User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3b) Gecko/20030106 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3b) Gecko/20030106 Would it be possible to change the default value of the "Do not load remote images in M&NG messages" to true? Or, even better, that the user is promted with "Do you want to load remote messages: yes, no, always, never" when a message contains an external reference... Reproducible: Always Steps to Reproduce: 1. 2. 3.
Why should the default should be changed? Or is this merely a theoretical question?
No, it's not merely a theoretical question :-) I think we can safly say that remote pictures in messages are mostly used by spam messages to track by a unique url if a certain user reads the spam message... if one has pane-view on, it often happens that the external url is already loaded before you see (eg from the subject) that the message is spam. Your email address is marked as active in the spammers db and you'll get even more spam :-( The option is a bit hard to find in the preferences, and a lot of people don't know what the remote pictures are used for. I know several people who use Mozilla as their mail client who had the option off because they did not know about it. The best solution would definitely be a dialog asking "load remote messages: yes, no, always, never + warning" but I guess that is a lot more work to implement... Cheers, Chris.
I agree that 90% of remote images for 90% of people are spam, and a high proportion are quite nasty spam. But I don't think we should turn off functionality like this by default. The preference is hard to find - how about an option on the context menu similar to the "Block images from this server"?
> The preference is hard to find - how about an option on the context menu similar to the "Block images from this server"? I'm afraid they (the spammers) use way too many different servers, so that this blocking of images of certain servers wouldn't be very effective. Often they even use several servers in one spam message for downloading the infamous 1-px with unique url. This way they are more certain that the one of servers is still up and running by the time you read the message. The other problem is that the moment you block images from a certain server, the damage is already done... your email address is already verified and will be sold for very good money. If changing the default is not an option (which I understand: to the average user features are more important than security, and especially than privacy) then I think the pop-up (with a warning why remote pictures are bad for privacy) would be the best option... Cheers, Chris.
No, what I meant was a new entry that isn't currently on the context menu sown for images in email, effectively setting the preference that is so tricky to find, or possibly just taking you to the preference dialog. That would enable most people who want remote images blocked to do it. Certainly putting this on a right-click on windows is obvious enough, I don't know about other OS's. Something else that should affect the thinking on this issue is the spam-blocking functionality being developed. One of the features is that email classified as spam does not get HTML-rendered, hence spam images are never displayed while legitimate images are still shown.
the reasoning behind this bug-report sounds like bug 28327 and probably a dozen similar bugs. But i disagree the default should be to disable image loading in mail. If it is hard to find how to turn the ability off, that is quite another problem. And if it's really so hard, and this bug should be accepted: a "fix" would likely spawn a ton of bug-reports. Most users expect images to load.
I vote a resolution of wontfix.
I concur with the wontfix. Privacy concerns, while important, must be balanced with real and perceived usability concerns. The vast majority of our users expect images to load in mail. CCing Ben Bucksch, he produces a "high-privacy" Mozilla distribution called Beonex, and he may be interested in making this change in his distribution.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → WONTFIX
Thanks, Mitch, for the cc. :-) This is already fixed in Beonex Communicator, and in addition to that Simple HTML is used by default.
Status: RESOLVED → VERIFIED
Hotmail.com with its 110,000,000 users has recently started to disable remote images by default. If the typical Hotmailer can stand it, than definitely most Mozilla users can too. I'm quite sure that Outlook 2003 also do this by default. Please reopen this bug, it actively helps spammers target our userbase. Prog.
Reopening, I agree with last comment. Hotmail may just give enough reason for legitimate senders to stop sending external image references.
Status: VERIFIED → UNCONFIRMED
Resolution: WONTFIX → ---
confirm, over to mscott
Assignee: security-bugs → mscott
Status: UNCONFIRMED → NEW
Ever confirmed: true
As much as I dearly want this default change to happen, it should only happen when there is easily accessible UI for making these images show up again. - spam - note - ad-filled but otherwise wanted newsletter - spam - mail from friend with pictures Currently if I've turned off images in mail when I get to mail 5 I have to dig into preferences, flip the pref, reload the mail, then go back into preferences and turn off images before skimming the rest of my box. It's just too painful to inflict on people by default. In otherwords we need a mail equivalent to browser RFE bug 61710. Not sure where you'd get the real estate for such a button in mail, maybe a View menu item (with a hotkey, of course).
> - mail from friend with pictures Does your friend send you mails with images lying on a webserver, but embedded per HTML in the mail, no clickable URL/link?
It was a hypothetical example, friends usually send links. But I do get the occasional mail where I want to see the images and it's a PITA. I tend to get more of these from less internet-savvy family members sending me something they've found. I'm guessing they more closely approximate the general public than my friends, that they want to see these kinds of things, and that they wouldn't put up with the PITA of turning images on and off -- they'd curse Mozilla and turn them on permanently. Then what good has the setting done? The very people who need the most protecting are right back in the current situation, and there aren't enough fewer imageless mail receivers (on our part, Hotmail is another story) to encourage senders to skip the images. Are you honestly arguing against an obvious button to load images in an individual mail? Or second best at least a top-level View-menu item? It would simply be much better UI for this feature.
> Are you honestly arguing against an obvious button to load images in an > individual mail? No, depending on how it's implemented (e.g. only appearing, if images are actually blocked for the mail you're viewing). My point was rather that the case you mentioned probably doesn't exist in practice or is very rare. The images you want to see most are those sent by individuals to you (or a small group), and they usually don't upload images to a webserver and embed img references to that, but either attach the images to the mail or create a webpage and textually link to the page. The only problematic cases I know are commercial mailings (which hopefully now learn better with hotmail switching) and maybe when people do Send Page, depending on that implementation.
I just wanted to add that I agree image loading should be disabled by default, and say that I a "Load Images" button should be implemented, the same way Hotmail does. Hotmail messages containing remote images just have a line at the top: "To help protect your privacy (more info) Hotmail blocked images in this message. Show images once | Always show from this sender" Mozilla could have a similar line added to the header pane to the effect of "This message contains remote images" with a "Load" button. Another idea, the first time you load a message containing remote images, a dialog could pop up saying: This message contains images loaded from a remote server. These images can be used by spammers to verify your email address. Do you want to load images from this server? [x] Always block remote images [ ] Always report when a message contains remote images Yes / No The browser already does this for, e.g. submitting form data. I see no reason why this (by default) one-time popup should be a problem. Incidentally, images in this message should refer to all forms of content/css/iframes/whatever. Thoughts? I now realize this all should be in a separate RFE. :)
*** Bug 218395 has been marked as a duplicate of this bug. ***
Hello, Sorry for adding a comment, but I consider the current unsafe situation a showstopper. Mozilla claims to be a safe e-mail client. The default to read remote images from e-mail and news message contradicts this. Now that spam comes everyday to nearly everybody, all mozilla beginners get their adress validated on spammers' database, which should never happen with a client that claims being safe. Even advanced user get caught. I consider myself an advanced Unix user. I use mozilla at different places (4 at the moment). In some situations it is better than e.g. kmail. Until mozilla can use a roaming profile stored on an IMAP server, I (and many others) have to manually switch image loading to off from all places (and re-declare accounts etc...) only to realize some time later that I forgot to turn off remote images on this workplace. I consider comment #19 the best compromise : like submitting unencrypted forms, remote connections spawned by unsafe content is of high enough importance to trigger a question to the user. http://bugzilla.mozilla.org/show_bug.cgi?id=188476#c19 *Remember that in any bigger-than-trivial software, the vast majority of users run with default settings.* This is an important and daily issue for many users. Thank you for your attention.
I also find it a nuisance that I have to turn off remote images everytime I configure a mail account. I'd even like to turn off images sent as attachments as well, eg. given all the recent and not so recent wave of bugs in image processing software that lead to execution of (unwanted) code. The fail-safe method should be to have this option _OFF_, and display a big warning to the user when he gets an email that wants to load a remote image, asking if he wants to allow it this time, from this server, or always, before any URL is followed, and before any image is displayed. Voting for this bug.
Ian, WONTFIX? similar to Bug 289200.
Assignee: mscott → nobody
QA Contact: junruh → security
I think the world has changed a lot since when filed and argued, in favor of fixing this bug. Spam is the majority of mail, and the only real legitimate use of remote images is advertizing mails, but even then often with webbugs. I think it's time to change the default to disable any remote content.
Am I confused or is this already fixed? With Thunderbird, I see no GUI pref anymore. In about:config, I see mailnews.message_display.disable_remote_image true (default) mailnews.message_display.disable_remote_images.useWhitelist false (user)
I see seamonkey hasn't changed to thunderbird's model, noted at http://kb.mozillazine.org/Privacy_basics_(Thunderbird) not a "core" bug?
Product: Core → MailNews Core
So the desired outcome here is that SeaMonkey should have disable_remote_image default to true, and have UI to enable remote images for a particular message, and to enable remote images for a particular sender from then on? Yay, WFM (since 2006 and 2005, respectively).
Status: NEW → RESOLVED
Last Resolved: 16 years ago → 10 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.