On Samstag, 15. Juni 2013 09:04:56 CEST, David Lang wrote:
hey, I'm running pine here, images are something I save to open
in a different tool most of the time :-) however, at $work it's
hard to stick to that and I end up having to use OWA fairly
frequently to deal with HTML messages.
pine -> OWA. sounds like a cultural shock everyday =)
mutt is faar better, btw. :-P
Ok, back on topic.
There are image attachements that are not referred to at all in
the message and require explicit opening.
Yes, it is still (theoretically) possible to just render them at the end of the
mail (html or plaintext doesn't matter)
There are image attachments that are referred to in the
message.
Usually company logos etc. to sell their brand in the mail - the typical html
mail as we hate it.
There should be a configuration option to enable opening these by default.
Agreed. I'd stick to a size threshold for autoloading images, but that's oc. a
non-restricting personal setting.
These aren't all safe (there have been too many exploits of the tools to
display the images).
Actually, I don't consider that as a restricting factor.
1st because it's not actually trivial to utilize an exploit on <MUA> <version> linking <png lib> <version>,
each built with <compiler> <version> <flags> and bypass NX bits and stack scrambling to do sth. evil beyond
"look, i can crash you MUAhahahah!"
A recipient who has to care about that level of attacks will likely not process
random mails via GUI anyway.
Also, trojita already renders images being correctly attached as
"Content-Disposition: inline".
What happens in addition (and i believe this is the issue w might ultimately talk about)
is that servers send webpages as mail, attach the required images (and flash...) as
"Content-Disposition: attachment" but actually keep referring the image on
their server.
This is a sender bug. Rendering attachments will just render them on the end,
leaving placeholders in the body. Only fetching and rendering images from
external sources (and NOT rendering attachment in addition) would get you the
intended result.
If a human being sends you a mail and attaches an image, that image is usually either
"attached" or linked on a sharehoster (for being incredibly large)
The only way that remotely hosted files are more dangerous is
the privacy issue that the attacker can tell that you accessed
something.
It's beyond privacy of "that you opened a mail"
1st
your mail address is verified, what is indeed interesting for spammers.
2nd
you can be trapped in accessing or even downloading all kinds of illegal (by law or company terms)
stuff ("here, look: he's 4channing - it's in the FW logs!") - by terms of laws, that
makes you guilty in some places ("i did not want to do that" does actually and really not
count)
3rd
the "attacker" knows not only that but also when you opened the mail and from
where (linking IP to contact)
Autoloading external data turns a pull into a push medium - i know that real humans are like
"pfff, what do i care", but personally i'd feel very uncomfortable in suggesting that
would be anyhow "ok"
But I don't see this as a horrible risk, it's just too easy to
get users to click on something
That is why spam works, yes. For every 100000 recipients, there's an idiot who
clicks the link.
Still, it's a difference between clicking sth. because i believe that will grow
my penis 50 inches large, or not even noticing that i accessed the spammers
domain, because i once some years ago checked some setting, that the developers
thought to be reasonable.
idea to not have an option that allows such messages to be
opened. not enabling it by default is good, but having an option
to enable it is also good.
If it fixes their response from booking.com, they'll activate it, think: "stupid
developers, if it fixes my mail, why do i have to enable it" and go one with using
it.
I'd say the question is: would a regular user knowing about that this is
because of a broken attachment handling on the senders side and the
implications of allowing to download random external resources still check that
option?
Jan is in the unfortunate position to decide this, but my preference on this
topic (loading external images) would still be a label and button on top of the
mail.
The message links to images on the internet.
If you trust this mail you can [show images from internet]
That's not that much of a blocker and if you *really* get masses of mails where
ppl. link external resources (because of the wrong Content-Disposition), the
reasonable thing seems to fix that mail sender.
Cheers,
Thomas
