Prevent Geary for fetching remote content

Hardware Librem 5
1

Normally I read my mail on my FreeBSD laptops and on the L5 with the MUA mutt (www.mutt.org). Today I configured Geary to give it a try.

As I do not see anything in the Preferences: Will it block by default the fetching of remote content in HTML (…) mails?

UPDATE: This feature, disable of fetching remote content, is an absolutely MUST HAVE, Imagine an incoming mail with this HTML body asking you in German in this case for a phone call the next day, not even providing a phone number, but a link to a so called one pixel image with the only purpose that the sender knows the mail addr is valid and the receiver opened the mail (I invalidated the domain addr of the URL):

<!DOCTYPE html>
<html>
<head><meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="format-detection" content="telephone=no">
	<title>Rückrufbitte für Montag, 03.01.2022</title>
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
</head>
<body>
<p>Guten Tag,</p>

<p>w&uuml;rden Sie mich am Monatg (03.01.2022) bitte einmal zur&uuml;ckrufen?</p>

<p>Vielen Dank vorab,</p>

<p>Patricia Meyer</p>

<p>&nbsp;</p>
<img src="http://www.XXXXXXXXX.com/ostat.php?link=115_02_04_11A_B1958-20-01-ED3AF60B048E0F3BD1846C91949DAA2C-987A85BB16A5D6959C" border="0" style="width:1px;height:1px;" alt="" /></body>
</html>

Where is the git page of this project/software Geary?

2 Likes
2

The geary Privacy Policy says:

  • Images and videos in email messages that are loaded from remote third-party services are not retrieved by default, to prevent third-party tracking via these “web bugs”. If you choose to selectively allow remote resource loading for a specific email or for a specific sender, then in the future remote resources for those will be loaded by default and may allow you to be tracked.

If that is not true, you might want to read https://wiki.gnome.org/Apps/Geary/ReportingABug which also links to their issue tracker https://gitlab.gnome.org/GNOME/geary/-/issues

3

I’ve read this too and the implementation described is: once you have clicked (by intention or accident) on a link, it is enabled for this mail addr or remote server (and they can track you). On my Ubuntu mobile, remote content is disabled (as configuration option) and you get asked always if or not you want allow fetch the remote content for the given mail visible on screen:

screenshot20220103_175839621
screenshot20220103_175839621540×960 102 KB

4

I think it is highly desirable but not all features are available right now. Rome wasn’t built in a day. (I definitely use this feature frequently on my desktop but that is using Thunderbird for email i.e. I have Thunderbird configured to block all remote content by default, and I selectively allow loading of remote content, and Thunderbird remembers what I have allowed.)

I too had a look on the internet and the information available about how Geary works, regarding this particular issue, is confusing. So I am interested if you get any clarification.

Imagine? I don’t think we have to imagine - because this is a real issue every day. :wink:

Because Geary lacks POP support, for the moment on my Librem 5 I am only accessing a subset of my mail accounts - and those are “trustworthy” internal work-related email accounts - with industrial strength security and filtering before email even gets into my mailbox. So I am not majorly concerned that we don’t seem to have control over loading remote content.

I wonder whether you could use application-specific firewalling at least to block all remote content from Geary?