

Better security and privacy through image proxying - things
http://blog.fastmail.fm/2014/09/16/better-security-and-privacy-through-image-proxying/

======
cr3ative
> The image server remains in the dark about who has actually requested it.
> That’s a big plus for your privacy.

Unless, of course, the image has an email-unique key in the URL somewhere.

~~~
robn_fastmail
I have edited that sentence to say "where the request came from" rather than
"who has actually requested it".

Overall though, its still an improvement. A key in the URL does verify that
the email address is deliverable, which isn't nothing, but still can't be
directly correlated with an IP address or other tracking data.

------
sarciszewski
Also: Reading/writing a user-uploaded file instead of serving it directly can
reduce the risk of a malicious file being executed by the server.

(No c99.php.gif for you!)

------
mike-cardwell
Presumably this addition was prompted by Google adding the same thing to GMail
earlier this year.

~~~
robn_fastmail
Actually the reason is that we're planning to roll out an EV cert later this
year, and we hated the idea that an arbitrary email can remove the green
badge.

Once we decided we wanted to do this, then we looked around to see what other
places were doing. That's when we noticed Gmail, but it was actually Github's
Camo proxy that we thought of first (and ended up cloning).

~~~
mike-cardwell
Your comment here strongly suggests the padlock was the primary reason for
this change.

The content of the blog post strongly suggests that increased privacy was the
primary reason and that the padlock change was secondary.

I'm surprised you weren't aware of GMail rolling this feature out. It was
_big_ news at the time. Not least because a lot of advertising companies were
worried it would affect their bottom line.

~~~
robn_fastmail
> Your comment here strongly suggests the padlock was the primary reason for
> this change.

It was the initial motivator. The privacy advantages however are still real.
Ultimately it all goes to our customers being able to have confidence that
when they're using the service their security and privacy are being taken care
of.

> I'm surprised you weren't aware of GMail rolling this feature out. It was
> big news at the time.

Honestly, I can't remember if I noticed when GMail rolled it out. Looking back
on the press from the time, I imagine that if I thought anything it was "oh,
you too" because I strongly remember Github rolling out a similar feature in
2010.

[https://github.com/blog/743-sidejack-prevention-
phase-3-ssl-...](https://github.com/blog/743-sidejack-prevention-phase-3-ssl-
proxied-assets)

And sure, its not exactly the same thing, but close enough that it might not
have stood out to me.

Did others at FastMail notice? Maybe. I certainly don't have a record of a
conversation about it, and the first discussion we had about implementing our
own image proxy was in May, and Gmail was not mentioned until much later once
we decided what we wanted to do and starting shopping around for an off-the-
shelf package.

I'm not sure what point you're trying to make. Or are these just observations?

~~~
mike-cardwell
Your responses are overly defensive. I simply pointed out GMail also did this
same thing earlier this year, that your comment contradicts your blog post,
and that I find it highly surprising that somebody who works in the email
business wasn't aware of this. You can take these as "observations", or you
can dream up a "point" that I'm trying to make. No skin off my back.

