-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/18/2017 05:26 PM, Mirimir wrote:
On 04/18/2017 12:38 PM, Razer wrote:
Malicious hackers can use tracking pixels to help them gather intelligence for attack campaigns, both mass and targeted in scope.
<SNIP>
Well, prudent folk don't render HTML, or download embedded stuff :)
I haven't seen one of these in many moons. Decently designed mail readers that render HTML do not pull in remote content unless expressly directed to. "Normal" website based trackers use Javascript; it is transparent to the (naive) user and can harvest a much more detailed profile of the viewer's browser than that volunteered by HTTP request headers. Javascrpt filters that block calls for offsite scripts and halt execution of scripts embedded in HTML cover most of the JS surveillance vector. I do occasionally dissect web pages to see what they're made of, with special attention to spyware, but I have never seen a 1px "web bug" (yes, they have a name) in an HTML document. Not to say they can't be used, but as far as I can tell they rarely are. An option to block all 3rd party image content by default would be a good addition to a tool like NoScript. Many users would be shocked - SHOCKED, I TELL YA! - to learn how often they are visiting Cloudflare, Amazon, and image hosting sites like Photobucket or Imageshack while viewing "independet, owner operated" websites. :o) I do occasionally dissect -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJY9px2AAoJEECU6c5Xzmuq0g0IAMAr9n7mbDXL+wMuInw+9xk1 GXX21A14rrpTin/kiyDQ20QcuoJkMiLzhRkyG8qFdaInExxK7jQPqVOHZ6frD8KH /B+ShUo5HBGj4mUZiLXAYKjbkJ0CO3Zqqn0XeDaErQ2zOsovX2AqS1jdTs/67ITM PoipIOVf8dOVBXu2bdlfHFvXeGCKEN6q9Aq30miKP0e1hEAJBinS8SlFH7+3q9XX h6/mnnxlqXZmSMN1A0ovPqOagVUwwDYdN+d5gWwCOZhIxETFXOfWVyTym0b8i85o LDs8VpA3QpiHR/KoNja5NC+mnA9K4joThjSqpPH/vOk62CkD7zsyzzY3S2DOamY= =6ZhE -----END PGP SIGNATURE-----