Menu
▾
▴
#107 Differentiate between OE and IE
My platform is WinXP, SP1 with IE6 and OE6. Privoxy
version is 3.0.0.
How would you differentiate between requests for web
documents that came from Outlook Express (OE)
versus Internet Explorer (IE)? As far as I can tell, there
is no way to do that. If it is, can someone enlighten me.
The reason why this is important is because of "web
bugs" contained in e-mails. See:
http://www.mackraz.com/trickybit/readreceipt/
for a demo of privacy leaks and see:
http://www.nthelp.com/OEtest/web_bug_faq.htm
for a web bug FAQ.
So, back to the original question. If there was a way to
determine which image requests came from OE and
which ones from IE, they web bugs could be filtered out.
Remember that these images can be any size (they are
not like the 1x1 webbugs mentioned in default.filter).
If IE and OE share their internet connection then there is
no way to distinguish between their requests?
Any ideas?
Logged In: NO
As a follow up, I do know about the latest Security options in
OE6 which allow you to read every email in plain text. I don't
want to take advantage of that.
There is no harm in displaying inline images as long as they
were part of the email message as attachments, however, I
DO want to block any image requests that have to go the web
for getting the image.
Logged In: NO
As a follow up, I do know about the latest Security options in
OE6 which allow you to read every email in plain text. I don't
want to take advantage of that.
There is no harm in displaying inline images as long as they
were part of the email message as attachments, however, I
DO want to block any image requests that have to go the web
for getting the image.
Logged In: YES
user_id=322640
A couple of questions, coming from someone that has never
used OE ...
First off, I would strongly recommend to anyone that is
concerned about privacy and security not to accept HTML
formatted email. For the reasons as stated in your links,
and because other mischief is possible via js or viruses. It
is an accident waiting to happen, unless you use extreme
caution on who/where you get mail. If OE cannot disable the
acceptance of HTML, I would personally uninstall it, or just
not use it. .02.
Of course, OE is not going away. Now questions...
Does OE have native support for rendering HTML, or does it
just invoke IE to do it? If native support, can it be
configured to use a proxy for http? Sorry, but I am ignorant
on this.
If the support is native, and there is no way to configure a
proxy, then there is no way to use privoxy with it (at
present).
Privoxy does not know where/how the request comes. Which is
anything that comes through the configured port. Hence, the
requirement for being able to set a proxy address/port for
the application in question.
In the future, there will (hopefully) be 'transparent'
proxying, which then would be possible to trap any request
to port 80 (or other configured ports). This is not
necessarily foolproof either since conceivably the URL could
specify any random port, but would probably stop a lot of
this. But would also require appropriate configuration,
since Privoxy still would not necessarily know where the
request came from, and the blocking would have to be based
on destination rather than origin.
I think there is a feature request for actions that are
'user-agent' aware, which would be helpful in this kind of
scenario. You might check feature requests for that, and
either add to it, or open a new one.
Andreas: We need a FAQ on this!
Sorry, just now see your follow up.
Logged In: NO
Unfortunately there's no way for a proxy (any proxy) to difference between OE and IE. This is because OE actually
uses IE modules to format HTML and IE then fetches HTML requests. The HTTP headers are identical. This is
why OE "uses" the Internet Explorer proxy settings -- in fact it uses IE itself which then uses its own settings.
The only way is to use a firewall that restricts access for each particular Application. I use Kerio v2.1.4 and have
been very pleased with it. I permit OE to access ports 110=pop3, 25=smtp, 119=nntp, 143=imap, and I
specifically prohibit OE from using ANYTHING else - and especially not access to the proxy port 8118.
This allows me to see & send formatted messages -- and also to view imbedded images that are sent as part of
the Email. But none of the other referenced items in the HTML (CSS, JS, JPG, etc) will ever be retrieved from any
other source.
Unfortunately, firewalls may require a learning curve to set up - especially for casual internet users. Some help for
Kerio may be found at http://www.dslreports.com/forum/kerio . Other firewalls may also be able to accomplish this
-- but the key is that the firewall must be able to distinguish which application program (EXE) originates a TCP/IP
request. This also means the firewall must be running in the same PC that is making the request. Once the
request has been made by the program then there is no way to differentiate fetching Email WebBugs from any
other IE browser usage.
Hal - Sorry but transparent proxying won't help, and the User-Agent is identical whether it originates from OE or the
browser. The problem is caused by M$ choice of software architecture.
Logged In: YES
user_id=322640
Excellent information, thanks! Zonealarm does the same kind
of thing, what does Kerio do better (I am not familiar with
it)?
[PS -- I am going to link this thread from FAQ, so feel free
to be verbose :) ]
Logged In: NO
ZoneAlarm is much simpler because it addresses security at a higher level. Beware, though that some
ZoneAlarm versions may also "protect" browsing by messing up User-Agent, Cookie, and other HTTP
headers if it is allowed to. Privoxy does a MUCH better job than ZoneAlarm when it comes to HTTP processing.
Kerio v2.1.4 requires meticulous configuration. You must decide which port accesses are allowed for each &
every application. It doesn't come pre-configured & ready-to-use. For most people, the concept of TCP/IP ports is
foreign and so they can easily mess up. Kerio is a VERY small application that gives you complete control over
every little detail -- that's both its strength and its weakness.
At this time newer versions of Kerio are in beta testing of a major revision and there does not seem to be a
concensus yet on how great it will be. The Kerio and the Security forums at DslReports / BroadBandReports may
be good sources for review:
http://www.dslreports.com/forum/kerio
http://www.dslreports.com/forum/security,1
Other similar "Personal Firewalls" may also be applicable. Because of the need to authenticate TCP/IP access by
Application EXE program, this is the only class of firewalls that can do the job of controlling OE. By the time a
request would reach a Network-level firewall or proxy, it's too late because then the originating EXE can not be
identified. In that regard, OE must be restricted like a "trojan" process on any port not specifically dedicated to
Email (25,110,119,143).
Logged In: YES
user_id=322640
Thanks. Good info.
Logged In: NO
What is happening here?
I setup the tor/privoxy bundle, and it seems to work
perfect, checking with a sniffer. But when I use outlook
express it's sure as hell not being run through tor/privoxy.
And neither is the dns request connected with connecting to
the mailserver...
And yes OE is sharing it's proxy connestion settings with IE!
Is there something I have misunderstood? I thought from the
user manuals and from this discussion, that OE would
automatically be run through tor/privoxy the same way as
when accessing a webpage..
Logged In: YES
user_id=875547
OE is only using IE's proxy settings while displaying
HTML mails. If you enable HTML mail rendering (don't),
embedded images will be requested through your proxy chain.
DNS requests for the mail server and the mail transfer
itself will be send directly. To change this you have
to check if OE can be convinced to use SOCKS and then
specify tor as SOCKS server.
Logged In: NO
Thanks for the answer fabiankeil!
Nobody (What is happening here?)