|
|
OS X Spotlight search may share details with spammers, reports say
|
|
|
|
MacNN Staff
Join Date: Jul 2012
Status:
Offline
|
|
OS X Yosemite's incarnation of Spotlight is potentially sharing personal data with spammers and possible malicious parties, reports say. An option in Mail lets users turn off the loading of remote content in emails, something security experts recommend in order to avoid letting third parties track behavior. The new Spotlight can search through Mail messages alongside other sources, but in doing so will automatically load remote images, regardless of whether Mail is set to do so or not.
The flaw, likely to be a bug, can allow spam-sending parties the ability to monitor which IP and email addresses are receiving the junk mail, and how often a message has been viewed. That data could be pieced together with other content to paint a more detailed picture of targets.
The behavior was recently noticed by a German security publication, Heise, and confirmed by IDG News. Spotlight may even be overriding remote content blocking in other apps, but this remains to be tested.
Apple has yet to comment on the matter. It should, however, be possible for the company to patch more secure code into Yosemite.
(
Last edited by NewsPoster; Jan 10, 2015 at 07:36 AM.
)
|
|
|
|
|
|
|
|
|
Junior Member
Join Date: Apr 2000
Status:
Offline
|
|
How is this sharing personal info? Loading a remote image can only confirm data they already have by confirming receipt and viewing of the email... with the notable exception of the IP address, which is already exposed to every website a user visits. This doesn't "share" or "expose" anything.
Yes, disabling remote content is a good idea if you don't have adequate anti-spam measures in place - and, yes, having Spotlight override this preference isn't really cool... but, to say that Spotlight is sharing personal information with spammers is ridiculously misleading.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Aug 2001
Status:
Offline
|
|
Misleading, attention-grabbing headline. Cheap shot.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Apr 2007
Status:
Offline
|
|
@ lockhartt, it's unlikely someone would have visited the spammer website, so they wouldn't get your IP address otherwise. This way, it lets them fill in the blanks, turning an email address into a physical location. Useful for further targeted advertising.
It also confirms if your email is a valid address, and lets them know if writing spam a certain way produces a higher opening percentage. In all cases, letting remote images load produces more spam in the future.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|