Your inbox is full of spyware-riddled emails that are both potentially very harmful to you and also very easy to disable


#1

Originally published at: https://boingboing.net/2017/12/11/google-could-fix-this.html


#2

tl/dr: you will have inner peace, but ugly e-mail.
Gmail: Settings: Images “Ask before displaying external images”
Save Changes (bottom of screen)
correct?


#3

Don’t read your email in a browser. I use a program that won’t load external images without my okay or safe-listing.


#4

This is why I use mutt and GnuPG. http://www.mutt.org/
No default HTML rendering of email means no web based security holes.

“All mail clients suck. This one just sucks less.”


#5

Safari now has user tracking blockers built in by default. Or is that only for macs and not for IOS? Oh well, 1blocker has tracking blockers as well as ad blockers, and given the tendency for social media apps to greedily drain your battery dry with endless push notifications, I recommend to everyone I know that they avoid the apps and just use safari anyway.

I always install an ad blocker with anti-tracking filters on every single computer that passes through my hands. I used to just install it in the default browser (Firefox or Chrome). Now I see I’ll need to install it in Thunderbird as well, and research what adblocking and track block options exist for Outlook.

I have run into people who don’t use ad blockers out of some misplaced belief that doing so is immoral because it denies income to the media sites they visit. Bullshit. What is immoral is allowing anyone in this age to go on the internet without inoculating their browser against tracking, against spam, and against malware by installing an ad blocker.

Not installing ad blockers and tracking blockers because you don’t want to hurt the incomes of journalists is like refusing to install mosquito netting over your bed because not every mosquito carries malaria, and the ones who don’t carry it are living things that deserve a chance to reproduce just like other creatures.

Install the ad blocker, and then tell your favorite media sites that it’s nothing personal, but they need to stop depending on blood drinking parasitism for their livelihood.


#6

So they suggest that tracking should be solved by… google? The mother of all tracking sites?


#7

I thought Gmail already neutered tracking images by caching all images in email, removing the ability for the sender to know if a particular email was viewed or not.


#8

I’ve run into a lot of magazine and newspaper websites that won’t let you read their articles unless you whitelist them. Trouble is once you do that, it’s darn near impossible to read the articles anyhow, because of all the popups making your page jump about like a flea in a sunspot. Forbes is particularly guilty of this. As a result, I am not punching holes in my adblock software for any site anymore.


#9

I’ve found that viewing articles using ‘Reader View’ on Firefox will often circumvent the anti-adblock pop-ups. I’d guess that there’s a Chrome or Safari equivalent.


#10

I prefer mu4e, but the principle is the same.


#11

Ah I use Emacs but have yet to start using it for mail. This looks easier to configure than gnus. Thanks! :smile:


#12

Marketer’s work-around trick was to give each copy of e-mail images with their own IDs?
“simply including a querystring on the image request is enough to force the file to be refetched”
from: http://redant.com.au/how-we-do/cache-busting-gmail-new-image-caching/


#13

As long as they get to keep a backdoor for themselves.


#14

This has been an issue going on 15-20 years now but I guess renewed attention never hurts.

I’ve always blamed Outlook for popularizing HTML email. Maybe another client did it first but 1) I doubt it and 2) Outlook was at the very least the tipping point.


#15

My Thunderbird settings block remote content in all emails unless specifically OK’d for each email. The message header warning is To protect your privacy, Thunderbird has blocked remote content in this message.
You can click to allow remote content for individual emails or set to allow for all emails from a specific sender.


#16

Lots of the time, I figure I didnt really want to read the article anyway. The rest of the time, i have a little workflow:

email link to self - open on ipad, which opens it in safari - if necessary, tap the “reader view” button to show me just the main article in a non-tiny font.

Oddly enough, none of the sites that get huffy over my using adblockers on my desktop get huffy over my using 1blocker or weblock in IOS.


#17

Safari has such a view built-in and in the latest version, you can have it automatically use the view for all pages on the domain.

Chrome doesn’t have a built-in feature, I’m sure there are extensions that add one.


#18

Other than gnus, I think mu4e is the most popular emacs package. It has a lot of activity and is fairly easy to set up. I used mu4e for a long time, and then switched to gnus for a year, but eventually ended up with enough problems that I switched back to mu4e.


#19

Bummer. At least the image fetching coming from Google servers instead of your browser limits the information provided.


#20

IMO, they can still match the UID on the query in the email they sent you to the UID on the query for the image that Google submitted on your behalf, hence tracking achieved again.