A small bug in Canada's eTA emails


There's no way that I could find to report this to the Canadian Government - and I didn't fancy trying to raise a bug report with the first Mountie I met - so here's a blog post.

As part of Canada's Electronic Travel Authorisation system, prospective visitors to the country get sent emails. The email I received had a broken image right at the top:

Screenshot of an email showing a broken image. Alt text is visible.

At least there's some alt text!

Gmail on Android doesn't let you view the source of an email, but the web version does. Here's what it says:

The HTML source code of the email. The image link is highlighted.

Immediately you should be able to see what the problem is and why it wasn't detected. The URl of the image is:

http://cicintranet.ci.gc.ca/connexion/communications/poli-guide/fip-pcim/images/goc-e.gif

The image is loading from the Intranet. So it isn't visible to those on the outside. I suspect this bug wasn't caught by testing because the testers were all connected to their intranet.

This missing image is bad for two reasons.

Firstly, people can't see the image. I choose to believe it is an animated GIF of the proud Canadian moose chugging some poutine.

Secondly, it leaks information about an internal system. We now know the domain name of the Intranet server. The path also gives us information about the CMS it uses and the filesystem layout.

I can't find an easy way to report this minor bug to the correct Canadian agency. If you have a contact there, please encourage them to share a link to this blog post on their intranet!


Share this post on…

2 thoughts on “A small bug in Canada's eTA emails”

What are your reckons?

All comments are moderated and may not be published immediately. Your email address will not be published.Allowed HTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <p> <pre> <br> <img src="" alt="" title="" srcset="">