Closed
Bug 188476
Opened 22 years ago
Closed 16 years ago
default setting for "Do not load remote images in M&NG messages"
Categories
(MailNews Core :: Security, enhancement)
MailNews Core
Security
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: Chris, Unassigned)
References
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3b) Gecko/20030106 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3b) Gecko/20030106 Would it be possible to change the default value of the "Do not load remote images in M&NG messages" to true? Or, even better, that the user is promted with "Do you want to load remote messages: yes, no, always, never" when a message contains an external reference... Reproducible: Always Steps to Reproduce: 1. 2. 3.
Why should the default should be changed? Or is this merely a theoretical question?
Reporter | ||
Comment 2•22 years ago
|
||
No, it's not merely a theoretical question :-) I think we can safly say that remote pictures in messages are mostly used by spam messages to track by a unique url if a certain user reads the spam message... if one has pane-view on, it often happens that the external url is already loaded before you see (eg from the subject) that the message is spam. Your email address is marked as active in the spammers db and you'll get even more spam :-( The option is a bit hard to find in the preferences, and a lot of people don't know what the remote pictures are used for. I know several people who use Mozilla as their mail client who had the option off because they did not know about it. The best solution would definitely be a dialog asking "load remote messages: yes, no, always, never + warning" but I guess that is a lot more work to implement... Cheers, Chris.
Comment 3•22 years ago
|
||
I agree that 90% of remote images for 90% of people are spam, and a high proportion are quite nasty spam. But I don't think we should turn off functionality like this by default. The preference is hard to find - how about an option on the context menu similar to the "Block images from this server"?
Reporter | ||
Comment 4•22 years ago
|
||
> The preference is hard to find - how about an option on the context menu
similar to the "Block images from this server"?
I'm afraid they (the spammers) use way too many different servers, so that this
blocking of images of certain servers wouldn't be very effective. Often they
even use several servers in one spam message for downloading the infamous 1-px
with unique url. This way they are more certain that the one of servers is
still up and running by the time you read the message.
The other problem is that the moment you block images from a certain server, the
damage is already done... your email address is already verified and will be
sold for very good money.
If changing the default is not an option (which I understand: to the average
user features are more important than security, and especially than privacy)
then I think the pop-up (with a warning why remote pictures are bad for privacy)
would be the best option...
Cheers,
Chris.
Comment 5•22 years ago
|
||
No, what I meant was a new entry that isn't currently on the context menu sown for images in email, effectively setting the preference that is so tricky to find, or possibly just taking you to the preference dialog. That would enable most people who want remote images blocked to do it. Certainly putting this on a right-click on windows is obvious enough, I don't know about other OS's. Something else that should affect the thinking on this issue is the spam-blocking functionality being developed. One of the features is that email classified as spam does not get HTML-rendered, hence spam images are never displayed while legitimate images are still shown.
the reasoning behind this bug-report sounds like bug 28327 and probably a dozen similar bugs. But i disagree the default should be to disable image loading in mail. If it is hard to find how to turn the ability off, that is quite another problem. And if it's really so hard, and this bug should be accepted: a "fix" would likely spawn a ton of bug-reports. Most users expect images to load.
Comment 8•22 years ago
|
||
I vote a resolution of wontfix.
Comment 9•22 years ago
|
||
I concur with the wontfix. Privacy concerns, while important, must be balanced with real and perceived usability concerns. The vast majority of our users expect images to load in mail. CCing Ben Bucksch, he produces a "high-privacy" Mozilla distribution called Beonex, and he may be interested in making this change in his distribution.
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → WONTFIX
Comment 10•22 years ago
|
||
Thanks, Mitch, for the cc. :-) This is already fixed in Beonex Communicator, and in addition to that Simple HTML is used by default.
Comment 12•20 years ago
|
||
Hotmail.com with its 110,000,000 users has recently started to disable remote images by default. If the typical Hotmailer can stand it, than definitely most Mozilla users can too. I'm quite sure that Outlook 2003 also do this by default. Please reopen this bug, it actively helps spammers target our userbase. Prog.
Comment 13•20 years ago
|
||
Reopening, I agree with last comment. Hotmail may just give enough reason for legitimate senders to stop sending external image references.
Status: VERIFIED → UNCONFIRMED
Resolution: WONTFIX → ---
Comment 14•20 years ago
|
||
confirm, over to mscott
Assignee: security-bugs → mscott
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 15•20 years ago
|
||
As much as I dearly want this default change to happen, it should only happen when there is easily accessible UI for making these images show up again. - spam - note - ad-filled but otherwise wanted newsletter - spam - mail from friend with pictures Currently if I've turned off images in mail when I get to mail 5 I have to dig into preferences, flip the pref, reload the mail, then go back into preferences and turn off images before skimming the rest of my box. It's just too painful to inflict on people by default. In otherwords we need a mail equivalent to browser RFE bug 61710. Not sure where you'd get the real estate for such a button in mail, maybe a View menu item (with a hotkey, of course).
Comment 16•20 years ago
|
||
> - mail from friend with pictures
Does your friend send you mails with images lying on a webserver, but embedded
per HTML in the mail, no clickable URL/link?
Comment 17•20 years ago
|
||
It was a hypothetical example, friends usually send links. But I do get the occasional mail where I want to see the images and it's a PITA. I tend to get more of these from less internet-savvy family members sending me something they've found. I'm guessing they more closely approximate the general public than my friends, that they want to see these kinds of things, and that they wouldn't put up with the PITA of turning images on and off -- they'd curse Mozilla and turn them on permanently. Then what good has the setting done? The very people who need the most protecting are right back in the current situation, and there aren't enough fewer imageless mail receivers (on our part, Hotmail is another story) to encourage senders to skip the images. Are you honestly arguing against an obvious button to load images in an individual mail? Or second best at least a top-level View-menu item? It would simply be much better UI for this feature.
Comment 18•20 years ago
|
||
> Are you honestly arguing against an obvious button to load images in an
> individual mail?
No, depending on how it's implemented (e.g. only appearing, if images are
actually blocked for the mail you're viewing).
My point was rather that the case you mentioned probably doesn't exist in
practice or is very rare. The images you want to see most are those sent by
individuals to you (or a small group), and they usually don't upload images to a
webserver and embed img references to that, but either attach the images to the
mail or create a webpage and textually link to the page. The only problematic
cases I know are commercial mailings (which hopefully now learn better with
hotmail switching) and maybe when people do Send Page, depending on that
implementation.
Comment 19•20 years ago
|
||
I just wanted to add that I agree image loading should be disabled by default, and say that I a "Load Images" button should be implemented, the same way Hotmail does. Hotmail messages containing remote images just have a line at the top: "To help protect your privacy (more info) Hotmail blocked images in this message. Show images once | Always show from this sender" Mozilla could have a similar line added to the header pane to the effect of "This message contains remote images" with a "Load" button. Another idea, the first time you load a message containing remote images, a dialog could pop up saying: This message contains images loaded from a remote server. These images can be used by spammers to verify your email address. Do you want to load images from this server? [x] Always block remote images [ ] Always report when a message contains remote images Yes / No The browser already does this for, e.g. submitting form data. I see no reason why this (by default) one-time popup should be a problem. Incidentally, images in this message should refer to all forms of content/css/iframes/whatever. Thoughts? I now realize this all should be in a separate RFE. :)
Comment 20•20 years ago
|
||
*** Bug 218395 has been marked as a duplicate of this bug. ***
Comment 21•20 years ago
|
||
Hello, Sorry for adding a comment, but I consider the current unsafe situation a showstopper. Mozilla claims to be a safe e-mail client. The default to read remote images from e-mail and news message contradicts this. Now that spam comes everyday to nearly everybody, all mozilla beginners get their adress validated on spammers' database, which should never happen with a client that claims being safe. Even advanced user get caught. I consider myself an advanced Unix user. I use mozilla at different places (4 at the moment). In some situations it is better than e.g. kmail. Until mozilla can use a roaming profile stored on an IMAP server, I (and many others) have to manually switch image loading to off from all places (and re-declare accounts etc...) only to realize some time later that I forgot to turn off remote images on this workplace. I consider comment #19 the best compromise : like submitting unencrypted forms, remote connections spawned by unsafe content is of high enough importance to trigger a question to the user. http://bugzilla.mozilla.org/show_bug.cgi?id=188476#c19 *Remember that in any bigger-than-trivial software, the vast majority of users run with default settings.* This is an important and daily issue for many users. Thank you for your attention.
Updated•20 years ago
|
Product: MailNews → Core
Comment 22•19 years ago
|
||
I also find it a nuisance that I have to turn off remote images everytime I configure a mail account. I'd even like to turn off images sent as attachments as well, eg. given all the recent and not so recent wave of bugs in image processing software that lead to execution of (unwanted) code. The fail-safe method should be to have this option _OFF_, and display a big warning to the user when he gets an email that wants to load a remote image, asking if he wants to allow it this time, from this server, or always, before any URL is followed, and before any image is displayed. Voting for this bug.
Comment 23•16 years ago
|
||
Ian, WONTFIX? similar to Bug 289200.
Assignee: mscott → nobody
QA Contact: junruh → security
Comment 24•16 years ago
|
||
I think the world has changed a lot since when filed and argued, in favor of fixing this bug. Spam is the majority of mail, and the only real legitimate use of remote images is advertizing mails, but even then often with webbugs. I think it's time to change the default to disable any remote content.
Comment 25•16 years ago
|
||
Am I confused or is this already fixed? With Thunderbird, I see no GUI pref anymore. In about:config, I see mailnews.message_display.disable_remote_image true (default) mailnews.message_display.disable_remote_images.useWhitelist false (user)
Comment 26•16 years ago
|
||
I see seamonkey hasn't changed to thunderbird's model, noted at http://kb.mozillazine.org/Privacy_basics_(Thunderbird) not a "core" bug?
Assignee | ||
Updated•16 years ago
|
Product: Core → MailNews Core
Comment 27•16 years ago
|
||
So the desired outcome here is that SeaMonkey should have disable_remote_image default to true, and have UI to enable remote images for a particular message, and to enable remote images for a particular sender from then on? Yay, WFM (since 2006 and 2005, respectively).
Status: NEW → RESOLVED
Closed: 22 years ago → 16 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•