Tracker pixels are surprisingly commonly used by legitimate senders… your bank, your insurance company, any company you patronize. These assholes hide a 1-pixel image in HTML that tracks when you open your email and your IP (thus whereabouts).

I use a text-based mail client in part for this reason. But I got sloppy and opened an HTML attachment in a GUI browser without first inspecting the HTML. I inspected the code afterwards. Fuck me, I thought… a tracker pixel. Then I visited just the hostname in my browser. Got a 403 Forbidden. I was happy to see that.

Can I assume these idiots shot themselves in the foot with a firewall Tor blanket block? Or would the anti-tor firewall be smart enough to make an exception for tracker pixel URLs?

  • @Zachariah
    link
    62 months ago

    As long as your graphical email client has the loading of remote images turned off, the tracking pixel won’t be visited.

    Most/Many email software has this be default or can be enabled: Thunderbird, iOS Mail, FastMail app and website, etc.

    Text-based email is cool though. My college had us using Pine back in the day.

    • @[email protected]OPM
      link
      fedilink
      3
      edit-2
      2 months ago

      I suppose you could even say text-based clients are at a disadvantage because when we opt to render the HTML graphically, a full-blown browser is launched which is likely less hardened than something like whatever profile and engine Thunderbird embeds.

      In my case I created a firejailed browser with --net=none so I could hit a certain key binding to launch the neutered browser to render an HTML attachment in a forced-offline context— but I was too fucking lazy to dig up what keys I bound to that which is why I (almost?) got burnt.

      • @[email protected]
        link
        fedilink
        21 day ago

        Good idea to open HTML attachments in an isolated browser. I normally open them in lynx but sometimes it doesn’t work as intended.

        For any (neo)mutt users out there, you can configure this quite nicely by defining your MIME handlers in ~/.mailcap:

        text/html; firejail --net=none [...]
        

        Then bind your Enter key to open attachments via mailcap:

        bind attach <return>    view-mailcap
        
        • @[email protected]OPM
          link
          fedilink
          1
          edit-2
          21 hours ago

          In neomutt I ended up customizing the print function. So if I “print” an attachment, it launches a script that runs wkhtmltopdf inside firejail --net=none followed by rendering in Firefox (also inside firejail --net=none), so I get an instant isolated firefox view as well as a PDF.

          I’m happy with that replacement because I would never want to send something straight to a printer anyway. I would want to preview before printing. And the print function is documented right on the screen when looking at attachments, so no key binding to try to remember.