Charlie Reitsma wrote:
I test the privacy of webmail clients with
https://secure.grepular.com/email_privacy_tester/
SOGo does quite well. IPaddress, referer and User-agent can be harvested.
Thanks for the tip!
A few precisions: CSS filtering is not performed at all. For example,
the "behavior" tag will succeed only if you run IE, because that's the
only browser implementing it. But this explains why the
"background-image" and "content" tag succeeds too.
Regarding the "img" and "object" tag, they are discarded by default,
which is why the "Load images" button exists : to download foreign
objects from trusted sites. In that case, the user is trusted to know
what (s)he is doing.
Cheers,
--
Wolfgang Sourdeau :: +1 (514) 447-4918 ext. 125 :: wsourd...@inverse.ca
Inverse inc. Leaders behind SOGo (sogo.nu) and PacketFence
(www.packetfence.org)
--
users@sogo.nu
https://inverse.ca/sogo/lists