back to article Apple Mail and iPhone users get vid-tracked

Paranoid or spam-averse users should steer clear of Apple's desktop or iPhone mail clients for a while, as mails can't be prevented from using HTML 5 tags for tracking. In common with the majority of email clients, Apple's can be configured not to load remote images embedded in messages, for privacy and spam prevention. But …

COMMENTS

This topic is closed for new posts.
  1. DZ-Jay

    Little Snitch

    Those who are concerned about their privacy and want a bit more control over what their computers are sending to the outside world should check out Little Snitch:

    http://www.obdev.at/products/littlesnitch

    It's an easy to use personal firewall that can be configured to allow or block access to any address on any port, by any application.

    It will also announce any attempts made by any application or system service to connect to the outside, to give you a chance to allow it or deny it; hence the name.

    -dZ.

  2. Francis Fish
    Happy

    M'self I use google direct from Safari

    'cos the crappy email client don't thread. Funny how I seem to be the only person that finds this useless.

  3. telecine
    Alert

    rtfm

    Mail does view by thread if you want it to.

  4. Ivan Headache

    @Francis Fish

    You must be blind Threading has been there for ages.

  5. Anonymous Coward
    Thumb Up

    Yep!

    I use Apple mail and Little Snitch is always banging on about this and that when HTML enabled emails are viewed, straight on the DENY button for the bloody lot!

  6. David Kelly 2

    Mail.app threading

    I too protest at every update of Mail.app the sorry excuse it calls "Organize by Thread".

  7. Thomas Tallyce

    Is this the first use of HTML5 as an exploit vector?

    Sounds like just an implementation glitch, but is this the first documented case of spammers/malware writers targeting aspects of HTML5 ?

  8. Richard Porter
    Badgers

    Don't read html messages!

    I use Messenger Pro on a RiscPC which allows me to work in plain text. Even html-only messages are stripped of mark-up, which means losing links that aren't visible. I've set Apple Mail to use plain text but that only works for composing messages. When reading and replying to messages it still uses html which is potentially dodgy.

  9. Anonymous Coward
    Stop

    More serious

    Hi. This bug is more serious than the article implies. Knowing this, I can craft an email such that whenever it is read by an Apple Mail user or iPhone user, I will get a notification of the time and the IP address that they read it from. Completely transparently to them, even if they turn off images and read receipts! I know which of my regular contacts use these devices because it tells me in the x-mailer headers of the emails that they send me... Good job I'm not a stalker.

    Also, I've just tried it and if the audio link is valid, then Apple Mail will even play the audio out loud automatically! The iPhone doesn't seem to play it though.

  10. treboR
    Thumb Down

    Hmm

    Might have to stop using Apple Mail then. I'd previously assumed that turning off an option actually.. y'know.. turned it off.

  11. Charlie Clark Silver badge
    Grenade

    e-mail is text/plain

    And if not then user's preferences must be respected by the MUA. Apple Mail is still a pale clone of Postmaster and way behind most other mail clients except if you think "templates" are important. And, why oh why, in Apple's new service oriented world does Mail have to start in order to send a calendar invitation? This should be configurable through an API.

    Opera Mail rocks - fast full-text search by far.

  12. Mathew White
    Alert

    What about webmail

    Does this also effect people who use webmail through a html5 compatible browser?

    If so you should update the article with your findings as its much wider in scope than the 5-10% of web users using those clients.

  13. Anonymous Coward
    Anonymous Coward

    Re: What about webmail

    That would be down to the individual webmail implementation. For example, it might work in hotmail, but not gmail. I severely doubt any of the major ones have this problem, but I bet people have tried it.

This topic is closed for new posts.

Other stories you might like