firefox3.5.9 here indeed doesn’t do it when viewing pages over HTTPS., but it DOES do it for local pages, which IMHO is still wrong. Also it could provide information of sites you might be visiting on an closed intranet, firefox has no real way to tell the difference.

webmail providers should indeed fix this, and squirrelmail has indeed released a new version with fix, the question is though, how many webmail apps have done this.

Thunderbird 2.0.0.4 also doesn’t do the dns queries (we got this information from https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail but didn’t get arround checking it), might still work for older versions though.

As for plain HTTP connections. yes letting someone else do the resolving for you helps, but usually this still gives a lot of information of the viewer, usually atleast who the ISP is. This could be used for say people looking at a post on indymedia.nl where a unique domain has been used for one of the posters to see where (perhaps only roughly) the viewers come from, and in some cases what the users IP’s are.

I try to use a trusted DNS server, which usually is my own, or used by very few people, which makes the pool of ’suspects’ rather small.

Has anyone checked what the default in chrome is btw?

As for webmail – webmail developers are already protecting users against many threats, for example by making sure external images don\’t open by default. This is just another thing they should cover. I think it\’s bad that Thunderbird (apparently, I did not check) has this enabled by default; I thikn it\’s fine that Firefox has this enabled by default.

We are trying to build a hackerspace in Gothenburg too. :-)

But… what use is mplayer with no joy? (pun intended hahahahaha I kill myself hahahaha! :-P )