On Sun, 07 Jul 2002 10:06:44 -0700
Chuq Von Rospach <chuqui@plaidworks.com> wrote:
> On 7/7/02 9:39 AM, "J C Lawrence" <claw@kanga.nu> wrote:
>> and use of web bugs in HTML email for post-tracking/privacy_invasion.
>> Properly tagging and stripping references to non-message hosted
>> content in HTML email without also crippling/stripping the actually
>> useful aspects of HTML email however is a bitch.
> No, it's not possible. Trust me on that.
Care to comment a little on this?
> The REAL answer is twofold.
> Part one is: users need to push vendors to allow them to opt-out of
> these types of systems. You should be able to request to not be
> tracked.
Kinda tough really given that the market is uncontrolled and ad-hoc.
Its especially difficult (or at least ugly) when things like corporate
espionage (legally innocuous -- just tracking and monitoring
competitor's activities who participate in the same forums) start
getting involved.
And yes, I've already seen it happen, and have seen people asked to
build systems so that their employer could use them to do that sort of
tracking of competitors.
Note:
This whole web-bug thing can be trivially handled at the local MUA
level. If your MUA renderes HTML mail you can configure your MUA to
use a web proxy that doesn't exist. Then, when viewing HTML mail that
makes external references all the external references fail as the
proxy connections fail, leaving your message display confined to the
locally provided objects.
It works quite well. I do exactly that here.
The problem with this address is the side effect of the campaign for
tight integration in mass market tools, especially under Windows. In
those environments MUAs typically inherit the proxy settings of the
system browser (and use the system browser controls via DLL etc to
render HTML mail). Setting the system browser to point at a
nonexistent proxy kills the use of the browser for normal use -- a
rather harsh trade-off for rendering HTML mail innocuous.
<sigh>
Give with one hand and take away with the other.
> Part two is: so few users care about this stuff (1-2%, maybe) that
> vendors generally don't feel the need to build it.
True.
But, and this is a kicker for me, almost 20% of my posting population
have explicitly stated that they do care and do appreciate my concern
and activity on the area. A fair number of them, perhaps 5%, have also
said that they wouldn't participate on the list if they might be subject
to such tracking.
Its quite got my attention.
Now my demographics are unusual and narrow. Certainly my populations
are not generically representative of the broad MUA using public or
large enough to sway the development decisions of general purpose MUA
vendors. Problem is, they are representative for me, and they're quite
a lot larger than is necessary to convince me to act. So, if I am
forced to handle HTML mail I have two choices. Either I attempt to
render it innocuous (the "college try" argument), or I just roll over
and hope that my population doesn't live up to their threats and that
the resultant damage to the list is tolerable. Neither choice is pretty
or comfortable.
--
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw@kanga.nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
Follow-Ups:
References:
|
|
