Version: (using KDE KDE 3.5.8) Installed from: SuSE RPMs I think it would be useful to specify external resources -- for example I wouldn't mind for loading static images (png, jpg) but not active content (JS, flash,java applets).Currently I can have all (I don't want to) or nothing (and messages look ugly).
I see the point of your wish. The external reference was however not designed to block annoying things like flash or animated GIFs. It was designed to block everything which loads from an external server, because that can track you (even if it is just a PNG, the server can track when and how long you read the mail). Therefore I am against this wish, as it would weaken security considerably, as many people would not understand the consequences.
Thomas, thanks for explanation. However please consider several possible cases today and for this wish. > Therefore I am against this wish, as it would weaken security considerably, > as many people would not understand the consequences. Case -- "dumb" people. Can they today load external sources? Yes. So where is security issue? If you split option into two there is no security improvement (for such case) nor regression. Case -- total security. Can they block external sources? Yes. Will they block ext. sources? Yes. No change in security. Case -- balanced security (on purpose). Impossible to do today. With this wish I would be able to do this, without sacrifying completely readability and security. I see no regression here, but for some users improvement actually. > It was designed to block everything which loads from an external server, It would be still possible to do, there is no change. > because that can track you (even if it is just a PNG, the server can track > when and how long you read the mail). Unrelated question, but I am curious -- how it is possibl, I mean how long I read mail? Server sends gif file and...? (note: consider only "static" data)
>Unrelated question, but I am curious -- how it is possibl, I mean how long I read mail? Server sends gif file and...? (note: consider only "static" data) The server pretends it has a slow connection, and sends only a few bytes per second, so the image continues loading for some minutes. Most mail readers will abort the connection if the user looks at another message, so the server knows how long the user has viewed the message. As for the actual wish, I do see what you mean but still don't like it very much.
Thank you for the example! PS. I just add that my concern is malicious dynamic stuff coming from servers, not the unwanted data gathering (I mean, such statistics, not passwords ;-D). For example I subscribe to Dr.Dobbs Newsletter but it is ugly without images (and you loose some info) but I don't want to open Pandora box by enabling external resources.
Thank you for your feature request. Kmail1 is currently unmaintained so we are closing all wishes. Please feel free to reopen a feature request for Kmail2 if it has not already been implemented. Thank you for your understanding.
Instead of creating a new feature request, please confirm here if the wishlist is still valid for kmail2.