I want to avoid spy pixels.
It does display them as HTML but it does not download external images like tracking pixels by default.
But AFAIK an HTML itself can contain a dangerous script, or am I missing something about this ?
1 Like
HTML on its own is just a method for formatting text/images. It contains instructions like "Make the following text bold, include an image there, etc. . Scripts are something different and are disabled completely in K-9 (as they should be in every email client) - scripts don’t have to be dangerous, though. This forum uses tons of scripts to show the live preview of the typed message, for example. Scripts are mostly a problem in web-based email clients where all messages share the same browser window. In K-9, messages are separated from each other because of how they are displayed.
The only thing that could happen are tracking pixels where the sender of the email gets to know that you actually looked at the email. It’s a privacy issue but I wouldn’t call it “dangerous”. If you disable loading images, K-9 no longer loads images that need to be fetched from an external server. Therefore, tracking pixels are not loaded. Images that are actually sent together with the email are still shown because they are not a privacy problem.
4 Likes
Amazing, thanks for the detailed explanation.
Hate to bump an old thread, but is there any plan to allow a user to disable HTML rendering of emails?
It’s not just “tracking pixels”.
While yes, HTML 2.0 basically just adds some formatting, the truth is HTML has grown way beyond this basic utilitarian purpose. HTML and CSS basically function as a whole application environment, complete with all the attack vectors that go with them.
For sure, you can disable JavaScript (it is disabled in the email viewer isn’t it?) and seriously knobble CSS to ensure that only the bare minimum in functionality remains, the truth is that HTML today carries with it much in the way of unnecessary risk from accidental information disclosure through to full-on system compromise (ANU breach anyone?).
I’m old fashioned, and prefer my emails be in plain text only. Much harder to pull a stunt like…
<a href="http://example.com/nasty.html">http://example.org/safe.html</a>
… when you can see the URI in clear text! And because of the relative simplicity of plain text, it is a lot easier to sanitise, the worst you have to worry about is some exotic use of Unicode. (Okay, there’s recent news about people choosing funny “slashes” to hide things – HTML only makes this harder to spot.)
Thunderbird supports doing this (even if its plain-text view gets some things wrong, notably with Apple Mail emails, it at least offers it)… and since K9-Mail is likely to later become “Thunderbird for Android” at some point in the future, it only makes sense also to remain feature-compatible.
1 Like