W3C home > Mailing lists > Public > www-tag@w3.org > April 2002

[fwd] Re: draft findings on Unsafe Methods (whenToUseGet-7)

From: Keith Moore <moore@cs.utk.edu>
Date: Mon, 15 Apr 2002 14:43:56 -0400
Message-Id: <200204151843.g3FIhvx02816@astro.cs.utk.edu>
To: www-tag@w3.org
this was originally private mail to Dan; he asked me to fwd it to www-tag
for discussion.

To:      Dan Connolly <connolly@w3.org>
cc:      Keith Moore <moore@cs.utk.edu>
From:    Keith Moore <moore@cs.utk.edu>
Subject: Re: draft findings on Unsafe Methods (whenToUseGet-7) 
Date:    Mon, 15 Apr 2002 13:35:21 EDT

another common kind of side-effect (also having to do with email) involves
sending an HTML document that includes a IMG tag, where the URL of the 
image (sometimes a one-pixel image with a transparent pixel) is specific
to that specific message.  when the recipient's MUA does a GET on that 
image it also has the side-effect of telling the image server that the 
recipient's MUA is displaying the message... thus serving as a sort of
receipt confirmation.

I don't think this should be considered a safe operation - first because
the recipient has little or no control over it, second because it discloses
information about the recipient that should be kept private unless the
recipient explicitly consents to disclose it, third because it is of
course possible that the recipient isn't actually reading the message -
there might be some sort of preprocessor that downloads the messages
and their images in advance of actually their being read, e.g. so that 
they can be read offline.

Received on Monday, 15 April 2002 14:43:57 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:32:31 UTC