Feeds

back to article Apple Mail and iPhone users get vid-tracked

Paranoid or spam-averse users should steer clear of Apple's desktop or iPhone mail clients for a while, as mails can't be prevented from using HTML 5 tags for tracking. In common with the majority of email clients, Apple's can be configured not to load remote images embedded in messages, for privacy and spam prevention. But …

COMMENTS

This topic is closed for new posts.

Little Snitch

Those who are concerned about their privacy and want a bit more control over what their computers are sending to the outside world should check out Little Snitch:

http://www.obdev.at/products/littlesnitch

It's an easy to use personal firewall that can be configured to allow or block access to any address on any port, by any application.

It will also announce any attempts made by any application or system service to connect to the outside, to give you a chance to allow it or deny it; hence the name.

-dZ.

0
0
Happy

M'self I use google direct from Safari

'cos the crappy email client don't thread. Funny how I seem to be the only person that finds this useless.

0
0
Alert

rtfm

Mail does view by thread if you want it to.

0
0

@Francis Fish

You must be blind Threading has been there for ages.

0
0
Thumb Up

Yep!

I use Apple mail and Little Snitch is always banging on about this and that when HTML enabled emails are viewed, straight on the DENY button for the bloody lot!

0
0

Mail.app threading

I too protest at every update of Mail.app the sorry excuse it calls "Organize by Thread".

0
0

Is this the first use of HTML5 as an exploit vector?

Sounds like just an implementation glitch, but is this the first documented case of spammers/malware writers targeting aspects of HTML5 ?

0
0
Badgers

Don't read html messages!

I use Messenger Pro on a RiscPC which allows me to work in plain text. Even html-only messages are stripped of mark-up, which means losing links that aren't visible. I've set Apple Mail to use plain text but that only works for composing messages. When reading and replying to messages it still uses html which is potentially dodgy.

0
0
Stop

More serious

Hi. This bug is more serious than the article implies. Knowing this, I can craft an email such that whenever it is read by an Apple Mail user or iPhone user, I will get a notification of the time and the IP address that they read it from. Completely transparently to them, even if they turn off images and read receipts! I know which of my regular contacts use these devices because it tells me in the x-mailer headers of the emails that they send me... Good job I'm not a stalker.

Also, I've just tried it and if the audio link is valid, then Apple Mail will even play the audio out loud automatically! The iPhone doesn't seem to play it though.

0
0
Thumb Down

Hmm

Might have to stop using Apple Mail then. I'd previously assumed that turning off an option actually.. y'know.. turned it off.

0
0
Silver badge
Grenade

e-mail is text/plain

And if not then user's preferences must be respected by the MUA. Apple Mail is still a pale clone of Postmaster and way behind most other mail clients except if you think "templates" are important. And, why oh why, in Apple's new service oriented world does Mail have to start in order to send a calendar invitation? This should be configurable through an API.

Opera Mail rocks - fast full-text search by far.

0
0
Alert

What about webmail

Does this also effect people who use webmail through a html5 compatible browser?

If so you should update the article with your findings as its much wider in scope than the 5-10% of web users using those clients.

0
0
Anonymous Coward

Re: What about webmail

That would be down to the individual webmail implementation. For example, it might work in hotmail, but not gmail. I severely doubt any of the major ones have this problem, but I bet people have tried it.

0
0
This topic is closed for new posts.