Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Plaintext e-mail is awesome, not just because it's readable, but because it's not vulnerable to these sorts of attacks.

Incidentally, it's unfortunate that Sparrow doesn't have a 'force plain text' option. Even though I've checked 'prefer plain text', all Facebook e-mails are delivered in HTML. This might be a reason to switch back to Mail.app.



Doesn't gmail stop these attacks without needing to force plaintext only by simply disabling images by default?


Yes. There was a bug a few years back though where they would display attached SVG images. These images could actually contain javascript, which left it vulnerable to XSS.


Why is zzz90210's post dead? Everyone knows about tracking via images. I never considered something like bgsound, probably a lot of other people did not as well.

And it's the whole point of the article.


His post is dead because this comment he made: http://news.ycombinator.com/item?id=3662065

Took his karma negative, and once that happened his account was killed. As a new member you have to be careful about controversial statements until you build up a karma cushion.


I see, an indirect cause didn't occur to me.


The highly-upvoted mail-bug testing site in comments says gmail isn't vulnerable to bgsound - https://grepular.com/email_privacy_tester/


attacks? Run for your life, is mute-sound-email-tracking attack!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: