Tag Archives: privacy

News

A bug found in OS X Spotlight can compromise your privacy

Image Leave a comment

A glitch in the way Spotlight works on OS X can transmit private information such as your IP address to spammers. Discovered by the German technology site Heise, the bug appears to affect all OS X users who also use the default Mail.app to manage their email. Spotlight can endanger your privacy by not checking if the “Load remote content in messages” option in Mail.app is disabled and loading remote images anyway in the process of compiling relevant search results.

So how can the loading of remote images affect your privacy? Spam emails often contain web bugs called “tracking pixels” that get downloaded with other images embedded in an email. Once an email containing such a bug has been downloaded and opened, the tracking pixel notifies the server that the email has been successfully delivered and viewed. This is actually how read receipts work. But the information sent back to the spammer is more than just a mere read receipt. It can contain your IP address, browser information, OS X version and even the version of Spotlight you’re using. What makes matters even worse is that whenever Spotlight starts going through your mail, it will access every message – even the unopened ones in your Junk folder.

As of yet, there is no official response from Apple regarding the glitch.

spotlight-mail-and-messages

The best way you can protect yourself from this glitch is to disable the automatic searching of emails and messages in Spotlight’s preferences. To do so:

– Open your System Preferences via its dock icon or by going into Launchpad.

– Once it’s open, select the Spotlight section.

– Now leave the Mail & Messages option unchecked, it is number twelve in the list by default.

That’s it, feel free to close System Preferences. This solution is far from optimal since it will disable not only searching for emails, but for conversations in the Messages app as well. If that’s a deal breaker for you, you can opt for the alternative solution which is to use a 3rd party email client instead of the standard one.  Some of the better email client options for OS X include Airmail, Mail Mate, Postbox and Mail Pilot.

If you do decide to go down this path, make sure that Mail.app will no longer receive new emails. You can do this by going into the System Preferences, located on your dock and in Launchpad, and opening the Accounts section. Once it loads, click on every account there and make sure that if there is a Mail option, it is left disabled. You can also accomplish the same task by opening the Mail app, clicking on Mail in the menu bar and choosing Preferences. Then just switch to the Accounts tab and remove every registration by selecting it and clicking on the minus button.