Hidden Encoded Characters on K-9 Mail and F-Droid Missing Paid Content Descriptor for FairEmail


#1

Hidden Encoded Characters on K-9 Mail and F-Droid Oversight on FairEmail Description

THE FOLLOWING HAS BEEN MARKED AS OFF-TOPIC IN THIS k-9 MAIL THREAD ON GITHUB.
github “dot” com/k9mail/k-9/issues/906

It has been marked as off-topic, that means people who are not signed up to Github will not be able to read it. I suggest that it should be available for all people to read and is in fact vitally important as it highlights at least a potentially HUGE problem with K-9 Mail and one minor problem with F-Droid at the time of writing (2019-02-13).

In terms of K-9 Mail:
"Yesterday I received an email from someone I was expecting to get an email from, the FROM: Field appears to be corrupted (although I didn’t know it at the time). A mystery character had been injected into his email FROM address. When I pressed on his From info and added it to my contacts i was none the wiser that this mystery character had been added to my contacts list.

I was trying to send this guy an email through one server. It did not work. Today when i tried to send the same email via another server, (again fetching the email from the native contacts list) this other server sent me back a VERY interesting rejection letter.

Basically they complained that the email was a bad email with this character(s):
\xc2\xad
END OF QUOTE

I think that in light of at least this above issue, that some kind of caution label be placed on K-9 Mail.

In terms of F-Droid, it was found that FairEmail had (EDIT: not) adverts (EDIT: but some kind of Call to Action for purchasing) and Paid Content. Now I only have KitKat so I probably should not see this software anyway, but F-Droid does have a way to describe these anti-features in bold under the app description and I suggest that it be done.

BELOW are the (so called) off-topic comments to a thread concerned with being able to select a plain-text option as default for reading emails (you can find the full page here (https://github.com/k9mail/k-9/issues/906). Note this feature has been requested for abour 5 years.

anonymous73:

Incredibly angry. I’m trying to setup a system that works over TOR. I have been experimenting with K-9 for a month. I find it VERY bizarre that this simple privacy feature to only display plain text is not the default.

Normally pictures do not load when viewing a HTML email but today, THAT’S JUST WHAT HAPPENED.

I am now questioning the intentions of the developers of this software. Looking on this forum today I can see the developers have been dithering on this for years. Their explanations are not convincing as to why this is not merged in yet. If their are any forks of this software with the simple feature please tell me.

I’m now looking for alternatives to K-9. Unacceptable.

Almtesh:

"at"anonymous73, I’m trying Fairmail and it seems to do the job about that. It refuses to display HTML bodies without a warning message.

DPTJKKVH:

"at"Almtesh
Thank you so much! I’m looking for valid alternative for years and this is truly looking promising! I will give it a try today and report back!

Hund:

FairEmail have a horrible UI. It might be more “modern” than K9, but at least I can view more than two messages in the lists at the time.

And we shouldn’t even mention the non-removable header reminding you to pay for the pro-version to get more features.

DPTJKKVH:

"at"Hund Pro-Features are mandatory anyway if you want PGP encrypted email. And why else use k9 or FairEmail if you don’t care for security and privacy? There are way better alternatives out there if you focus an looks and convince only.

Almtesh:

"at"Hund, FairMail displays plain-text body by default, precisly what K9 doesn’t.

Hund:

"at"DPTJKKVH You’re missing my point. It might be released under the GPL v3 license and technically libre software.

But having a “free” version as in freeware isn’t very libre and shouldn’t be promoted as such.

Don’t get me wrong though, K9 isn’t perfect and I wouldn’t mind replacing it with something equally good that can display plain text messages. I just don’t think FairEmail is a very good ethical or usable option.

anonymous73:

Thanks Almesh,

It gets worse!!!

Yesterday I received an email from someone I was expecting to get an email from, the FROM: Field appears to be corrupted (although I didn’t know it at the time). A mystery character had been injected into his email FROM address. When I pressed on his From info and added it to my contacts i was none the wiser that this mystery character had been added to my contacts list.

I was trying to send this guy an email through one server. It did not work. Today when i tried to send the same email via another server, (again fetching the email from the native contacts list) this other server sent me back a VERY interesting rejection letter.

Basically they complained that the email was a bad email with this character(s):
\xc2\xad

K-9 ARE REALLY DROPPING THE BALL.

God only knows what commands are being executed, I will look into FailMail. Thanks again, Almtesh.

anonymous73:

FairMail, rather.

Thanks for the added info, Hund. I hope it is open-source and free.

DPTJKKVH:

"at"anonymous73 FairEmail. Fully open source and security and privacy focused. Can be installed via GPlay and F-Droid.

DPTJKKVH:

"at"anonymous73 No registration needed. Just donate 5$ if you use F-Droid or direct apk installs for all pro features via his website (accessible within app) or if you use the PlayStore just use the in-app purchase option.

And yes: I am absolutely willing to pay someone who creates good code for my privacy.

anonymous73:

Sadly, FairEmail doesn’t support KitKat, i have bought new KitKat devices :frowning:

I am amazed by my timing, it appears that FairEmail was released three days ago.

anonymous73:

Can I say, for something three days old, I am surprised that it has so many features and a paywall.

Also if there is adverts for paid content, why is that not listed in bold after the description.

Something doesn’t add up there, either.

anonymous73:

…after the F-Droid description, rather.

anonymous73:

In light of my recent concerns and the fact that I find the interface a bit ugly, there are way too many random errors and that I cannot select a custom Notification sound. I’m seriously considering forking this project.

I’m a Software Engineering major but I haven’t studied Android software engineering and I’m a bit rusty, my fork will likely cost me around 5 BTC to implement (6 months). If you want to help donate please tell me/donate and I’ll get started. 0.20 bitcoin per week. My aim will be to have plain text done in 1 month (1BTC approx). The rest would probably take about 5 months.

I hate that I am needing to do this btw.

anonymous73:

If someone can do it cheaper, please come forward, I don’t really want the huge responsibility.

DPTJKKVH:

"at"anonymous73 FairEmail is in works for a couple of months if you look at the github repo. Dunno what you mean: https://github.com/M66B/open-source-email

yosh-se:

"at"anonymous73 Can you please stop using the issue-tracker as a marketing platform for other mail-clients? I get it, we want plain-text but spamming threads will only get people frustrated.

Do you have anything constructive to add?

anonymous73:

yosh-se said “Spamming threads”??? This is literally the ONLY thread I have posted in.

DON’T SPREAD MISINFORMATION

yosh-se said “Do you have anything constructive to add?”

Look up a bit at a comment where I found escaped characters move between programs, inhibiting emails from being sent, and who knows what else.

Constructive enough for you.

As stated I’m not marketing, I’m in triage mode. You obviously don’t “get it” or you wouldn’t be making up rubbish about me.

anonymous73:

Encoded characters, rather than escaped.

Thanks for that extra info about FairEmail, DPTJ’. Still, to come out of the gate with paid features is a bit rich, imv, i hope it was extremely-well tested. And for Paid Content not to be stipulated in bold after the description on F-Droid is an oversight. Regardless, FairEmail is not compatible with Kitkat so its useless for me and possibly many others.

anonymous73:

Btw yosh-ee, I notice that three people who have not contributed to this thread have liked your comment (ie. n-st, benediktg, and violoncelloCH reacted with thumbs up emoji). Slightly fascinated.

n-st:

"at"anonymous73 Please make sure to "at"mention people when you are looking for their opinion or reaction. They might not be subscribed to a particular issue.

As for your remarks, this is how the situation appears to me at the moment: You are coming across (at least to me) as very aggressive and accusatory (“questioning the intentions of the developers” in your very first post). Please keep in mind that this will alienate people and may cause them to discard your arguments, regardless of their merit.

Re “spamming”: Discussing unrelated software at this length (currently 15 posts discussing the pros and cons of FairEmail) is usually considered off-topic on a project’s issues. I’m sure people appreciate the suggestion of an alternative, but discussing its license and monetisation structure are not conducive to solving this issue here.
(And a minor addition: you can edit your posts to add information or correct typos, while keeping the issue discussion concise.)

Re “constructive input”: The encoding bug is somewhat concerning, but should be dealt with in a separate issue (to make it easier to find, and to separate discussions to avoid clutter and confusion).

In conclusion: I am hoping for plaintext-by-default to be implemented, just as you are. But all-caps insults and flaunting possible alternative software are very unlikely to help move this matter forward — it may achieve the opposite by causing users and developers to ignore this thread because it no longer adds useful information.

cketti (NOT MARKED AS OFF-TOPIC):
Member

Some of you seem to be mistaking this for a discussion forum. We use the issue tracker to track feature requests and bugs. At this point I think there is no relevant information any of you could add to this topic. If you feel the need to post your opinions or journey to find an alternative client, please use the mailing list.

As for the hope people put into this feature: We won’t make text/plain the app default. I also don’t want to make it a special case with dedicated support (i.e. displaying the text/plain part in a TextView component).
If you want to trade the extended formatting options HTML brings for a reduced attack surface, that’s fine. But K-9 Mail won’t be that email client for you. You’ll have to look somewhere else.

PS: If you feel the urge to answer to this post, don’t! Use the mailing list.

cketti removed the good first issue label 11 hours ago

PSanonymous73: If you feel the urge to answer to this post, dont! Use the mailing list.
cketti removed the good first issue label 11 hours ago

anonymous73:

Wow, I find encoded characters, that infect other native programs… This person marks it as off-topic.

(App uninstalled)

anonymous73:

Extended formatting options, newspeak for virus.

cketti:

If you have found a bug and want it fixed open a new issue with enough information so someone else can reproduce it.

anonymous73:

Woah, you even marked as off-topic the first comment I made about the image loading. Where am I? Bizarro coding land. People come to you to highlight problems for years and your team undermine these effects, I will try to find a way to safely copy the contents of the dodgy emails, but they should go here, to justify the need for a plaintext option. I already described in detail the type of hidden encoded characters and how they jumped from program to program. I’m a bit surprised that that had not raised your alarm bells already. Sorry but I think you just lost a lot of cred with the way you are handling this. This is serious and you are treating it like you care more about a pretty html layout than security and privacy. Do you realise that if real whistleblowers use this you may be putting their life in danger? Why? For layout options? They don’t care about layout not everyone needs to see the pretty layouts.

anonymous73:

And yes, this is a place to discuss issues. If the dithering hadn’t gone on for 5 years I wouldn’t be so disturbed by the team’s conduct.

THE THREAD WAS PROMPTLY CLOSED TO NON-CONTRIBUTERS AFTER THIS MESSAGE.

A copy of this transcript has been uploaded here:
https://pastebin.com/RFZBuPde


#2

What?

FairEmail had adverts

That’s false…


#3

Unless the reference is to the upgrade option. (Which I did. I can’t contribute technologically but I can and do contribute financially to several projects.)


#4

I just edited the post, because I thought it was flagged for spreading misinformation about FairEmail having banner adverts. I have KitKat so cannot test this myself.

Are you saying that the post was right and this was falsely marked as spam? Ugh.


#5

If FairEmail promotes non-free content then that needs to be stipulated in bold, directly below the app description in F-Droid, as all other projects that have banner adverts and Non-free upgrades are.

So basically the last EDIT of the OP is wrong, and the OP was marked as spam in error. Really?!

Can anyone see the OP? Apparently, if it is edited it should be visible again. I edited it but now I’m unsure that I should have.


#6

I’m just a user. From what I see FairEmail does not advertise. There is an option to purchase pro features but the app works fine without. No banners.


#7

Thanks, David.

So it does promote paid content. That’s fine but I believe there is a bold notification that is supposed to show after the app description in that case, which was missing when I looked yesterday.


#8

We’ve already had this discussion at length a while ago, read this: Paid features in opensource apps

Marked as spam since it’s a collection of random threads and discussions from elsewhere. A simple search would have given you the thread above.


#9

Just FYI, I removed the flag, because that is not what spam means.

If you flag a post you see the description for spam:

It’s Spam

This post is an advertisement, or vandalism. It is not useful or relevant to the current topic.

Whether it’s on topic here is a different question.


#10

I agree. I think this was well cover elsewhere.


#11

I know nothing about “Hidden Encoded Characters on K-9 Mail”.

But “F-Droid Oversight on FairEmail Description” did grab my attention. I’m a very jealous and protective user of F-Droid. (A paying user. Not much, but I do contribute financially. Why do I give? Because 1: I believe in F-Droid and 2: In the final analysis, nothing is free. You may not be paying (that’s fine) but economics do matter.)

I see nothing in FairEmail’s description that is misleading or false.

Yes, for an even richer experience, the app can be upgraded to Pro.

I used the well maintained app for quite a while with no complaints. I then chose to purchase Pro.

I also support and use K-9 Mail. To get a better understanding, I’ll have to study up on that affair.

I’m also a paying user of Tutanota and ProtonMail. But don’t bother emailing me. I don’t have time to read email. (Haha!)