This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

RSS Feed - downlaoding images / security

  • 3 replies
  • 1 has this problem
  • 24 views
  • Last reply by sfhowes

more options

I decided to try the RSS feed comparing it to the brand X web reader I already use. For the most part each feed will show images the same as my brand X. There is one feed in particular that shows no images - just a brief summary of the the article and the link up above in the header whihc takes me to the website article. The web reader has a full pic for this thread not sure why this particular feed doesn't show images in TB.

The question has to do with nearly all my feeds that have pics showing in the right side reading pane where the article shows up. Under view I have => Display Attachments inline. Any emails I receive with images are blocked and I need to manually chose => Show Remote Content I understand this doesn't have anything to do with inline image and is for security. Therefore since images are appearing in the RSS feeds I assume they are not remote content but are embedded images otherwise they would be blocked? If I disable EDIT: => Display Attachments - the images in the RSS feed are no longer visible.

I question if there is a security risk to be showing the inline images. Going back to the web reader there is an option to => Securely tunnel images thru brand X proxy - therefore the images that automatically show up are being downloaded from brand X back end server and my web browser retrieves them from brand X server not the RSS sender supposedly preventing any personal data from being sent back to RSS sender.

If downloading inline images are a security / privacy risk why are they not blocked by default in TB like the remote content?

I am computer illiterate to a certain extent though I have every possible privacy add-on and about:config modification done to firefox and a few adjustment to the config editor in TB as well to limit exposure. Are the inline images a prviacy threat? (not even getting into malware or viruses yet.)

I decided to try the RSS feed comparing it to the brand X web reader I already use. For the most part each feed will show images the same as my brand X. There is one feed in particular that shows no images - just a brief summary of the the article and the link up above in the header whihc takes me to the website article. The web reader has a full pic for this thread not sure why this particular feed doesn't show images in TB. The question has to do with nearly all my feeds that have pics showing in the right side reading pane where the article shows up. Under view I have => Display Attachments inline. Any emails I receive with images are blocked and I need to manually chose => Show Remote Content I understand this doesn't have anything to do with inline image and is for security. Therefore since images are appearing in the RSS feeds I assume they are not remote content but are embedded images otherwise they would be blocked? If I disable EDIT: => Display Attachments - the images in the RSS feed are no longer visible. I question if there is a security risk to be showing the inline images. Going back to the web reader there is an option to => Securely tunnel images thru brand X proxy - therefore the images that automatically show up are being downloaded from brand X back end server and my web browser retrieves them from brand X server not the RSS sender supposedly preventing any personal data from being sent back to RSS sender. If downloading inline images are a security / privacy risk why are they not blocked by default in TB like the remote content? I am computer illiterate to a certain extent though I have every possible privacy add-on and about:config modification done to firefox and a few adjustment to the config editor in TB as well to limit exposure. Are the inline images a prviacy threat? (not even getting into malware or viruses yet.)

Modified by user2451484

Chosen solution

spur4 said

As far as Ublock you must be referring to FF. I already have that installed I am not aware of being able to install that on TB. Thanks.

The github link has instructions for installing uBlock in TB.

Read this answer in context 👍 1

All Replies (3)

more options

I don't think inline images are a significant security risk (yes, I've read about 'malware hidden in jpg'), and as you've found, they can be disabled by unchecking View/Display Attachments Inline. Inline display of text, xml and html attachments is disabled by default. View/Feed Message Body As set to Summary will eliminate embedded images, which I also don't see as a significant security risk. As for privacy concerns, remote images are blocked by default, and if you were to use the uBlock Origin add-on, it would add an extra level of filtering of the type usually applied to websites to block ads etc.

more options

Whats interesting after playing around with the settings some more - View/Display attachments inline - View / Message body / Original, Simple, etc - turning off the Display attachments inline alone will not turn off the images in all rss feeds only certain ones. For those other non-responders to turn off image I need to change Original HTML to Simple HTML to kill the images vs other threads I can keep it on Original HTML and just disable Display Inline. Must have something to do with the way the images are attached whihc is above my pay grade. Nevertheless the images are unnecessary they are often stock photos with no relevance to the article so I disabled all Inline images and display body text to Default Format/Simple HTML keeps all text in original format and if pics are necessary the link is in the header to go to the website. I did read that there is the ability send malware or virus via RSS but seeing as how most feeds are / or should be https/ssl from trusted sources the chance of that happening is probably slim to none now that i think about it. A bigger issue is likely sending identifying data back to the RSS server which coincidentally takes us back to my original question...

As far as Ublock you must be referring to FF. I already have that installed I am not aware of being able to install that on TB. Thanks.

Modified by user2451484

more options

Chosen Solution

spur4 said

As far as Ublock you must be referring to FF. I already have that installed I am not aware of being able to install that on TB. Thanks.

The github link has instructions for installing uBlock in TB.