Fox Says Web Bugs = Virus Risk 80
Bonker writes: "Fox News is printing an expose on 'Web Bugs' used in concerto with HTML-mail spam. Along with outlining the dangers and the methods that Web bugs use to gather information, CERT's Jeff Havrilla is quoted as saying that these are pretty much ripe for illegally malicious activities, such as virus propagation. Harvilla says that Web Bugs would allow malicious virus creators to 'target' systems. Scary, wot?" *sigh* I can't even begin to describe how much the story irritates me - yes, there's truth to it. But it's more then just simple Web bugs - it's any sort of URL, given that you could create a unique URL for each spam. Take out the scare portion of the article, and just use the bottom line - don't click on spam URLs.
How about this? (Score:1)
The mail program can download and upload mail as it pleases, but the renderer itself can be told not to. That would zap web bugs.
========================
63,000 bugs in the code, 63,000 bugs,
ya get 1 whacked with a service pack,
Re:URLS and advertising (Score:1)
Some of it is really easy to tell. For instance, Amy and all of her friend who want to show me how they're working their way through college... no imagination in the subject lines. But when I get e-mails that fall in that gray area, over 50% of the time, I'm deleting spam e-mail, thanks to the wonders of AOL who seems to have sold my address to every jackass with a porn site.
And then there's the fact that not all spam URLs are easily identifiable. Mind you, I generally do not click on a URL in an e-mail unless it comes from someone I know and I can actually verify that they sent it. But with the numerous ways to re-direct URLs, what looks innocuous isn't always the case.
Of course, the harsh solution is to first kill all the spammers. Harsh to spammers at least.
Kierthos
Re:But email bugs ARE a serious risk (Score:1)
HTML-savvy email clients should have a configuration option that allows the user to disable fetching any off-site data - e.g., any IMG tags that are not embedded in the message, just as we can disable cookies that are sent to a different host in our web client.
Consider the source of this... (Score:1)
They are media sluts, willing to do anything for people to watch them almost to the point of being a soft-core porn network at times. Here in northern Va they're known for always opening with a murder or other scary story, and also for commercials like "Billy Bass boasts record sales! But what does it teach our children? Find out the horrible reality tonight on Fox News at six!"
Don't take them seriously, or any popular media seriously for that matter.
Okay, so I didn't read the story,,, (Score:1)
What if a combination macro-virus-writer/spammer coded up another new exciting outlook-exploiting virus, that contained a web-bug that had a URL like "http://www.nastycheaphosting.com/~luser/bug.asp/
--
Re:Yup. (Score:2)
The only way to not "fall for it" is to not display HTML mail. Either that or the reader could not display outside embedded stuff.
So what? (Score:1)
Give me a break.
--
Re:URLS and advertising (Score:1)
More to the point, tho...
All of you act like you're not part of the ubermind that knows everything about everyone already (courtesy of the non-local cosmic consciousness junction). The marketers are a part of you people. You have no need to hide from yourselves, do you? Let yourself slip into The Profile.
Re:GetUserInfoEx? (Score:1)
How about an email with a flash file attacment.
while its running, it sends a message to your server telling you the email address of the person stupid enough to launch the attachment.
The next wave of emaiil you send out only to those addresses, and attach the virus instead
OR, instead just sell your database ov stupid users
certainly very evil possibilites exist here
Re:URLS and advertising (Score:1)
Its actually worse then that. Spammers use the resources of others (bandwidth, storage space) at no cost to themselves. They actually force the cost of their "advertising" on the users who never requested this junk in the first place. This is the exact opposite of the model used in printed media today, and is what makes spam so undesirable for a consumer and so appealing for a marketer.
--
Re:Slashdot still has its own webbugs, of course (Score:1)
Re:Why web bugs are particularly evil (Score:1)
Re:But email bugs ARE a serious risk (Score:1)
Thus, the WINMAIL.DAT. Oh yeah, we don't like that either....
In reality, pretty much every Text/HTML MIME part comes with an accompanying Text/Plain part, which is the two sizes fits all solution. Problem is, there is no way to tell Netscape/Outlook/etc to display the text part instead of the HTML part.
Re:Why web bugs are particularly evil (Score:1)
Re:URLS and advertising (Score:1)
Re:URLS and advertising (Score:5)
That's because they were paid by advertisers. With spam, nobody is paid to carry the ad, thus nothing is funded by the advertiser. Magazine advertisers pay magazine publishers who give us magazines, television advertisers pay television companies who give us television, spammers pay nobody so we get nothing. Spam isn't going to bring us anything, because spammers don't pay anyone.
Valid claim (Score:1)
This is even better than asking you to reply with a "remove," in order to get you on even more lists. This way, you can become a premium beneficiary of their spam enterprise without any direct involvement.
Good job Congress. At least telemarketers can be stopped.
Finally something tangible? (Score:1)
Rather than saying, "Spam is like getting postage due mail that can't be refused," perhaps now we can point to some, hopefully many, instances od spam and say, "This spam is extremely likely to be a virus carrier that could wipe out millions of Windows maghines worldwide simply by being received." Maybe THAT could jumpstart some law-making and prosecution.
Although, as we all know, in the US, while lawmaking is easy, actually following through on the part of the government is rare.
--
Re:Valid claim (Score:1)
Here comes the sensational journalism with its "cyber crime" and "hacker wars." Oh boy.
HTML Email (Score:1)
Re:Why web bugs are particularly evil (Score:1)
2) Automatically executing code from a remote, untrusted source is bad, kids. I haven't seen a web bug that actually executes remote code on the local client machine unless you consider JavaScript code to be unsafe. Sure JavaScript can be unsafe if your browser's intepreter has an implementation bug or you consider certain information like screen resolution, local timezone and other browser options to be private, but we are not talking virus risk here.
The Web Bug FAQ [privacyfoundation.org] for more information. In particular note that it does list some non-evil uses for web bugs:
Another use of Web bugs is to provide an independent accounting of how many people have visited a particular Web site.
Web bugs are also used to gather statistics about Web browser usage at different places on the Internet.
E.g., If you want your site to run at the fastest posible speed, you might host static HTML with a globaly traffic managed web caching or hosting company like Akamai [akamai.com] or Speedera [speedera.com] But you still would like to get logs directly for anaylzing traffic to your site and comparing with the web hosting company's bills. So you place a web bug on your pages directly back to your origin site (or third party like LiveStat [livestat.com]). The user experence is still fast if done right, because the slow logging to your server occurs after the page is rendered.
This was discoverd in ms Word a while ago (Score:1)
Why web bugs are NOT EVIL! (Score:1)
Take for instance the company itraceyou.com [itraceyou.com]. This company provides a free service for users to be able to receive confirmation emails when their email has been opened. I think that would come in useful for anyone of us. Isn't that a ligitimate use for the web bug?
What troubles me more is that they are attempting to patent this (what seems to me), kind of obvious method of receiving a notification when an email is opened.
Visit the company info [itraceyou.com] page for information on the pending patent. Should this actually be granted?
Woop-de-doo (Score:1)
Woop-de-doo. It's not expensive to sneeze viruses all over the world, so why bother targeting? And the majority of the world - present company excluded - uses Win32 and IE - or IE-based AOL. You don't get a hell of a lot more useful info out of your basic HTTP headers than that.
The profiling is disgusting. The increased threat of virus is negligible.
If anything, the thing that opening the email does is advertise "I'm an idiot. Here's my IP address. Crack my system. (Hint: I'm the kind of person whose password is the same as my username)."
Re:But email bugs ARE a serious risk (Score:1)
It's a case of stupidity compounded by stupidity. HTML was never a good idea for email in the first place. (i.e. any form of "enchanced" text for email should have been designed to be easily readable on something which didn't render it. The output of email programs which generate HTML appears to have been specifically designed to be cryptic to anything other than a web browesr.) This is compounded by simply feeding it to a web browser engine. Without at minimum removing external links and JAVA/JAVAscript/Active X/etc.
Re:URLS and advertising (Score:2)
God, I'm glad I use lynx and pine. It's a shame though, when a site is inaccessible for those without javascrapt... what ever happened to "Click Here to see a Text-Only Version of this Page" ?
Re:GetUserInfoEx? (Score:2)
I'm way too late, but the answer is simple: Set the log to record the User-Agent: header. Presto, a list of all users who read the e-mail, what e-mail client they used, and for most clients, the OS they are running.
This information can be invaluable: /var/log/httpd/access_log
grep IE
Presto, a nice list of everyone who accessed using some version of IE (I don't know what Outlook sets the User-Agent to). If you set it up to have a query string with the e-mail address recorded (ie, http://www.example.com/bug.gif?user@example.net - generated through your spam-script) your log suddenly includes the e-mail address too. This is how much information you can record and why this can be a threat - especially coupled with the fact that the most insecure clients download the images without user-option.
SPAM from companies that should know better (Score:1)
My personal favorite is when I received spam from a company that was trying to sell me intrusion detection software.
There's just something ironic about that.
Free Webbugs Filter (Score:1)
Re:Why web bugs are NOT EVIL! (Score:2)
Re:Why web bugs are particularly evil (Score:1)
What are you talking about? All the author has decided is the linearization of text with HTML. You can decide fully how it will be represented with CSS. And anyways, you're supposed to be writing XHTML, which is an XML application anyways, so your point is moot; I could use XSL to reorganize the linearization of data how I please
Re:for the time being there is a solution (Score:1)
I can relate to this... (Score:1)
Anyway, the marketeers like to be able to track ROI and whatnot. So a little bit back, we started sending multipart MIME messages, and including the company logo in the HTML version. Result: the ability to tell them "Okay, in the first 7 days after the mailing, N people opened the message with HTML-capable mailreaders while online." Obviously, the actual number of people reading it is greater, but these days, probably not by much.
Around that same time, I modified the Perl stuff that sends the mailings to stick a query string on those images, i.e. "/hdr1.gif?7kdtP-SeV" or whatever, populating it with an encoded version of a string containing stuff like the date it was sent, the filename of the message that was sent, and the registered userid (on our site) the address corresponded to.
On the back end, more Perl looks at various and sundry logs, and goes through the process of "Hey! CMDRTACO read the e-mail. Hmmm. CMDRTACO clicked through to the site from the e-mail. Hmmm. CMDRTACO logged into the site. Hey cool, CMDRTACO bought something, cha-ching!" and so on.
I'm actually doing some finessing today to automate things a bit. Perl hacking, fun fun fun.
--
Someone who has time ought to code this... (Score:2)
Those web-bugs are so small that you can't easily right-click and block image from server. I started to put a page together a while ago where I take the webbug, as I find it, put it on a page where i've expanded height and width to 50x50, in order to be able to right-click and block em.
I was thinking about writing a cgi that would allow people to enter an URL and offending page/company name and add to the page, but I've not had time to do it.
If you want to see the page, click here [wiw.org]. If anyone wants to help throw together the cgi for such a page, or even gets one going, contact me.
Why web bugs are particularly evil (Score:3)
Why Hemos went on a rant, I don't know. Yes, the article doesn't mention URLs in spam, but that's because they're less insidious than web bugs. Presumably, if you click a spam link, you get what you deserve.
Spam (Score:1)
Slashdot still has its own webbugs, of course (Score:2)
<!--
now = new Date();
tail = now.getTime();
document.write("<IMG SRC='http://images2.slashdot.org/Slashdot/pc.gif?
document.write(tail);
document.write("' WIDTH=1 HEIGHT=1 BORDER=0>");
document.write("<IMG SRC='http://images.slashdot.org/pagecount.gif?/ar
document.write(tail);
document.write("' WIDTH=1 HEIGHT=1 BORDER=0><BR>");
//-->
</SCRIPT>
<NOSCRIPT>
<IMG SRC="http://images2.slashdot.org/Slashdot/pc.gif?
<IMG SRC="http://images.slashdot.org/pagecount.gif?/ar
The latter is clearly a page-counting mechanism (or so it appears), but wouldn't the non-hypocritical thing to do still be to remove one's own webbugs before posting yet another exposé on the dangers of others' webbugs? At least for appearances' sake?
URLS and advertising (Score:3)
They created 3-d vision and smellovision in the movies because movie theaters, at that time, were major purveyors of advertising. Radio shows were sponsored by advertisers and all of their content was, in that sense, a form of spam.
Why do we get angry when an ingenious marketer slips in an intrusive, but fundamentally harmless, web-bug? If the spam were a virus and crashed a system or deleted data, it would be counterproductive to the spammer's purpose, marketing.
The freedom of advertising IS the freedom of the press. Advertisers brought us magazines, daily newspapers, radio theater, and many other aspects of our culture that have become highbrow, in some way BEYOND advertising. Give spammers respect- and a bit of freedom-- don't threaten them with punishing lawsuits and jail time! Otherwise, very few people without previously existing monolithic web presences will choose to do business on the Web. Remember, spam is the tool of the small business, the underdog- he who cannot afford the banner ads and other less obtrusive forms of advertising.
Re:Yup. (Score:2)
It seems only fair to me ;)
the trick is web bugs are usually images (Score:2)
my solution is not to run an HTML-aware mail program. I delete anything that is not text/plain unless i'm _very_ sure of the source...
Not always the case... (Score:3)
Eudora for the Mac (but not for PC) has an option to not download remote HTML graphics. All HTML will be displayed, and all images sent with the message are displayed, but no remote server is accessed.
This is A Very Good Thing. (tm)
There are other possibilities out there.
Re:URLS and advertising (Score:2)
It also annoys me when I have to delete 50-100 spam messages a week, and hope that I don't delete anything important along with it. In the "old days" of advertising, getting your product out required some sort of cost to the advertiser. Now any idiot with an AOL account, a spam program, and a large list of email addresses can spew out junk messages non-stop, with virtually no cost to themselves, and at a high cost of annoyance to the receivers.
GetUserInfoEx? (Score:3)
(No matter how good your security is, you can't stop users from hurting themselves by running untrusted code. Scare tactics stories "virus threats" only make the problem worse.)
Users are the real problem (Score:1)
This may allow a creator of one of these new breed script virii to better target mailboxes, but the weak link remains the same: the user who opens the attachment. In the past, virii relied on technical holes for their propagation; now it's simply the gullibility of a large number of users. Besides, the victims of these scripts are not targeted by the author except in the very beginning of an outbreak; rather, they (voluntarily or not) send the message along to each other. So the better-aimed shotgun that "web bugs" might create would really make little or no difference in the spread of a modern email worm.
By the way, did anyone else notice Fox News is printing an expose on 'Web Bugs'? I suppose that's print in the "printf" sense, not the "ink-on-paper" sense ;)
But email bugs ARE a serious risk (Score:5)
Making matters worse, these email bugs have moved beyond the domain of "get-rich quick" and porn spam. Even companies you might consider legitimate have been doing this. One would think financial institutions would be particularly concerned about privacy, but I have found email bugs lurking in mail from both E*Trade and American Express.
While these bugs aren't very effective against those of us who use pine, mutt, etc., they set a dangerous precedent. If users tolerate applications retrieving untrusted data from the net without notification or permission, we could see even worse abuses like this in the future.
Unfortunately pressuring application vendors to respect our privacy is not always fruitful. And with closed-souce applications, you often have no idea what they are up to. I was glad to see that some of the Windows "personal firewall" programs such as ZoneAlarm [zonelabs.com] offer features that alert users to unexpected outgoing connections made by applications. Users can define notification policies based on their own privacy concerns. I haven't run across similar software for Linux, although it wouldn't be hard to write. And it isn't quite as important on Linux since fewer users download/buy untrusted binary-only programs.
Cheers,
Fyodor
Concerned about your network security? Try the Free Nmap Security Scanner [insecure.org].
How this happened (Score:3)
Why overrated and not Flamebait, Troll, or Offtopic? Because the moderators are all cowards, and we don't want to lose karma in meta-moderation to some rogue meta-moderator. Moderation, meta-moderation, etc, only work if the majority of users are not trolls. Unfortunately, they are mostly trolls on Slashdot...
Re:Why web bugs are NOT EVIL! (Score:1)
UserIsIdiot() (Score:2)
Easy, you just check to see if they're running Windows.
(That was a requirement for the virus, so this isn't totally flamebait...)
Re:But email bugs ARE a serious risk (Score:1)
Where can I learn how to see the Web bugs that I suspect are in the spam-like e-mail that I receive?
Thanks,
Tim
Re:Not always the case... (Score:1)
style sheets...
javascript...
java...
so it's not so simple just to turn off images. luckily for me, eudora doesn't run any of these either, but some people who use other email clients may not be so lucky....
Re:Slashdot still has its own webbugs, of course (Score:1)
Re:Valid claim (Score:1)
However, remember that on Windows, the browser is used to get the image. That sends system configuration information in the http header.
Re:Why web bugs are particularly evil (Score:1)
Re:for the time being there is a solution (Score:1)
The lame brained windows users who are warned and still allow everything to autoload, condemn themselves. However, I like the idea of being able to protect myself. I don't care what the spammers do with the sheep. There'll always be sheep.
========================
63,000 bugs in the code, 63,000 bugs,
ya get 1 whacked with a service pack,
Re:Why web bugs are particularly evil (Score:1)
Damn- I should've previewed my last post.
Re:URLS and advertising (Score:1)
I just checked my emails... (Score:1)
Among many other embedded images at system generated URLs (but all have a similar ID string
[http://tako.sierra.com/wrclick?v&CoreNewslette
HomeGain.com img src="http://click.homegain.com/kc1231313040.1001.
Barnes & Noble img src="http://www.ensuredmail.com/mbna/ctr.asp?e=YE
Buy.Com IMG SRC="http://enews.buy.com/cgi-bin5/flosensing?y=C
WestWood Studios img width="1" height="1" src="http://www.m0.net/m/logopen02.asp?vid=676&ca
PriceLine.Com img width="1" height="1" src="http://www.m0.net/m/logopen02.asp?vid=644&ca
Network Solutions (even had my email address embedded in the image URL)
img src="http://graphics.e-dialog.com/graphics/myemai
They seem to embed them between the closing BODY tag and the closing HTML tag in most cases.
Kind of scary. I think I'm going to stop using Outlook... *shiver*
(not to say *all* of these are web bugs, but they were suspicious)
Re:"...you could create a unique URL for each spam (Score:1)
Re:I just checked my emails... (Score:1)
Re:URLS and advertising (Score:2)
I check my e-mail. I expect to be sent something that I requested. Be it by somebody asking my e-mail address or filling out a form, knowing that I would be contacted for a specific reason that I knowingly requested.
Spam is typically not requested by individuals. Well, unless they are a masochist. I always have the option to see the Slashdot ad. I can simply avoid it by not visiting the site. I *requested* to see the site, and thus the add. When one gets spam when checking their e-mail, they did not request that advertisement. Personally, I see it as intrusion onto my privacy, and do not appreciate it one bit, and I wish it were illegal.
I predict (Score:2)
Spammers will pay big money to backbone providers and then they will be given the right to spam as they please. Of course blasting the backbone provider would be like pounding on your spinal cord out of spite.
I also predict there will be an explosion of free ISPs. If the figures concerning profits from data profiling aren't as exaggerated as I think they are, the free ISPs will make good money from feeding customers to these spammers. They may very well push a few normal dialups out. Mix in a TOS which says you WILL not circumvent data profiling activity in the free ISP connect software, add a dash of DMCA, and you are no longer watching your monitor, it is watching you.
The more likely scenario is the big fish ISPs will mutate into a gruesome hybrid of highly reduced priced unlimited service plans, with the TOS requiring you submit unconditionally to the data profiling behavior in their software.
Need I suggest what horrors await if the free DSL thing takes off? Simply put the data profiling will be even faster and more efficient and more transparent.
Like I said, the web bug thing is nothing. They can do far worse to you with a lower priced service with a diabolical TOS and proprietary DMCA-protected ISP connect protocol software (pppoe-freeDSL-8.0.dll, anyone?).
Only the small time spammers will be still using web bugs after that.
========================
63,000 bugs in the code, 63,000 bugs,
ya get 1 whacked with a service pack,
Re:URLS and advertising (Score:1)
I'm halfway with you on this. I don't think spam, in general, is as evil as some make it out. But in this case, there is a genuine privacy and (maybe) security risk.
Advertising to the masses, through TV commercials or mass e-mails, is one thing. Retrieving personal info (think: Doubleclick web bugs) is another, even if their goal is just to send you "targeted" advertising.
Do you really want Joe Spammer to be in a position to know that you are currently online, with IP xxx.xxx.xxx.xxx, just received an e-mail advertising "hot teen lesbian action", and clicked on the link within after only twenty seconds? That's easy for them to do. With a little more work, they could associate your e-mail address / cookies with your physical address and other personal info.
There is a fine line between advertising and spying. Its been crossed before, and web bugs will be used to cross it again.
My mom is not a Karma whore!
Truly elegant (Score:4)
Talk about power. Instead of a virus, it's a way to find out the architecture of people's networks. Sure, lots will be blocked by firewalls, but lots won't. There's also the potential to load large images (500k) off a taget website. If the email spreads fast enough, it will be a distributed DOS.
Hemos Bugs (Score:1)
Re:URLS and advertising (Score:1)
Now it seems that spammers can even find out where you are (via your IP address and those nifty HTML-reading e-mail clients). I thought the virus link was kind of far-fetched.
I don't see a solution to spam anywhere on the horizon, but this is a bad development.
"...you could create a unique URL for each spam." (Score:2)
well you could, but that would defeat the main benefit spammers utilise, which is the ability to send a single body with multiple (ie. hundreds if not millions) of RCPT TO addresses.
the current methodology makes the relay do all the work by making it contact all the smtp hosts of the people being spammed. by adding a unique web bug (and hence a unique body) for each receiver you would create an immense amount of load on the spammer's own system and network connection.
just my 2 cents
marty
Moderately Amusing (Score:1)
I'm sure this amuses only me. Oh, well.
--
Re:I predict (Score:1)
One of the cool things about Konqueror ... (Score:2)
The worst part (Score:1)
<img src="http://we.spam.you/php-script/fean-reads-his
so all they have is a PHP script sitting there, recording who reads the emails.... its impossible to stop on web based email systems....
Re:Not always the case... (Score:1)
--
Not until you change the world (Score:2)
HTML was designed from day 1 just as you described, and what do we see? People spending days and days writing convoluted code to get the formatting "just right."[1] This is especially true when you are presenting something with no content[2]. Too many people are control freaks as well, there is no way they are ever going to let someone else see the presentation when they could have just any font, point size, or color selected (just to name a few). These people shutter at the idea of a webbrowser without the FONT tag, or those people who click "override document fonts". There is no way they are going to let their formatting be dictated by the reader!
Maybe it's a good thing to make these people let go of their control issues, but in reality anything that tries is either not going to catch on, or is going to be mutilated into something else (HTML).
[1] At least on Windows with IE
[2] 75% of all web pages, and 100% of all flash presentations
Re:for the time being there is a solution (Score:1)
strangers and all the other things you learned as a kid).
My point is that computers attached to the internet are not just "toys" but they are serious pieces of electronic equipment. Equipment that most people trust their finanical records and other aspects of their personal life to. At least software should go with conservative defaults for the uneducated. The people who do know what they are doing know how to change the defaults.
It would be fairly trival to have a bug of worm that gets into a system via a bug in outlook(or more often than not an education problem, like files named pr0n.jpg.exe etc..) and then phones home with all of the goodies to some random webserver in siberia. Oh and it installed a nice backdoor or something.
People just need to be educated about the risks, like with the box tossing up a message about loading remote images saying that "Loading images from remote servers that are received via email can be considered a privacy threat, if you know that you will not have this problem, click ok, otherwise the safe choice is no".
I'm sick of people trying to candy coat things and saying that its completely safe to have your computer on the internet, because we all damn well know its is a risk.
web bugs must be deadly (Score:1)
--
Peace,
Lord Omlette
ICQ# 77863057
Re:URLS and advertising (Score:1)
"Advertisers brought us magazines, daily newspapers, radio theater, and many other aspects of our culture that have become highbrow, in some way BEYOND advertising."
An advertiser pays the newspaper, radio or TV station or magazine for advertising space, and then the newspaper, radio or TV station or magazine uses the money to provide content. The *CYCLE* is completed when the audience of the content buys the product from the advertiser. If you partake of the content, you get the ad; if you don't partake of the content, your chances of seeing or hearing the ad are much lower.
Now, the BIG question; What have Internet spammers brought the Internet community? The spam in my mailbox has little or nothing to do with any of the content I utilize. The content I utilize is not funded by spammers.
True, my mailbox at home gets junk mail sent to it, regardless of my lifestyle. In that case, the junk mailers pay the post office that delivers my mail; in fact, a large percentage of mail is paid (to the post office, among others) advertisement. In contrast, a spammer pays for his Internet connection (sometimes), and a pirated list of names. It's *my* ISP that has to take *my* money to install bigger facilities to handle all the junk mail that doesn't necessarily bring in a dime to *my* ISP.
I resent your sugar-coating the issue as much as I resent spam. The people who are sending me spam are not bringing me content, nor are they patrons of a better society. They are, instead, free-loading, greedy, opportunistic scumbags who will do anything to make a quick buck without having to work or pay for it. They are making *me* have to pay for *their* advertising, even if our only connection to each other is the fact they have *my* e-mail address (which they most likely gathered without my consent).
For the most part, I'm content simply to ignore the "Lose weight fast" and "Get out of debt now" spam sent my way. The ads that anger me are those for porn sites. I am a Christian, and I resent having my moral values attacked by some cheap sleazebag. I did nothing to merit the attention those spammer have given me. I resent their efforts, and all the more as children use the Net. In legitimate advertising, I can complain to the proprietor, or even take him to court. Slimebags are too ashamed to accept responsibility for their actions; they only want money. Like the roaches they are, they hide where they think I can't find them.
Re:Not always the case... (Score:1)
console mail reader like I do (mutt, elm etc.)
put lynx in your mailcap file to handle html mail
this doesn't do java, javascript, or images so
no problem
Re:Why web bugs are particularly evil (Score:2)
HTML email gets a bad wrap. The thing people forget about HTML is that it is, at its core, a semantic markup language. HTML provides meaning to otherwise flat text. Flat text forces the author of an email to use how an email will look to get across meaning. On the other hand, HTML clients, done properly, allow the reader to decide how something will look.
My dream is to have an HTML-aware client that accepts everything that is in the XHTML-Basic specification [w3.org]. XHTML-Basic allows basic semantic markup, disallowing presentational elements such as <font>, and uses CSS [w3.org] to provide presentation. However, the client can choose to ignore the CSS, if the user wants, leaving all presentational items up to the reader.
In summary, plain, flat text for mail is one of the worst things we are plagued with. It mixes meaning with presentation. The author is forced to decide presentation, which is one of the biggest evils of communication. Presentation should be decided on the reader's end, with the message only containing semantic meaning; HTML allows this.
for the time being there is a solution (Score:2)
This'll work for now.
========================
63,000 bugs in the code, 63,000 bugs,
ya get 1 whacked with a service pack,
aw man... (Score:1)
Re:URLS and advertising (Score:2)
Who's to say that "an ingenious marketer" is going to stop at just knowning your IP. Why not load a keystroke monitor or some other spyware? Then they could skip that annoying "attract the customer" and start charging your credit card directly (no fair patenting my idea either).
Marketing is an offensive weapon used against the consumer. If companies provided a good product at a fair price, the would inspire more brand loyalty than millons of marketing dollars. To often companies use marketing to foist unneeded and unwanted products on consumers (to say nothing of 'get rich quick' and other scams).