{"id":1113,"date":"2018-11-19T10:47:48","date_gmt":"2018-11-19T15:47:48","guid":{"rendered":"https:\/\/langa.com\/?p=1113"},"modified":"2018-11-19T10:47:48","modified_gmt":"2018-11-19T15:47:48","slug":"a-reader-asks-is-allowing-images-in-email-a-security-risk","status":"publish","type":"post","link":"https:\/\/langa.com\/index.php\/2018\/11\/19\/a-reader-asks-is-allowing-images-in-email-a-security-risk\/","title":{"rendered":"A reader asks: Is allowing images in email a security risk?"},"content":{"rendered":"

Reader J from Pittsburgh asks:<\/p>\n

“Some time ago, I set up Outlook to not show images in incoming emails, as a security measure. But it’s a pain in the butt, since in so many emails most of the content is in the images — and so often the sender doesn’t include a link to see the same info on a web page. So the question is: am I helping my security enough to justify the inconvenience? Hoping for enlightenment… Thanks, J”<\/em><\/p>\n

Images in email can<\/em><\/span><\/strong> be a threat, but this risk is quite small\u00a0for most normal users in most normal circumstances.<\/p>\n

It wasn’t always so. Image encoding formats can and have been compromised; and over the years, a series of hacks and cracks for popular image formats (e.g. jpg<\/strong>) have emerged. There was a rash of image-security concerns around 2004-2005; another about five years later; and another around 2014-2015.<\/p>\n

There also were problems with email clients that would generate automatic preview\/thumbnails of attached\/embedded images: The email client software might open and process a maliciously-encoded image before you — the recipient — had any say in the matter.<\/p>\n

And there was a third set of issues where an email-sender could use the opening of an image (even if otherwise harmless) as a way of determining that the email was processed at your IP address.<\/p>\n

Each round of security issues — and especially the early ones — led to recommendations for blocking all images in email as a \u201cbest practice\u201d for maximum online security. If the images aren\u2019t let in, they can\u2019t do any harm.<\/p>\n

That still holds: Blocking images embedded in or attached to email will eliminate virtually all risk from such items. That still is the very safest way of handling email.<\/p>\n

But, as you say, it’s an inconvenient pain in the butt. Plus, each round of past security issues led to the known flaws being patched; and to image viewers and anti-malware apps knowing how to spot potential trouble in the images they process. Images just aren’t that much of a threat-vector anymore.<\/p>\n

As a result, I think the \u201cno images in email\u201d rule mostly makes sense only in situations where there’s a known and nontrivial likelihood of some kind of malfeasance or cyberattack — such as with corporations that receive large quantities of email from the public; for some governmental email accounts; or from similar cases.<\/p>\n

IMHO, most normal, private users have little to fear from routine email images. If you employ normal security measures such as having good, up-to-date, full-time anti-malware running; not opening attachments or accepting downloads from unknown sources; making regular, complete backups; and so on; you’ll likely have no image-related security trouble.<\/p>\n

If you worry about advertisers knowing that you looked at their emails, you still may want to turn off the image-preview\/thumbnail function in your email client.<\/p>\n

But a blanket \u201cno images in email\u201d rule is probably overkill for most users. (It is for me: I allow images and image-previews in my email clients.)<\/p>\n

In short: If your routine PC security apps and practices are in good order, I think you can re-enable your email images with negligible additional risk.<\/p>\n

Permalink: https:\/\/wp.me\/paaiox-hX<\/a><\/em><\/strong><\/small><\/small><\/p>\n

\n

Want free notification of new content like this? Click here<\/a>!<\/strong><\/p>\n

Have a comment? Want to ask Fred a new question? Click here!<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Reader J from Pittsburgh asks: “Some time ago, I set up Outlook to not show images in incoming emails, as a security measure. But it’s a pain in the butt, since in so many emails most of the content is in the images — and so often the sender doesn’t include a link to see…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[7,10],"tags":[],"class_list":["post-1113","post","type-post","status-publish","format-standard","hentry","category-a-reader-asks","category-science-and-tech"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paaiox-hX","jetpack-related-posts":[{"id":758,"url":"https:\/\/langa.com\/index.php\/2018\/10\/17\/a-reader-asks-should-i-factory-reset-a-phone-that-previously-belonged-to-someone-else\/","url_meta":{"origin":1113,"position":0},"title":"A reader asks: Should I factory reset a phone that previously belonged to someone else?","author":"Fred Langa","date":"2018-10-17","format":false,"excerpt":"Q: Should I factory reset a phone that previously belonged to someone else? (via Quora) A: Yes, absolutely! You have no way of knowing what might still be on the phone... spyware, malware, traces of illicit images or activity, whatever. I suggest you reset the phone before you plug in\u2026","rel":"","context":"In "A reader asks..."","block_context":{"text":"A reader asks...","link":"https:\/\/langa.com\/index.php\/category\/a-reader-asks\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":212,"url":"https:\/\/langa.com\/index.php\/2018\/08\/29\/a-reader-asks-how-do-i-recover-save-my-phones-internal-storage-before-doing-reset\/","url_meta":{"origin":1113,"position":1},"title":"A reader asks: How do I recover\/save my phone’s internal storage before doing Reset?","author":"Fred Langa","date":"2018-08-29","format":false,"excerpt":"Q:\u00a0How do I recover\/save my phone's internal storage before doing Reset?\u00a0 (via Quora) A: It depends on where\u2019s the data stored --- but should always be relatively easy to do. 1) If the data is on a plug-in\/add-on memory card, recovery is trivially simple: Turn off the phone, remove the\u2026","rel":"","context":"In "A reader asks..."","block_context":{"text":"A reader asks...","link":"https:\/\/langa.com\/index.php\/category\/a-reader-asks\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2342,"url":"https:\/\/langa.com\/index.php\/2019\/03\/15\/a-reader-asks-is-it-enough-to-disable-the-driver-for-the-camera-on-my-laptop-and-to-put-tape-over-it\/","url_meta":{"origin":1113,"position":2},"title":"A reader asks: “Is it enough to disable the camera driver for my laptop, and to block the lens?”","author":"Fred Langa","date":"2019-03-15","format":false,"excerpt":"Reader Steven Clifford Cohen asks: \"I disabled the driver for the camera on my laptop. I also put tape over it. Is that enough?\" Enough to prevent video-based snooping, sure. But opaque tape alone would do that; a camera can't see through an opaque object, period. However, if you're really\u2026","rel":"","context":"In "A reader asks..."","block_context":{"text":"A reader asks...","link":"https:\/\/langa.com\/index.php\/category\/a-reader-asks\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/langa.com\/wp-content\/uploads\/2019\/03\/webcam-covers-1.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/langa.com\/wp-content\/uploads\/2019\/03\/webcam-covers-1.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/langa.com\/wp-content\/uploads\/2019\/03\/webcam-covers-1.jpg?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":1312,"url":"https:\/\/langa.com\/index.php\/2018\/12\/11\/a-reader-asks-do-i-risk-damage-to-my-hard-disk-if-when-i-travel-i-keep-it-in-my-bag\/","url_meta":{"origin":1113,"position":3},"title":"A reader asks: “Do I risk damage to my hard disk if, when I travel, I keep it in my bag?”","author":"Fred Langa","date":"2018-12-11","format":false,"excerpt":"You can safely transport a hard drive if you avoid the three main classes of \"things that can kill a hard drive:\" Avoid physical shocks: make sure the drive won't be dropped, stepped on, knocked, or otherwise banged about.Avoid temperature\/humidity extremes: Keep the drive dry, at human-comfortable temperatures, and in\u2026","rel":"","context":"In "A reader asks..."","block_context":{"text":"A reader asks...","link":"https:\/\/langa.com\/index.php\/category\/a-reader-asks\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":782,"url":"https:\/\/langa.com\/index.php\/2018\/10\/19\/a-reader-asks-how-much-open-space-does-a-drive-really-need\/","url_meta":{"origin":1113,"position":4},"title":"A reader asks: How much open space does a drive really need?","author":"Fred Langa","date":"2018-10-19","format":false,"excerpt":"Reader Liz G asks (via the CONTACT link) how much open space a drive really needs: I know installed hard drives need 15% breathing room. How about portable external hard drives? I have 7 Western Digital drives ranging in size from 500GB to 2TB and the only thing on them\u2026","rel":"","context":"In "A reader asks..."","block_context":{"text":"A reader asks...","link":"https:\/\/langa.com\/index.php\/category\/a-reader-asks\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2493,"url":"https:\/\/langa.com\/index.php\/2019\/03\/28\/a-reader-asks-are-my-old-deleted-yahoo-e-mails-stored-somewhere-on-the-hard-drive-can-i-recover-them\/","url_meta":{"origin":1113,"position":5},"title":"A reader asks: “Are my old, deleted Yahoo e-mails stored somewhere on the hard drive? Can I recover them?”","author":"Fred Langa","date":"2019-03-28","format":false,"excerpt":"Maybe \u2014 but probably not. It depends on how you set things up. Most web\/cloud-based email services (not just Yahoo) live almost entirely on their host servers, not on your PC. In a typical default setup, your browser accesses your web\/cloud-based email and displays it locally (on your PC); but\u2026","rel":"","context":"In "A reader asks..."","block_context":{"text":"A reader asks...","link":"https:\/\/langa.com\/index.php\/category\/a-reader-asks\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":false,"_links":{"self":[{"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/posts\/1113","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/comments?post=1113"}],"version-history":[{"count":7,"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/posts\/1113\/revisions"}],"predecessor-version":[{"id":1120,"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/posts\/1113\/revisions\/1120"}],"wp:attachment":[{"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/media?parent=1113"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/categories?post=1113"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/tags?post=1113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}