Tell HN: ProtonMail enabled setting to autoshow embedded/remote images

This feature set is a little complex, so I may be getting the sequence of events a little wrong. As of sometime in roughly the last day:


- the ProtonMail web app will automatically show you embedded and remote image content in HTML messages. (New behavior.)


- "Trackers" will be removed, and presumably not processed at all. (Existing behavior.)


- ProtonMail will proxy the remote content for you. (Existing behavior.)


The settings to do so are:


  - Messages and Composing

  -- Auto show embedded images (automatically enabled with this change)

  - Email Privacy

  -- Auto show remote images (automatically enabled with this change)

  -- Block email tracking (I had this enabled already but they probably also automatically enabled it.)

These settings are present in the beta and regular channels for the web app. I somehow had beta channel enabled, so I'm not sure if these settings would have been automatically enabled for non-beta users.

This is the (now incorrect) documentation for what these features did before this change:


https://ift.tt/4fMKSy8


As of this submission, the page looks pretty much identical to this snapshot:


https://ift.tt/ql4rzDu


Here's a reddit thread about it as well:


https://ift.tt/OuCDcAx


Archived just now:


https://ift.tt/9thek65


Tracker removal and remote image proxying were apparently already happening if you had "Block email tracking" enabled AND you chose to load remote images. From comments in the reddit thread, it's possible that the proxies are only fetching the remote content when you open the message. This is both good and bad. Good because it might indicate that the content of the messages is not accessible until your client decrypts it. Bad because it tells the sender that you viewed the content, and when. The cached image is also not encrypted in ProtonMail's infrastructure.


Furthermore, ProtonMail's tracker identification mechanism is flawed. Some messages say that several trackers were removed, but I have several recent messages with blatantly obvious 1x1 tracking pixels in their source that their tracker warning does not pick up on.


And in what appears to be the worst problem here, the reddit thread shows that some people in the beta experience DID have their client IPs exposed to the message sender.



Comments URL: https://news.ycombinator.com/item?id=33375424


Points: 3


# Comments: 1






from Hacker News: Front Page https://ift.tt/kMb4VJe

via IFTTT

Comments

Post a Comment

Popular posts from this blog

Intentional dark pattern by Coinbase or just terrible UI?

Intentional dark pattern by Coinbase or just terrible UI? 2 by jjeaff | 0 comments on Hacker News. I recently needed to check a past transfer to confirm that I was sending some crypto to the same wallet address. In the past, the last few transactions showed up on the "Pay" page. They have since renamed "Pay" to Transfers or something like that. They no longer show past transactions, so I went down a rabbit hole of searching through the app, couldn't find it, then had to google it and found a help page for Coinbase. There is a link in the article to coinbase.com/reports (I can find no way to get to it from the web app except by following the link from the help article.) Once there, you can select the date ranges you want and generate a transaction report in PDF or CSV and then you have to wait a bit while it generates the report for you to download. What kind of UI craziness is this? A user's transaction history is such a basic feature, I can't imagine c...
Read more