. That  
is: if the user fetches the image, the http server knows they are  
online. It's not immediately obvious that displaying images is bad  
and so a client could automatically render images in messages,  
possibly even fetching them on receipt before message rendering - if  
they were to do that then it becomes trivial to determine when  
someone's online.

It's not a huge issue, a quick note in the xep and I think we've got  
it covered :)

/K

-- 
Kevin Smith
Psi XMPP Client Project Leader (http://psi-im.org)






More information about the Standards mailing list