On Mon, Oct 04, 2004 at 09:47:22AM -0500, Carlos Davila wrote:
>
> Tim,
>
> One has to respect the culture of any individual list. I've received
> enough responses to know that html posts are not very popular here and
> that's fine with me....so I'll send my posts in text.
>
> That said, I have to confess that I am not entirely sold on all of the
> explanations of why html is bad.
HTML
provides a number of risks and non features that we wish to avoid.
HTML permits scripts (Java and Java scripts)
HTML permits tag images
HTML permits volatile external content references
HTML can set cookies that other sites might inspect
HTML is not a universal WISIG (what you see is what you get)
HTML and the 'equivalent' text of a MIME message may not be equal
HTML can carry text that is problematic to index/ search
HTML can Carry mixed character sets unnoticed by the sender
HTML messages are 2 to 50+ times larger than the equivalent text
HTML facilitates spammers
HTML facilitates spyware
HTML facilitates virus payloads (at work some of must use WindowZ)
HTML facilitates 'active content', goodness what does active imply.
HTML permits me to get you fired by triggering pornographic references
that corporate filters trigger on i.e. trigger HTTP proxy
"censorware" to catch employees trying to access "bad" sites
(porn, hate sites, hacking sites, etc)
HTML rich content hobbles off line interaction.
Read more:
http://www.schneier.com/essay-020.html
Bottom line, anyone serious about security or privacy will not view
HTML messages.
--
T o m M i t c h e l l
Me, I would "Rather" Not.
