> The sender can look at their DNS logs to see if you’ve read your email, and the IP address of your DNS resolver at that time, which may indicate your location. [..] An attacker could look at the SNI header during the TLS negotiation
I suppose, but AFAIK no one is really doing that. So in that sense it's a "if a tree falls in the forest, but no one is around to hear it"-type issue.
And the response seems reasonable by the way; they set the correct flag. WebkitGTK has a bug and it doesn't work. It's not great, but you can't expect people to fix everything, especially for fairly minor issues like this.
>It's not great, but you can't expect people to fix everything, especially for fairly minor issues like this.
1. It's not a minor issue that a privacy feature doesn't work.
2. OP clearly stated ( https://gitlab.gnome.org/GNOME/evolution/-/issues/3095#note_... ) that they know the fixes are not trivial, so at the very least they want the application and website to make it clear that the privacy feature doesn't work, so that users are not misled.
You forget about targetted tracking, stalkers, and the very simple reality that this is a certain way to see if people looked at the email.
Handwaving this away because "nobody will do this" is in the same family of issues as "I have nothing to hide" or "what can they really do with my data?"
> you can't expect people to fix everything, especially for fairly minor issues like this.
The feature is called "Load Remote Content". Turning that off should have predictable consequences. The fact that it doesn't do what people would rightly assume it should do is not a "fairly minor issue".
People who blindly accept problems, who accept a lack of concern about privacy, both as a right and as a preference, who handwave away poor behavior aren't helping anyone. Tech companies rarely DTRT on their own, so people need to hold their feet to the fire. Those companies don't need apologists.
I suppose, but AFAIK no one is really doing that. So in that sense it's a "if a tree falls in the forest, but no one is around to hear it"-type issue.
And the response seems reasonable by the way; they set the correct flag. WebkitGTK has a bug and it doesn't work. It's not great, but you can't expect people to fix everything, especially for fairly minor issues like this.