HTML by default in KMail

Yuval Levy ubuntu08 at sfina.com
Tue Aug 10 04:09:03 BST 2010


On August 9, 2010 04:28:20 am Aurélien Gâteau wrote:
> Turning HTML on for *displaying* email is something I have done every
> time I introduced someone to KMail.

You did one step in the process that Kubuntu/Kmail can't do (yet): you 
analyzed "someone" and their situation.  You came to the conclusion that HTML 
fits their needs best.  This conclusion can't be generalized.

Moreover, by doing this in front of them you taught them the ability to 
customize further (or switch back), because they saw you navigate the 
"preferences maze". 


> If this option is not on then KMail
> is perceived as less powerful than their previous email client.

Unknowledgeable consumers perceive digital cameras with higher megapixel count 
to be more powerful than models with lesser megapixel count.  Experts know 
better.  Commercial interests cater to this misconception because it's easy 
and more profitable than educating consumers and offering them real value.


> What does showing email in plain text protects you from?

Not much, you are right.  Security is not the issue.  Leaving users behind is.

If "Kubuntu aims to be the most widely used Linux system", it should also aim 
to be usable by everybody *by default* and usable on the broadest possible set 
of hardware combinations *by default*. 

I would like to suggest a simple *principle*:  The default should work for as 
many use cases as possible, i.e. represent the minimum common denominator.

On top of the default, add a layer of customization.  Detect (hardware) or 
query (user) capabilities at install time and/or on first log in and customize 
accordingly.  This layer of customization is very crude at the moment: the 
user must go into the settings of each application and configure it.  I can 
imagine a day when a piece of software will take care of this, ask a few 
questions and do the configuration work for you.

In a third step things can be optimized further for a specific user/hardware 
configuration.

The number one fix for the security issues you mention is consumer education.  
If these are your concerns, a startup tip (like we have in Hugin [1], enabled 
by default) is the solution.

 
> rogue links of a phish email

TIP:  Never click on a link in an email from unverified source.  It can lead 
you to a different destination than what it purport to.

TECH SOLUTION:  when a link in an HTML mail coming from an unverifiable source 
is clicked, display a pop up question: "do you really want to go to <DISPLAY 
FULL URL HERE>?"


> It does not protect you against spam messages phoning home to confirm
> your email address is valid. You are protected from this as long as the
> "Allow messages lo load external references from the Internet" option is
> unchecked.

TIP:  Kmail disables external references from the Internet by default to 
protect you from spam messages confirming that your email address is valid.

 
> It does not protect you against messages containing nasty Javascript:
> The viewer widget is explicitly created with disabled Javascript, Java
> and plugins options [1].

TIP:  did you know that Javascript is disabled by default to protect your 
computer from malicious payload that could be sent to you by e-mail?  It is 
also good practice to browse the web with Javascript disabled by default and 
enable only individual, trusted sites, to run Javascript on your computer.


I personally don't care so much about the defaults as I do care about not 
leaving anybody behind.

Yuv


[1] 
http://hugin.hg.sourceforge.net/hgweb/hugin/hugin/file/7865fdc91695/src/hugin1/hugin/MainFrame.cpp 
look for OnTipOfDay around line 1224
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
Url : https://lists.ubuntu.com/archives/kubuntu-devel/attachments/20100809/f0e6d985/attachment.pgp 


More information about the kubuntu-devel mailing list