Thunderbird: Free Your InboxMay 9, 2023

By default, #Thunderbird automatically blocks images in your emails from being displayed -- because many of those images may contain tracking code.

(Sometimes these images are tiny "tracking pixels" you may not even see).

Take your protection one step further by installing #uBlock Origin to block all kinds of unwanted content in your RSS feeds -- it's now an official Thunderbird Add-on: https://addons.thunderbird.net/en-US/thunderbird/addon/ublock-origin/

#Privacy #Email

(EDITED FOR CLARITY)

uBlock Origin

Finally, an efficient blocker. Easy on CPU and memory. uBlock Origin (uBO) is a CPU and memory-efficient wide-spectrum content blocker that blocks ads, trackers, coin miners, popups, annoying anti-blockers, etc. in your feeds.

Show threadJohn DalMay 9, 2023
@thunderbird why would any image viewing software treat bytes in an image stream as code and then execute it? Really, I'm asking how do "tracking pixels" work?
Show threadcensored for “transphobia”May 9, 2023
@JohnDal @thunderbird I think TB botched the explanation. The images do not likely contain code. There was a jpg vuln at one point where malicious code in a jpg got executed, but my understanding of tracking pixels is that an image 1 pixel big is on a server with a filename that is /unique to your email msg/. So simply fetching the file is enough to tell the server you opened the msg.
Show threadcensored for “transphobia”May 9, 2023
@thunderbird @JohnDal So if my understanding is correct, i don’t think a tracking image can be distinguished from a legit image b/c there’s no way to know if the filename is unique to the msg you received & no way to know if the server is tracking fetches. IMO, mutt offers the best protection. it shows only text.
Show threadcensored for “transphobia”May 9, 2023
@JohnDal @thunderbird In principle, you should be able to safely show images that are included in the msg payload while refusing to fetch any msgs from the cloud. Not sure if any MUAs work that way though. It sounds like TB is relying on uBlock to decide what to fetch. But in that case it could only be making guesses based on reputation. But plz correct me if I’m wrong.
Show threadcensored for “transphobia”May 9, 2023
@thunderbird @JohnDal #Mutt can be configured to call a /sandboxed/ gui browser. The sandbox can be #firejail with the --net=none option. So mutt could send feed the attached images to the browser but force the browser to run offline. This would give you a way to see all the definitively harmless images while nixing all fetched images to ensure no tracking image exploits you.
Show threadJohn Dal
@koherecoWatchdog @thunderbird
Now that makes sense. Thanks!
May 9, 2023 at 1:44pmWeb