Bug 229989 - Akregator allows feeds to gather data on article reading habits
Summary: Akregator allows feeds to gather data on article reading habits
Status: RESOLVED UNMAINTAINED
Alias: None
Product: akregator
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Gentoo Packages Unspecified
: NOR normal
Target Milestone: ---
Assignee: kdepim bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-03-08 20:21 UTC by Jaak Ristioja
Modified: 2018-03-14 20:51 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments
Screenshot of (an unbranded version of) Mozilla Thunderbird handling a similar situation. (9.87 KB, image/png)
2010-06-02 11:45 UTC, Jaak Ristioja
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jaak Ristioja 2010-03-08 20:21:17 UTC
Version:            (using KDE 4.4.1)
Installed from:    Gentoo Packages

When opening an article, Akregator automatically downloads all requisites found in the <description> (e.g. if images etc are specified in HTML; perhaps even flash or AJAX?). Generally this generates extra HTTP(S) requests to remote server(s), leaking information about the users activities, i.e. which articles they browse, and possibly info about how long they read an article before switching to another article, etc.

The man in the middle, even when the user is using HTTPS, has quite good chances to figure out the exact articles being read (given he can determine the endpoint of the HTTPS connection), which are probabilistically among those new articles which the user has not previously read.

Hopefully it will be configurable per-feed, whether such requisites are downloaded or not, and with an action somewhere to force download of requisites of the article currently open.

Please fix these privacy leaks. Thanks!
Comment 1 Jaak Ristioja 2010-06-02 11:45:35 UTC
Created attachment 47598 [details]
Screenshot of (an unbranded version of) Mozilla Thunderbird handling a similar situation.

This is also what Akregator could do on a per-feed basis. An "always show remote content" checkbox could also be added to the feed properties dialog.
Comment 2 Denis Kurz 2016-09-24 19:43:55 UTC
This bug has only been reported for versions before 4.14, which have been unsupported for at least two years now. Can anyone tell if this bug still present?

If noone confirms this bug for a Framework-based version of akregator (version 5.0 or later, as part of KDE Applications 15.08 or later), it gets closed in about three months.
Comment 3 Denis Kurz 2017-01-07 21:54:06 UTC
Just as announced in my last comment, I close this bug. If you encounter it again in a recent version (at least 5.0 aka 15.08), please open a new one unless it already exists. Thank you for all your input.
Comment 4 Jaak Ristioja 2018-03-14 20:51:48 UTC
(In reply to Denis Kurz from comment #3)
> Just as announced in my last comment, I close this bug. If you encounter it
> again in a recent version (at least 5.0 aka 15.08), please open a new one
> unless it already exists. Thank you for all your input.

Since this still happens with at least version 5.5.3, I now filed a new bug: https://bugs.kde.org/show_bug.cgi?id=391865