If there are tracking gifs hidden in an email, how could one expect to block those? I've scoured the App Store and see nothing offered for MacOS Mail. I'm hoping that any settings in Safari (and potentially any ad-blocking extensions installed) would also prevent those insidious ad tracking gifs from working. But I really have not clue. Does anyone have any insight on this?
Because it was what should have just been an ordinary email communication from my family member (just text, but HTML text because there were styles applied), and the "Load remote content" was there and suspicious.
So, I looked at the raw source because I wan't sure why an email from him would contain images. It's possible that he might have composed an HTML image that referenced hosted images instead of embedding them, but not based on the casual, text-only nature of the email. So I looked at raw source:
Clearly these are tracking images meant to collect data and/or know when they've got a hit on a live, valid email address. Here's some background on Pippio.
I warned my relative that he's got some sort of adware or malware on his email client or browser.
And this all made me wonder what Apple is doing to protect me if I electively attempt to "Load remote content" on sources that I do expect images to download on while not having third party trackers nefariously inserted. iOS Mail doesn't even ask by default and just fetches images. I had to make sure I turned that feature off so electively download images.
woodmeister50 wrote:
squareman wrote:
... My family member's email had Pippio.com tracking gifs in there. Probably to try and harvest email addresses. I'd like to block that. ....
That is not possible. Trackers do not harvest any local data. They only
"phone home" with data from other websites visited. That is what trackers
are and their purpose.
Oh, but it very much is and quite easily. If my relative does have adware or malware installed, then it can encode all the email addresses in the to, cc, and bcc fields into the query strings of the hidden images (that's how marketers track whether or not you opened their email they sent to you). And by virtue of how many email addresses he sent this to, and how many hidden images there are, it looks like there's one for every address he sent to.
So if I happen to open it and the trackers phone home, then they have a hit on my email address too. Now, whomever is buying their lists would have my email address too. The rest of my family is not as savvy about security (and apparently people around here too) — so again, I ask, why doesn't (or do they?) Apple not have ways of blocking certain known ad trackers in Mail? I mean, when I click on an ad link that I want from mail (because it's an order confirmation and tracker for my package) Safari blocks me from that!
You don't need extensions with Mail. Rules are used to handle email, including reoccurring spam.
Don't replay to any email you down know who the sender is nor click on any links in the email. You can also set Mail to not download and display any graphics in an email and do it yourself manually on those you trust.
If you get spam you can setup rules to move them to the Trash and they will be deleted when Mail is closed.
That doesn't even get close to answering my question. I asked a specific technical question about how Mail renders its content. This isn't about recurring spam, it's about emails from trusted sources that are infected with tracking GIFs.
I received a legitimate email from a family member but it had embedded tracking gifs in it — I've alerted him that he's probably got a third-party extension on his PC that is embedding them in his email, or something even more nefarious.
I'd like to make sure that all invisible tracking GIFs are blocked because they are completely unethical, especially when I electively click the "Load remote content" button from a trusted source (for who's to say there's not third-party trackers embedded in there, and that's what Safari's no tracking features block). So, yeah, Mail does need something like this if it's not using Safari's web viewer and settings.
You are really not understanding this are you? Or are you trying to be purposely obtuse? My family member's email had Pippio.com tracking gifs in there. Probably to try and harvest email addresses. I'd like to block that.
Trusted sources can get infected with adware, malware, and trojans. Please stop waving it away as not a problem and avoiding answering the question. Just don't answer if you don't know the actual technical answer to the question.
squareman wrote:
... My family member's email had Pippio.com tracking gifs in there. Probably to try and harvest email addresses. I'd like to block that. ....
That is not possible. Trackers do not harvest any local data. They only
"phone home" with data from other websites visited. That is what trackers
are and their purpose.
Now, if you knowingly or unknowingly clicked a link that tries to install
adware or malware, that is something different entirely. And in that case,
unless you have turned off all security, you will be warned that your are
trying to download and install something from the web and will
ask you if you want to proceed.
Then those sources can't be considered that trusted can they?
The email tracking gifs let the sender know you've opened the email. If they are trusted sources it shouldn't make any difference.
How do you know that the email had the tracking gif in there?
Does Safari's no tracking extend to Mail.app?
