[Standards] XHTML <img/> presence leak
mogorman at astjab.org
Fri Mar 2 14:50:34 UTC 2007
they would know i was online but not where, but i see your point
On 3/2/07, Kevin Smith <kevin at kismith.co.uk> wrote:
> On 2 Mar 2007, at 14:21, Matthew O'Gorman wrote:
> > Isn't this a client implementation problem?
> Possibly, but a quick note makes sure everyone considers it.
> > also you could run a
> > proxy or tor to secure your anonymity. ^_^
> That wouldn't secure anonymity. The problem in this case is that an
> image element is sent to a user which is uniquely identifying. That
> is: if the user fetches the image, the http server knows they are
> online. It's not immediately obvious that displaying images is bad
> and so a client could automatically render images in messages,
> possibly even fetching them on receipt before message rendering - if
> they were to do that then it becomes trivial to determine when
> someone's online.
> It's not a huge issue, a quick note in the xep and I think we've got
> it covered :)
> Kevin Smith
> Psi XMPP Client Project Leader (http://psi-im.org)
More information about the Standards