Open Bug 1031899 Opened 8 years ago Updated 6 years ago

Github spy on user reading emails

Categories

(Privacy Graveyard :: General, task)

x86_64
Linux
task
Not set
normal

Tracking

(Not tracked)

People

(Reporter: hub, Assigned: ahua)

Details

Since we require the use of Github for various projects, I'll file this here as it clearly impact the privacy of Mozilla contributors.

Github notifications include a tracking beacon which mean that it leaks when the user read the Github notification email. There is no opt out from Github to that privacy violation. One the client side it doesn't get leaked if the user configure the mail client to only display plain text (non default option in Thunderbird) or to not automatically display remote images.

Here is the thread
https://twitter.com/hfiguiere/status/483040912491036672

Either Mozilla should force Github to fix that privacy issue or Mozilla should stop requiring the use of Github to contribute to several Mozilla projects.
(In reply to Hubert Figuiere [:hub] from comment #0)
> One the client side it doesn't get leaked if the
> user configure the mail client to only display plain text (non default
> option in Thunderbird) or to not automatically display remote images.

My two cents: I think these options are going to be enabled by any user with paranoia-level privacy requirements, so this shouldn't be a big deal. Many emails these days have tracking beacons, and defaulting to viewing the text/plain version is the only sane way I've found to avoid them.

I still think we should stop *requiring* the use of Github for contribution to Mozilla projects, but I don't think this email beacon thing is a very strong argument. If Github didn't provide a text/plain version of their email (like some emails I've started to get) this would be a bigger problem.

Also, it might help to list some of the Mozilla projects for which Github is required in order to contribute.
The argument "everybody does it" is preposterous.
I don't have an opinion on using GitHub in general, but the beacon is a official feature: https://github.com/blog/1214-notification-email-improvements

> Notifications that are read as HTML email are automatically marked as read in the github.com notifications interface. An invisible image is embedded in each mail message to enable this.

If a client displays email in HTML (GitHub also sends the text/plain version) and does not intercept images, then the client is leaking, and the user should be concerned for their privacy every time they open a email, not just from GitHub.

(Here is a good tool to test a client, btw: https://emailprivacytester.com/)
You want one organization to (attempt to) police another, because of your preferences against an ordinary practice. I think that chain of demands is uncalled for.

This has been a known and announced Github feature for two years: https://github.com/blog/1214-notification-email-improvements

Github has shown their utility (you don't accept, but plenty do) and you you have your own "workarounds" for this.
This is industry standard and, as mentioned above, Github has announced this feature previously.

Mozilla's MDN uses the same email tracking beacon in their emails as well: https://github.com/mozilla/kuma/issues/1985

This isn't a privacy issue. As listed in the twitter thread, you can disable it yourself by not viewing the email's images.
You need to log in before you can comment on or make changes to this bug.