Stopping "PattyMail" Email Bugs 248
An anonymous reader writes, "In the U.S. Congressional Inquiry into the HP spy scandal, it was revealed that HP used Web bugs to track the source of leaks. HP's Fred Adler considers them a useful investigative tool which HP will keep using. Since dubbed PattyMail after HP Chairwoman Patricia Dunn, Web bugs have been around for a while. But it turns out the vulnerability they represent is far worse than first thought. Microsoft Outlook won't have a patch until 2007. The company at the center of the scandal claims they've done nothing wrong. But could repressive governments use them to track down critics? Can anything be done to stop Web bugs?"
Mutt ! (Score:2, Informative)
Re:Yes. (Score:1, Informative)
If you're using Thunderbird [mozilla.com], by default it won't display images in e-mails. Is says 'to protect your privacy, these images have not been shown', and offers a button to click to show the images.
I can think of three ways... (Score:2, Informative)
Re:Get rid of pics in emails (Score:4, Informative)
The issue discussed in TFA does not involve image bugs but iframe bugs.
Now, I don't know, but they would potentially still be triggered if you were using a "convert to plain text" filter???
Re:Yes. (Score:3, Informative)
Re:Nothing new here... (Score:3, Informative)
It is NOT about images (Score:2, Informative)
IFRAMEs _not_ images!
http://www.freedom-to-tinker.com/?p=610 [freedom-to-tinker.com]
Problem NOT Solved (Score:2, Informative)
http://www.freedom-to-tinker.com/?p=610 [freedom-to-tinker.com]
Two Solutions (Score:2, Informative)
Solution #2:
Schwab
Re:Plain Text Only (Score:1, Informative)
1) Assiduously avoid MSFT products where possible.
2) If you can avoid all, avoid MSFT Word, the probably culprit in this case. Use OpenOffice instead.
3) If you can't do that, disable automatic macro execution in MSFT Word.
4) Do not use HTML email. HTML makes things PRETTIER, not more useful. Anyone in favor of HTML mail is either a spammer or cares more for form than function. HTML mail is a useless abomination. But I digress.
5) Install something like ZoneAlarm on your individual workstation and explicitly ban all MSFT Office products from accessing the Internet, without at least popping up a dialog box. This way, if there is a "phone home" mechanism hidden in a document, you'll know when it tries and you can intercede.
6) Set your email program to alert you and request permission before sending read receipts. Never auto-send them, and do not auto-reject them either. It's useful to know who's trying to check up on you. Then, once you know someone's trying to check up on you, refuse to send the read receipt.
7) If you must follow a questionable URL of dubious provenance, consider actually using an OLDER browser version. For example, Netscape v4.7 or older. It won't render many pretty things correctly, but who cares. More importantly, it also will simply ignore a lot of the more recent tags and syntax as being noise.
Sendmail/MailScanner/Pmail (Score:4, Informative)
www.mailscanner.info
www.pmail.com
Problem solved, oh, maybe five years ago. It amazes me that anyone just figured this was a problem NOW.
I've received hundreds, if not thousands, of emails with a {disarmed} header modification inserted by MailScanner... it's quite interesting to learn who is routinely inserting tracking bugs in their mailings.
I suppose you could also use transparent caching a'la squid to bumfuzzle some of the trackers and speed up browsing for your end users at the same time. But it seems like nowadays the bugs usually contain individualized tracking codes that would make it through the cache anyway.
You just have to strip out external references and tell the end users "that guy who sent you this is using a broken mailer". That's the strategy the HTML addicts used to create this problem, after all - they told the clueless that HTML was normal and that anybody who couldn't read it was using broken or obsolete software. I use the same line (which happens to be true) if somebody complains that they can't read company XYZ's mailings because the image links have been stripped out; "oh, company XYZ is using a broken obsolete mailer that puts external links into the text; until they learn to use the Internet you'd better find a new company to deal with or stick to phone calls".
Re:"Can anything be done to stop Web bugs?" (Score:3, Informative)
Use something simple (Score:2, Informative)