Sometimes, occasionally, maybe not very often, it is good to pretend you’re not there. Pretend you haven’t heard. Or ignore what just has been sent. Because you just don’t want to interact. Because you just don’t want to talk. Or because you just don’t want to reply. With regard to e-mails, however, your e-mail client might expose your reluctance against your will…
Last year, the CERN Security Operations Centre detected 27 CERN hosts contacting so-called "tracking domains"used for reconnaissance and associated with national state-sponsored actors. A CERN researcher was using a shady Google Chrome extension (installed from the official Google Chrome Web Store) for e-mail tracking, and sent a number of legitimate e-mails to many people and lists, via Gmail in Chrome. The shady Google Chrome extension silently added malicious HTML code to each of the e-mails sent via Gmail. As a result, the recipients who had not disabled "Remote Content Loading" in their e-mail client inadvertently visited the malicious tracking domains (see our corresponding monthly report). And it is this “Remote Content Loading” which, when enabled, exposes you to the e-mail sender, telling him or her that you at least opened that e-mail (and, subsequently, most likely read it).
If enabled in your e-mail client, the “Remote Content Loading” feature automatically downloads any embedded images, photos or similar content from a remote webpage once you open an e-mail with remotely provided content. Nice for those who like colourful texts. Or not, as this also implies that the remote site knows to whom to send that remote content, i.e. you, and can link this to the time when the content is loaded. Overall, this allows the remote site to know at which particular time you opened, checked out and read a specific e-mail…
Usually, lots of SPAM but also legitimate e-mail advertising campaigns (those to which you have subscribed) use this feature in order to better track and monitor your e-mailing behaviour, e.g. whether and when you read the e-mail. Even individuals can use that feature to learn quickly whether you read their e-mail even if you were not replying to it (e.g. by using that aforementioned Chrome extension). You can imagine how this can create conflicts: “I sent you that e-mail the other day.” “I haven’t received it…” “You DID actually!”…
Hence, in order to enhance your privacy, we suggest that you turn off the “Remote Content Loading” feature of your preferred e-mail client. Unfortunately, this is not the default for all e-mail clients, so it’s worth checking if you value your privacy: Kopano, Outlook, Thunderbird, MacOS Mail, iOS Mail app, Gmail and while you are at it, check also that the automatic sending of “Read Receipts” is toggled to off.
_____
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.