John Goerzen <jgoer...@complete.org> writes: > So that essentially means "no inline images on blogs". Because any > <img> tag that appears in a feed on planet -- regardless of if it is a > 1x1 transparent image or a 500x300 photo of something at Debconf -- > will, let's face it, reveal certain data to the non-Debian server it's > on.
> To me, this is a point where we go, "life sucks, but at some point we > take it and move on because images in feeds are nice to have." I mostly agree with this, but I would draw a distinction between <img> tags intended to display *images* and pointing back to the hosting site of the person writing the blog and <img> tags for invisible images that are routinely added to every post and point to some third-party service. (Looking at Page Info on Planet Debian is interesting. There are a *lot* of web bugs.) If the only use of <img> tags is for actual images that are intended to be displayed, and which aren't added routinely to every post, that's a much different situation (and much less information to disclose) than if every post is routinely tagged with a web bug. The latter seems to be what many people's blogs currently do. I suspect a blacklist on the Planet Debian side could kill most of the bugs after looking over Page Info. I personally blocked four different sites and that got 95% of them. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/878w0zn4ta....@windlord.stanford.edu