Privacy issues of HTML and Images in emails
New TB user here, coming from Mac. I notice my emails look very 'old school' - font wise. I THINK it's because TB is showing plaintext whereas Mac Mail was showing me html, it looks that way anyway. Or maybe it's 'rich text' rather than html. I'm not sure, but it got me wondering, are there any major privacy/security risks of viewing html emails rather than plaintext? I automatically block all images in emails, always have. but looking at Mac Mail it doesn't look like i blocked html as some emails (newsletter type things) show some nice background colours and buttons etc, whereas the same email on TB is just basic font text.
I'd like my emails to look a BIT prettier, in all honesty, but not if that opens major security/privacy risks.
Would be grateful if someone could offer their thoughts on the above please
All Replies (4)
Thunderbird may well appear more text based, that is because scripting is not permitted in emails for security reasons and if present are ignored. It is hard to have that malware download and execute if there is no vehicle to download and run it. Likewise only a sub set of the full HTML spcification is implemented ie the HTML in messages is "Sanitized".
Remote images do represent some privacy issues, mostly in terms of webbugs. I blocked images and Ebay offered to cancel their email notifications as I never read them, but as I do very little business on the internet any longer such privacy concerns interest me less and less.
There is a bit of background information on remote content here https://support.mozilla.org/en-US/kb/remote-content-in-messages
Thanks. I wasn't sure what you meant here:
"I blocked images and Ebay offered to cancel their email notifications as I never read them"
I block images always, and get a lot of ebay emails too. I always click to view in browser rather than allowing Thunderbird to load much within the email
After some more reading and looking at settings, I now realise I was wrong to talk about blocking 'html' and 'images'. The actual option is to block 'web content' - and I like that, I definitely don't want pixel trackers and that sort of stuff feeding info back to the sender. I suppose it's just the only 'safe' (private) way to use email these days, to block all web content.
thanks
What I meant about eBay, was that I exclusively read the email in Thunderbird. So eBay never got one of their trackers telling them I was reading my mail like a good little customer. So they send another email offering to suspend further email as I did not read it. I really mean it as an illustration of perhaps unintended consequences.
Clicking any of the read in a browser links have exactly the same privacy implications as allowing remote content in the email. The links that are crafted into the email identify the source of the click and the email it came from. I do not know what all those additional parameters in an ebay email link are after the item id, but I am guessing TRKID is the tracking Id of the email to me. I it being 29 characters allows for a lot of uniqueness. It also offers an opportunity to merge my email tracking data with their site tracking data to create a more complete picture of me.
Yep that was my understanding too, thanks. I have complained to ebay and every time I speak to them (I do very frequently) I complain over and over and over and over, just to be a pain in the ass. Screw them, you want to track me? Then I will waste 10 minutes of your time every time we speak asking you to raise a new complaint. It seems childish, and maybe it is, but hey, we're all unique in our own special ways :)