Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

OS X Spotlight Glitch Exposes IP Addresses and Other System Details to Spammers

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,286
39,096



A privacy glitch in Spotlight search for OS X may leak private details, including IP addresses, to email spammers. The flaw was first reported by German tech news site Heise and replicated in tests performed by IDG News Service.

spotlight-search.png
The issue affects OS X mail users who have followed conventional security recommendations to turn off the "load remote content in messages" option in the Mail app. This setting prevents the loading of remote content such as images, including "tracking pixels" that are used by spammers to harvest information when people open an email.

A glitch arises when OS X Mail users utilize Spotlight search in OS X, which includes emails in the search results. Spotlight ignores the remote content block preference from Mail and loads the remote email files as part of the search process. Once Spotlight loads one of these tracking pixels, spammers can glean details such as the IP address, OS X version, browser details, and the version of Quick Look being used.
The Spotlight preview loads those files even when users have switched off the "load remote content in messages" option in the Mail app, a feature often disabled to prevent email senders from knowing if an email has arrived and if it has been opened. What's more, Spotlight also loads those files when it shows previews of unopened emails that landed directly in the junk folder.
Click to expand...
Currently, the only way to block this information leak is to block Spotlight from including emails in search results entirely by opening System Preferences and unchecking the "Mail & Messages" option for Spotlight. Apple has yet to comment on this Spotlight privacy glitch.

Article Link: OS X Spotlight Glitch Exposes IP Addresses and Other System Details to Spammers
 
Article Link
https://www.macrumors.com/2015/01/09/os-x-spotlight-glitch-spammers/
Oh for goodness sake, don't let them know my version is Yosemite and what browser I'm using! And, *gasp*, the version of QUICK LOOK?! This is an outrage.

/s
 
joshwenke said:
Oh for goodness sake, don't let them know my version is Yosemite and what browser I'm using! And, *gasp*, the version of QUICK LOOK?! This is an outrage.

/s
Click to expand...

I don't think you understand what the article means.

Let me explain. If you block the tracking pixel from loading, the spammer will never realize that you received the email, and may eventually stop sending them. If they do realize that you receive the email, then they can get your IP address, know that the email address is valid, cross reference your purchasing habits with your IP address, and target you specifically with Facebook ads.

That's a major gaping privacy hole in OS X that needs to be patched.
 
Am I the only one that rarely uses Spotlight? Don't get me wrong, I love spotlight especially the revamped one in 10.10. However, I just don't think about Spotlight when launching an application or searching for files. I mostly just hit the Launchpad shortcut on my keyboard and use the terminal for searching for/in files.

I guess I just need to force myself to use it more often and hopefully after a while I'll launch more by reflex.
 
I'm going to go back to using Alfred I think.

This new Spotlight has been rubbish for me - it seems to ignore the ordering I have for results (I want bookmarks top) and if I open the wrong file via Spotlight search, it remembers it so when I search again, even though the file I opened doesn't explicitly match my search and another file does, it lists the wrong file at the top. It shouldn't remember it just because I did it once!
 
Another reason not to use the crappy mail app. Now I know why I have always stuck to using the webmail interface.

Will Apple ever get their act together and overhaul the damn app and actually make it usable?
 
thejadedmonkey said:
I don't think you understand what the article means.

Let me explain. If you block the tracking pixel from loading, the spammer will never realize that you received the email, and may eventually stop sending them. If they do realize that you receive the email, then they can get your IP address, know that the email address is valid, cross reference your purchasing habits with your IP address, and target you specifically with Facebook ads.

That's a major gaping privacy hole in OS X that needs to be patched.
Click to expand...

Do you think that Spammers have any form of Mail Send filtering at all. They send billions of mails. Facebook ads - what... how they doing that then? Even i they can... who gives a crap... I am not clicking on any. Major is pushing it I think. Slightly annoying at best.
 
Oops.

Seems pretty minor to me.

If I had to guess, I would say that finding the email in Finder and Quick Looking it will probably have the exact same issue where it ignores the settings in Mail (after all, it's a Mail setting, not a system wide setting.)

The proper remedy is probably to make it a system wide setting where you have to set it in the Settings app, and then make Mail and Finder and Spotlight obey it (and probably have every other mail client from a 3rd party ignore it. I feel like 3rd party developers tend to ignore most system settings.)
 
BlendedFrog said:
Another reason not to use the crappy mail app. Now I know why I have always stuck to using the webmail interface.

Will Apple ever get their act together and overhaul the damn app and actually make it usable?
Click to expand...

You're comment is hilarious! LOL Webmail like Gmail and Yahoo is often a worse offender and gives all kinds of info away. try again HAHAHA!
 
MacRumors said:
[url=http://cdn.macrumors.com/im/macrumorsthreadlogodarkd.png]Image[/url]


A privacy glitch in Spotlight search for OS X may leak private details, including IP addresses, to email spammers. The flaw was first reported by German tech news site Heise and replicated in tests performed by IDG News Service.

The issue affects OS X mail users who have followed conventional security recommendations to turn off the "load remote content in messages" option in the Mail app. This setting prevents the loading of remote content such as images, including "tracking pixels" that are used by spammers to harvest information when people open an email.

A glitch arises when OS X Mail users utilize Spotlight search in OS X, which includes emails in the search results. Spotlight ignores the remote content block preference from Mail and loads the remote email files as part of the search process. Once Spotlight loads one of these tracking pixels, spammers can glean details such as the IP address, OS X version, browser details, and the version of Quick Look being used.Currently, the only way to block this information leak is to block Spotlight from including emails in search results entirely by opening System Preferences and unchecking the "Mail & Messages" option for Spotlight. Apple has yet to comment on this Spotlight privacy glitch.

Article Link: OS X Spotlight Glitch Exposes IP Addresses and Other System Details to Spammers
Click to expand...

Dumb question, though perhaps the article should've said this, but is this unique to Yosemite or are other versions affected? It sounds like it's unique to Yosemite, but further clarification here would be great.
 
Sorry but its getting brutal how buggy apple operating systems are getting. Yosemite still having wifi issues?

I miss the day when both ios and osx were rock solid. If Android and someone starts coming out with PC's of better build quality than plastic junk I'd have to seriously think about jumping ship. with my next purchases. Surface pro keeps getting lighter and peaking my interest to replace my Macbook.
 
ArtOfWarfare said:
Oops.

Seems pretty minor to me.

If I had to guess, I would say that finding the email in Finder and Quick Looking it will probably have the exact same issue where it ignores the settings in Mail (after all, it's a Mail setting, not a system wide setting.)

The proper remedy is probably to make it a system wide setting where you have to set it in the Settings app, and then make Mail and Finder and Spotlight obey it (and probably have every other mail client from a 3rd party ignore it. I feel like 3rd party developers tend to ignore most system settings.)
Click to expand...

Did you not read post #4?
 
thejadedmonkey said:
Let me explain. If you block the tracking pixel from loading, the spammer will never realize that you received the email, and may eventually stop sending them.
Click to expand...

And little piggies may fly as well. Why would they bother when itsa trivial portion out of who knows how many millions of emails?.

----------
DarkCole said:
Well thanks for the heads up, I've unchecked the setting in Spotlight.
Click to expand...

and you'll now find your emails look like ****** and you'll be switching it back on soon :D
 
Yet another reason why Little Snitch is my favorite tech tattletale.
 
Last edited:
I do not use Spotlight and actively dislike having it enabled. The only thing I've kept selected in the Spotlight list is "Mail and Messages" because I was told (post-ML) that this was needed in order to be able to use searches in the Mail app. Is this true, or can I disable Spotlight altogether as I'd prefer to do and still be able to search from within the Mail app?
 
As I've said before in other threads. Regardless of whether or not this is "harmful" to some or all - if there's a security issue and it's known, it should be fixed. End of story. No judgement. Simple as that.
 
Tumbleweed666 said:
And little piggies may fly as well. Why would they bother when itsa trivial portion out of who knows how many millions of emails?.

----------



and you'll now find your emails look like ****** and you'll be switching it back on soon :D
Click to expand...

Do you primarily receive wallpapers and greeting cards for your emails?

And that the leaked information may not seem of consequence to you, does not detract from the fact that this is indeed a security hole that should be brought to Apple's attention and patched.
 
This is a minor bug. What percentage of users actually disable displaying remote images in HTML emails? Probably not many (<1%). Most commercial emails link to remote images and disabling the images take away most of the email content. So why be signed up for legitimate emails if the content isn't there? Overblown... Comical how people jump on minor things just to complain.
 
thejadedmonkey said:
I don't think you understand what the article means.

Let me explain. If you block the tracking pixel from loading, the spammer will never realize that you received the email, and may eventually stop sending them. If they do realize that you receive the email, then they can get your IP address, know that the email address is valid, cross reference your purchasing habits with your IP address, and target you specifically with Facebook ads.

That's a major gaping privacy hole in OS X that needs to be patched.
Click to expand...

That is actually very untrue. The majority of the spam computers that send out those spam emails have no way of monitoring your specific email account. They don't track if the email is valid, either. If they get a bounce back saying the email doesn't exist, they still continue to send repeated emails. They also aren't going to waste the time calculating "if you opened your email and read the ad", they're going to send you continual ads regardless.

Scam pixels are often used just for overall statistics, like "20% of the people we send ads to are in this part of the world using this version of OS X".

This would also require that a DIFFERENT version of the spam pixel is loaded for each email, so they could uniquely target each person they send the email to. It's much more cost-efficient to just send out mass emails, rather than track each of the millions of emails individually.
 
BlendedFrog said:
Another reason not to use the crappy mail app. Now I know why I have always stuck to using the webmail interface.

Will Apple ever get their act together and overhaul the damn app and actually make it usable?
Click to expand...

I use mail app, and I love it.
 
Workaround from german magazine

German Heise magazine released a workaround:

DisableMail.qlgenerator uses a trick: The Quick Look plug-in handles the rendering of e-mail files in Spotlight. It thus prevents the system plug-in is loaded. DisableMail include only a plist file but no executable code. As a result, can not be loaded and OS X, use the default viewer or a plug-in that feels also responsible, as the QLStephen above the plug-in.

http://www.heise.de/newsticker/meld...atenschutzpanne-in-OS-X-Yosemite-2514653.html
 
aren't most of these so called troublesome emails meant to be in the spam/junk mail folder anyway?

just have spotlight ignore the junk folder
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back