You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the scope of academic research within the efail project, in cooperation with Ruhr-University Bochum and FH Münster, Germany we systematically analyzed Roundcube for `web bugs' and other backchannels which have an impact on the user's privacy. The results are as follows.
Introduction
It is well known that spammers abuse `web bugs' -- 1x1 pixel images in HTML emails -- to track if their mails to a certain address are actually read. To respect the privacy of their customers most email clients, by default, block external content. However, we found bypasses for remote content blocking in Roundcube.
The Impact
The issue allows the sender of an email to leak information such as:
if and when the mail has been read
user's mail client and OS (via HTTP headers)
the number of users on a non-public mailing list
The Bypasses
The following bypasses to remote content blocking have been found:
In the scope of academic research within the efail project, in cooperation with Ruhr-University Bochum and FH Münster, Germany we systematically analyzed Roundcube for `web bugs' and other backchannels which have an impact on the user's privacy. The results are as follows.
Introduction
It is well known that spammers abuse `web bugs' -- 1x1 pixel images in HTML emails -- to track if their mails to a certain address are actually read. To respect the privacy of their customers most email clients, by default, block external content. However, we found bypasses for remote content blocking in Roundcube.
The Impact
The issue allows the sender of an email to leak information such as:
The Bypasses
The following bypasses to remote content blocking have been found:
(Credits for this one go to https://github.com/cure53/HTTPLeaks/)
The text was updated successfully, but these errors were encountered: