HTML by default in KMail
Yuval Levy
ubuntu08 at sfina.com
Tue Aug 10 04:09:03 BST 2010
On August 9, 2010 04:28:20 am Aurélien Gâteau wrote:
> Turning HTML on for *displaying* email is something I have done every
> time I introduced someone to KMail.
You did one step in the process that Kubuntu/Kmail can't do (yet): you
analyzed "someone" and their situation. You came to the conclusion that HTML
fits their needs best. This conclusion can't be generalized.
Moreover, by doing this in front of them you taught them the ability to
customize further (or switch back), because they saw you navigate the
"preferences maze".
> If this option is not on then KMail
> is perceived as less powerful than their previous email client.
Unknowledgeable consumers perceive digital cameras with higher megapixel count
to be more powerful than models with lesser megapixel count. Experts know
better. Commercial interests cater to this misconception because it's easy
and more profitable than educating consumers and offering them real value.
> What does showing email in plain text protects you from?
Not much, you are right. Security is not the issue. Leaving users behind is.
If "Kubuntu aims to be the most widely used Linux system", it should also aim
to be usable by everybody *by default* and usable on the broadest possible set
of hardware combinations *by default*.
I would like to suggest a simple *principle*: The default should work for as
many use cases as possible, i.e. represent the minimum common denominator.
On top of the default, add a layer of customization. Detect (hardware) or
query (user) capabilities at install time and/or on first log in and customize
accordingly. This layer of customization is very crude at the moment: the
user must go into the settings of each application and configure it. I can
imagine a day when a piece of software will take care of this, ask a few
questions and do the configuration work for you.
In a third step things can be optimized further for a specific user/hardware
configuration.
The number one fix for the security issues you mention is consumer education.
If these are your concerns, a startup tip (like we have in Hugin [1], enabled
by default) is the solution.
> rogue links of a phish email
TIP: Never click on a link in an email from unverified source. It can lead
you to a different destination than what it purport to.
TECH SOLUTION: when a link in an HTML mail coming from an unverifiable source
is clicked, display a pop up question: "do you really want to go to <DISPLAY
FULL URL HERE>?"
> It does not protect you against spam messages phoning home to confirm
> your email address is valid. You are protected from this as long as the
> "Allow messages lo load external references from the Internet" option is
> unchecked.
TIP: Kmail disables external references from the Internet by default to
protect you from spam messages confirming that your email address is valid.
> It does not protect you against messages containing nasty Javascript:
> The viewer widget is explicitly created with disabled Javascript, Java
> and plugins options [1].
TIP: did you know that Javascript is disabled by default to protect your
computer from malicious payload that could be sent to you by e-mail? It is
also good practice to browse the web with Javascript disabled by default and
enable only individual, trusted sites, to run Javascript on your computer.
I personally don't care so much about the defaults as I do care about not
leaving anybody behind.
Yuv
[1]
http://hugin.hg.sourceforge.net/hgweb/hugin/hugin/file/7865fdc91695/src/hugin1/hugin/MainFrame.cpp
look for OnTipOfDay around line 1224
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
Url : https://lists.ubuntu.com/archives/kubuntu-devel/attachments/20100809/f0e6d985/attachment.pgp
More information about the kubuntu-devel
mailing list