Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes: > If i send a message with a text/html part (either it's only text/html, > or all parts are rendered, or it's multipart/alternative with only a > text/html subpart) and that HTML has <img > src="http://example.org/test.png"/> in it, then notmuch will make a > network request for that image. > > This is a privacy disaster, because it enables an e-mail sender to use > "web bugs" to tell when a given notmuch user has opened their e-mail. I've just pushed Austin's shr related series to master, so this problem should be fixed as of commit b74ed1c. One tradeoff that we should at least remark in NEWS, if not actually fix, is that I think there is now no way to view such images in notmuch. I don't know offhand what other html renderers will do. d