Apple's OS X Spotlight found to ignore e-mail privacy settings
Mac owners who regularly make use of OS X's built-in Mail application and Spotlight search should take care when searching through e-mail messages, as Spotlight's preview functionality has been shown to ignore Mail's remote content settings and could inadvertently transmit unintended data to email senders.
When a Mail user searches for and selects an e-mail message in Spotlight, the preview pane automatically loads and renders images embedded in HTML e-mails. Disabling Mail's "load remote content in messages" setting does not prevent this from happening, according to IDG News Service.
Most e-mail marketers track the downloading of images included in their messages, which allows senders to analyze open rates and collect basic subscriber information like IP address and browser version. Spotlight's automatic previews could expose this information even for users who are cognizant of the practice and attempt to disable it.
It should be noted that this functionality does not expose any information that would not otherwise be transmitted if the e-mail and images were opened in Mail or any other e-mail reader, such as Google's Gmail, though it could prove concerning for privacy-conscious users.
Until Apple addresses the issue, users can work around it by removing e-mail messages from Spotlight results. To do this, navigate to System Preferences → Spotlight and uncheck "Mail & Messages" in the list.
When a Mail user searches for and selects an e-mail message in Spotlight, the preview pane automatically loads and renders images embedded in HTML e-mails. Disabling Mail's "load remote content in messages" setting does not prevent this from happening, according to IDG News Service.
Most e-mail marketers track the downloading of images included in their messages, which allows senders to analyze open rates and collect basic subscriber information like IP address and browser version. Spotlight's automatic previews could expose this information even for users who are cognizant of the practice and attempt to disable it.
It should be noted that this functionality does not expose any information that would not otherwise be transmitted if the e-mail and images were opened in Mail or any other e-mail reader, such as Google's Gmail, though it could prove concerning for privacy-conscious users.
Until Apple addresses the issue, users can work around it by removing e-mail messages from Spotlight results. To do this, navigate to System Preferences → Spotlight and uncheck "Mail & Messages" in the list.
Comments
One annoyance I find In Mavericks --- right-clicking on an email to identify it as spam/junk should not result in the loading of that email, it should immediately disappear to the Junk folder unread.
Just my opinion.
/s
I guess we'll see if it gets patched up in a subsequent OS update.
Then again, at least Apple actually has meaningful privacy settings.
/s <---- Hey, I can do that too! ;-)
They are too busy thinking of, and building, new features for their annual OS updates, that is turning everyone numb.
So, QA is understaffed and overworked and didn't run this security check.
Or, it was an acceptable bug to go out at shipping.
Sticking to web-based email access...
"Most e-mail marketers track the downloading of images included in their messages, which allows senders to analyze open rates and collect basic subscriber information like IP address and browser version. Spotlight's automatic previews could expose this information even for users who are cognizant of the practice and attempt to disable it.
It should be noted that this functionality does not expose any information that would not otherwise be transmitted if the e-mail and images were opened in Mail or any other e-mail reader, such as Google's Gmail, though it could prove concerning for privacy-conscious users."
So close to a non-issue and with the fix of simply deleting the thing without opening EVER. Then deleting the trash. Which I do regularly anyway. A point to iOS then where a swipe to delete doesn't open the message.
I guess we'll see if it gets patched up in a subsequent OS update.
Then again, at least Apple actually has meaningful privacy settings.
/s <---- Hey, I can do that too! ;-)
Then you are being sarcastic when you write, "at least Apple actually has meaningful privacy settings”?
Spotlight in Yosemite features a window that cannot be resized, and when you click on a document, it does not show you where the document is located. How is that supposed to be considered searching for a document when it fails to tell you where it is located? You have to scroll down to the bottom and then double-click Show in Finder, and then find the document again in the window that appears. Then it will show you the location at the bottom of the window after you click on the document yet again. The previous version of Spotlight did a better job telling you where the file was located, which is supposed to be the point of Spotlight.
So are there better third-party search utilities out there?
Sticking to web-based email access...
Yeah, like that is considered secure? Good luck with that.
Spotlight in Yosemite features a window that cannot be resized, and when you click on a document, it does not show you where the document is located. How is that supposed to be considered searching for a document when it fails to tell you where it is located? You have to scroll down to the bottom and then double-click Show in Finder, and then find the document again in the window that appears. Then it will show you the location at the bottom of the window after you click on the document yet again. The previous version of Spotlight did a better job telling you where the file was located, which is supposed to be the point of Spotlight.
So are there better third-party search utilities out there?
I understand the frustration, I had this same issue for a while too.
Found the remedy now though, when you want to open the result in finder rather than open the result itself, hold cmd and double click it.
Yes it does !!!. What are you smoking?
I do not see remote content when the setting is off in mail preferences. Is there something going on that I can not see? Anyway there is a nice little box in the top left corner that lets me "Load Remote Content" for each individual email in the preview pane if I so choose.
LOL
I don't think he was but 'compared to what and who?' ... That's the question. Compared to Google and Microsoft? My answer would be 'Hell yes Apple has privacy settings!'
I understand the frustration, I had this same issue for a while too.
Found the remedy now though, when you want to open the result in finder rather than open the result itself, hold cmd and double click it.
Good tip to know...takes you right to the file in the Finder. It would be nice to make the search window larger, especially on a 27" screen.
I understand the frustration, I had this same issue for a while too.
Found the remedy now though, when you want to open the result in finder rather than open the result itself, hold cmd and double click it.
Whoa, nice! And just holding command at least shows you the path so you can see which copy of something you're looking at before opening.
sherlock was better
nothing that little snitch can't fix - now my spotlight does what its supposed to do - show me files on my mac that contain or are named what i'm searching for
if i wanted to search the web for stuff, i'd just google it or ask siri - they ruined spotlight in yosemite
this ranks up with the 'improved' green 'zoom' gumdrop that enters full screen mode with its annoying 'slide' visual transition.
everytime that happens, it's another 3 seconds of my life i'll never get back (ok, 6, because I have to turn off full screen mode again)
and please spare me the syncophatic rants about how apple UI is teh shiny - time to spend less money on stock buybacks and more on UI refinements that actually save time and accomplish useful work.
I have no doubt that this can be turned off with a terminal command, but couldn't for one second tell you how to do it...
The new Spotlight can find references within my emails and contacts and works perfectly. If yours doesn't, then perhaps you could rebuild the database and retry, if still not working perhaps you have directory or catalog damage on your disk. Disk Warrior is excellent for disk catalog repair as is TechTools Pro.
That said, a lot of people I know have found the new Spotlight difficult to use. One suggestion is turn off its web searching for a while so as to be able to focus on the disk search and realize how to see the Finder results. I agree the interface can be confusing and overwhelming. Apple need to look again at the results interface. I agree about it needing to float.
By the way you can still do the simple Finder only search by using the 'Search' box in the top right of most Finder Windows..
Commenting from a Mavericks-users perspective, it appears that the decision to saddle Jony Ive with both the hardware and UI for iOS and OS X has been a big mistake. Ive himself previously admitted (in a videotaped interview with Vanity Fair) that he had no interest in graphic design, something essential to understanding user interaction and usability issues. IOS 8s minimalist aesthetic is a fine idea, but it has been amateurishly implemented in a haphazard fashion. I really wish they brought in a seasoned UI designer to balance the load for Ive and think through user-centric solutions for our products. We need form and function, technology and liberal arts.
I never use Spotlight, it's trash. cmd F for me, every time.