On Sun, 07 Jul 2002 10:06:44 -0700 Chuq Von Rospach <[EMAIL PROTECTED]> wrote: > On 7/7/02 9:39 AM, "J C Lawrence" <[EMAIL PROTECTED]> wrote:
>> and use of web bugs in HTML email for post-tracking/privacy_invasion. >> Properly tagging and stripping references to non-message hosted >> content in HTML email without also crippling/stripping the actually >> useful aspects of HTML email however is a bitch. > No, it's not possible. Trust me on that. Care to comment a little on this? > The REAL answer is twofold. > Part one is: users need to push vendors to allow them to opt-out of > these types of systems. You should be able to request to not be > tracked. Kinda tough really given that the market is uncontrolled and ad-hoc. Its especially difficult (or at least ugly) when things like corporate espionage (legally innocuous -- just tracking and monitoring competitor's activities who participate in the same forums) start getting involved. And yes, I've already seen it happen, and have seen people asked to build systems so that their employer could use them to do that sort of tracking of competitors. Note: This whole web-bug thing can be trivially handled at the local MUA level. If your MUA renderes HTML mail you can configure your MUA to use a web proxy that doesn't exist. Then, when viewing HTML mail that makes external references all the external references fail as the proxy connections fail, leaving your message display confined to the locally provided objects. It works quite well. I do exactly that here. The problem with this address is the side effect of the campaign for tight integration in mass market tools, especially under Windows. In those environments MUAs typically inherit the proxy settings of the system browser (and use the system browser controls via DLL etc to render HTML mail). Setting the system browser to point at a nonexistent proxy kills the use of the browser for normal use -- a rather harsh trade-off for rendering HTML mail innocuous. <sigh> Give with one hand and take away with the other. > Part two is: so few users care about this stuff (1-2%, maybe) that > vendors generally don't feel the need to build it. True. But, and this is a kicker for me, almost 20% of my posting population have explicitly stated that they do care and do appreciate my concern and activity on the area. A fair number of them, perhaps 5%, have also said that they wouldn't participate on the list if they might be subject to such tracking. Its quite got my attention. Now my demographics are unusual and narrow. Certainly my populations are not generically representative of the broad MUA using public or large enough to sway the development decisions of general purpose MUA vendors. Problem is, they are representative for me, and they're quite a lot larger than is necessary to convince me to act. So, if I am forced to handle HTML mail I have two choices. Either I attempt to render it innocuous (the "college try" argument), or I just roll over and hope that my population doesn't live up to their threats and that the resultant damage to the list is tolerable. Neither choice is pretty or comfortable. -- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
