28

When viewing some emails in Microsoft Outlook, if the sender has included images, I get the following option appear at the top of the email:

To help protect your privacy, Outlook prevented automatic download of some pictures in this message

"To help protect your privacy, Outlook prevented automatic download of some pictures in this message"

I am unsure how preventing the download of images in an email will protect my privacy. Is this mainly so people who might be looking over my shoulder can't see the visual contents of my email? Or is there a more technical reason; for example, to prevent the use of some kind of exploit in the image format itself (something like What is the corrupted image vulnerability? How does it work?)?

If it's the latter, why would the notice specifically mention privacy, as opposed to security? I guess this last question could come down to "because the guy/girl who wrote the notice wrote 'privacy'", or even "because 'privacy' is one of those terms that the general public can relate to", but I'd be interested to know if there's more to it.

Community
  • 1
m-smith
  • 569
  • 6
  • 10
  • Lol, Outlook protecting your privacy sounds rich considering Microsoft reads all your emails on microsoft live/hotmail accounts... I'd be surprised if it doesn't read everything that passes through outlook as well :P – Cestarian Apr 13 '16 at 07:44

5 Answers5

37

First it is important to understand what kind of images the client does not show. In your case, as the message states, these are images which would have been "download" ed. That means these are not images which are embedded in the email (multipart, etc.), but referenced (HTML img, etc.).

Now imagine what kind of information the sender could gain if your client downloads an image specified by the sender from a server specified by the sender.

Of course he would get: The exact time and, very important, the confirmation that you viewed the message at all. He could easily track you.

Who could want such information and what for? Spambots could verify that the address is valid and active in use. ...

How does it work practically? Say you are viewing a HTML-Mail and it would contain something like this <img src="http://sendercontrolledserver/didviewmail.jpg?address=youremail@yourprovider" width="1" height="1" />. Your client does not know what happens on the server if it requests that image, the resouce delivered by the server doesn't need to be an image at all, how could the client know before loading it. You couldn't see it with that size, too.

These are your private personal information and exposure of them would be a privacy threat.

ordag
  • 1,338
  • 12
  • 8
  • Thanks for the clear response. I can now definitely see how this is a privacy concern. – m-smith Mar 09 '12 at 11:20
  • You'll have to decide for yourself if this is a concern to you, by the way. Our Marketing department uses OpenEmail tracking using this method, and we do not track it to the customer. We use it simply to determine whether or not customers are reading the emails *that they opted in for* in an effort to see if we're offering them deals they're interested in. A low "EmailOpen" rate indicates we're not doing anything to interest the customer, so we may as well change our strategy or stop sending annoying emails. – David Stratton Aug 23 '12 at 20:44
  • But not all companies are so ethical... There is a risk if you don't trust the company, or even if you trust them and they're not trustworthy. We are just fortunate enough tohave our fair share of privacy nuts that keep things honest. – David Stratton Aug 23 '12 at 20:46
14

One reason for this is automatic image loading can be used to track users opening the mail (in the same way as a read receipt).

Say a marketing company sends out a mail to a thousand users and for each user they place a link to a different image in the mail (so user one gets image0001.jpg, user two gets image0002.jpg and so on), and host the images on their webserver.

This technique has been used by e-mail marketing companies, even going so far as to include 1x1 pixel images into mails that otherwise don't include them,

When those images are loaded from their webserver they know that the user has opened the mail and viewed the image (as the image is unique to the user), essentially allowing them to track the users actions, which could be considered a breach of privacy.

so some e-mail clients take the approach of defaulting to not loading the images in e-mail to protect user privacy.

Rory McCune
  • 60,923
  • 14
  • 136
  • 217
8

When someone sends you an e-mail, they know very little about you personally - especially if you use a public e-mail service.

The sender can include links and/or images which reference other servers on the internet. If your client automatically downloaded one of these images, that is synonymous with you automatically clicking on a link without reading it. In particular the sort of information they can ascertain from this are what client you are using to read the e-mail (as that client will utilise its own service which it would probably inform the server its downloading from via the User-Agent header). Not to mention your home IP address.

Now if the sender owns the server that the images are referring to they most likely have your client, which could be an old version they can exploit (security), and definitely have your IP address (privacy), which they can use to attack you personally.

As such you will find that quality forum CMS' (such as my own cough :) ) utilise an image proxy to protect the identity of staff members by downloading user uploaded images through the site server.

deed02392
  • 4,038
  • 1
  • 18
  • 20
  • I'm pretty sure the reason forums upload images to their server is just because they *can't* serve those images from other user's machines (since they're not running web servers, and probably are behind NAT). For the same reason, I doubt home IP addresses are very interesting in most cases (except maybe to approximate your location). – Brendan Long Mar 08 '12 at 22:46
  • Brendan, we don't allow users to upload images to the forum server, but we don't restrict users to known public image hosts either. – deed02392 Mar 09 '12 at 08:51
4

An image which is referenced in an HTML e-mail using an <img> tag resides on a remote host server, and is not included in the e-mail as an "embedded attachment". The remote server hosting the image can track the IP address that downloads the images, and with the advent of internally-redirected URLs (like the ones used by StackExchange to provide "permalinks" to dynamic content), the server can match the request for an image to the e-mail address that the message was sent to, by checking some unique portion of the request URL (which may not bear any resemblance or have any mathematical relationship to your e-mail address or other human-readable identifying info).

So, by downloading the images, you have not only told the remote server that you received the e-mail (and thus the e-mail address is valid), but that you opened it (and were thus at least intrigued by the subject and/or sender).

As used by major corporations that you have an online relationship with, this can be more or less harmless; they probably already have your e-mail address because you gave it to them, and the information based on you downloading images is just marketing fluff, telling them which of their e-mails you have and haven't found interesting enough to open. For spam, downloading a single image can "greenlist" your e-mail address, which would then be marketed to other spammers. The request for the image can also result in the installation of a tracking cookie (or the examination of cookies already on your system), which can compromise your privacy. Finally, yes, there are known exploits of various image formats which can allow an attacker to install malware on your computer.

KeithS
  • 6,678
  • 1
  • 22
  • 38
1

Don't forget that viruses and other malware can be imbedded in an image file.

JonnyBoats
  • 1,143
  • 7
  • 8