A small bug in Canada's eTA emails

There's no way that I could find to report this to the Canadian Government - and I didn't fancy trying to raise a bug report with the first Mountie I met - so here's a blog post.

As part of Canada's Electronic Travel Authorisation system, prospective visitors to the country get sent emails. The email I received had a broken image right at the top:

At least there's some alt text!

Gmail on Android doesn't let you view the source of an email, but the web version does. Here's what it says:

Immediately you should be able to see what the problem is and why it wasn't detected. The URl of the image is:

http://cicintranet.ci.gc.ca/connexion/communications/poli-guide/fip-pcim/images/goc-e.gif

The image is loading from the Intranet. So it isn't visible to those on the outside. I suspect this bug wasn't caught by testing because the testers were all connected to their intranet.

This missing image is bad for two reasons.

Firstly, people can't see the image. I choose to believe it is an animated GIF of the proud Canadian moose chugging some poutine.

Secondly, it leaks information about an internal system. We now know the domain name of the Intranet server. The path also gives us information about the CMS it uses and the filesystem layout.

I can't find an easy way to report this minor bug to the correct Canadian agency. If you have a contact there, please encourage them to share a link to this blog post on their intranet!