On Sat, 15 Jun 2013, Thomas Lübking wrote:
On Samstag, 15. Juni 2013 09:04:56 CEST, David Lang wrote:
hey, I'm running pine here, images are something I save to open
in a different tool most of the time :-) however, at $work it's
hard to stick to that and I end up having to use OWA fairly
frequently to deal with HTML messages.
pine -> OWA. sounds like a cultural shock everyday =)
well, I need to use OWA a couple of times a week, so one in 10K messages or so.
There are image attachments that are referred to in the
message.
Usually company logos etc. to sell their brand in the mail - the typical html
mail as we hate it.
There should be a configuration option to enable opening these by default.
Agreed. I'd stick to a size threshold for autoloading images, but that's oc.
a non-restricting personal setting.
The only way that remotely hosted files are more dangerous is
the privacy issue that the attacker can tell that you accessed
something.
It's beyond privacy of "that you opened a mail"
1st
your mail address is verified, what is indeed interesting for spammers.
Ok, this is what I was referring to
2nd
you can be trapped in accessing or even downloading all kinds of illegal (by
law or company terms) stuff ("here, look: he's 4channing - it's in the FW
logs!") - by terms of laws, that makes you guilty in some places ("i did not
want to do that" does actually and really not count)
arguably you can run into this with the embedded images as well.
3rd
the "attacker" knows not only that but also when you opened the mail and from
where (linking IP to contact)
Autoloading external data turns a pull into a push medium - i know that real
humans are like "pfff, what do i care", but personally i'd feel very
uncomfortable in suggesting that would be anyhow "ok"
But I don't see this as a horrible risk, it's just too easy to
get users to click on something
That is why spam works, yes. For every 100000 recipients, there's an idiot
who clicks the link.
Still, it's a difference between clicking sth. because i believe that will
grow my penis 50 inches large, or not even noticing that i accessed the
spammers domain, because i once some years ago checked some setting, that the
developers thought to be reasonable.
remember that there are huge numbers of people using clients that use a preview
pane (like trojita does by default) that opens the message when the user is just
trying to delete it. Almost all of those clients render all the HTML, including
remote images, by default.
I just don't buy that it can be such a large liability if we don't see people
who are using Outlook (who don't even have the option to turn it off) aren't
getting in trouble continuously.
idea to not have an option that allows such messages to be
opened. not enabling it by default is good, but having an option
to enable it is also good.
If it fixes their response from booking.com, they'll activate it, think:
"stupid developers, if it fixes my mail, why do i have to enable it" and go
one with using it.
and if there isn't an option to fix their response from booking.com, they'll
think "stupid developers, they can't make something that works for me" and
switch to some other application.
I'd say the question is: would a regular user knowing about that this is
because of a broken attachment handling on the senders side and the
implications of allowing to download random external resources still check
that option?
Jan is in the unfortunate position to decide this, but my preference on this
topic (loading external images) would still be a label and button on top of
the mail.
The message links to images on the internet.
If you trust this mail you can [show images from internet]
That's not that much of a blocker and if you *really* get masses of mails
where ppl. link external resources (because of the wrong
Content-Disposition), the reasonable thing seems to fix that mail sender.
I think this is a good default to have. I just think that it should only be a
default.
David Lang
