|
Joementum posted:Google is going to start allowing Gmail to display forms with postbacks inside the email there's no way that this will be abused
|
#
?
Feb 13, 2018 22:25
|
|
|
|
| # ? Jun 1, 2024 19:07 |
|
|
https://twitter.com/zackwhittaker/status/963219939845959681
|
|
#
?
Feb 13, 2018 22:25
|
|
|
Hey, so I was thinking: what if we put dynamic content in legal agreements?
|
|
#
?
Feb 13, 2018 22:31
|
|
|
theres a simple solution to forms in emails and that's to block emails with forms in them
|
|
#
?
Feb 13, 2018 22:40
|
|
|
Shaggar posted:theres a simple solution to forms in emails and that's to block emails with forms in them that’s where you’ll be foiled by the inevitable rise of easy-to-use E2E e-mail encryption Potato Salad posted:Hey, so I was thinking: what if we put dynamic content in legal agreements? I think it’s called “new precedents”
|
|
#
?
Feb 13, 2018 22:44
|
|
|
Take legal documents, hash them, and put them in the block chain. But, actually.
|
|
#
?
Feb 13, 2018 23:04
|
|
|
just make Twitter the only legal form of communication imo
|
|
#
?
Feb 13, 2018 23:28
|
|
|
this is gonna be the next antivaxxing guarantee you, this is it
|
|
#
?
Feb 13, 2018 23:30
|
|
|
Joementum posted:Google is going to start allowing Gmail to display forms with postbacks inside the email the phishing potential is gonna be hilarious
|
|
#
?
Feb 13, 2018 23:36
|
|
|
Main Paineframe posted:the phishing potential is gonna be hilarious "Important Documents Enclosed! Enter your username and password to show the full email!"
|
|
#
?
Feb 13, 2018 23:48
|
|
|
i work for an edm provider and i can't wait to  quote:All network requests must be proxy-able to ensure that user anonymity is preserved now we can reliably track opens/views in gmail without relying on the user allowing image loading
|
|
#
?
Feb 14, 2018 00:57
|
|
|
Joementum posted:"Important Documents Enclosed! Enter your username and password to show the full email!" Don't kinkshame Watchdox
|
|
#
?
Feb 14, 2018 01:00
|
|
|
Angela Merkle Tree posted:good thing it's impossible to generate recipient-specific links yeah, the first thing i thought when i read that was "uhhh, they know mail merge exists...... right?"
|
|
#
?
Feb 14, 2018 01:09
|
|
|
Angela Merkle Tree posted:i work for an edm provider and i can't wait to like someone skrillex tier or or someone more obscure
|
|
#
?
Feb 14, 2018 01:32
|
|
|
infosec alex jones
|
|
#
?
Feb 14, 2018 02:50
|
|
|
Cocoa Crispies posted:like someone skrillex tier or or someone more obscure
|
|
#
?
Feb 14, 2018 02:55
|
|
|
NyetscapeNavigator posted:infosec alex jones
|
|
#
?
Feb 14, 2018 03:08
|
|
|
Cocoa Crispies posted:like someone skrillex tier or or someone more obscure into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood into the blood
|
|
#
?
Feb 14, 2018 03:14
|
|
|
Cocoa Crispies posted:like someone skrillex tier or or someone more obscure lmao
|
|
#
?
Feb 14, 2018 03:45
|
|
|
we almost called our app "buzzword EDM" until i mentioned this would happen lol e: actual acronym is "electronic direct marketing" which is a nice way to say "legally-compliant spam"
|
|
#
?
Feb 14, 2018 03:59
|
|
|
rjmccall posted:into the blood this made my day like a beggar’s dog tasting the wind
|
|
#
?
Feb 14, 2018 04:41
|
|
|
I though gmail always fetched the images whether or not the user showed them or opened the email, and then rewrote the links to reference their proxy cache. wouldn’t they do something similar here?
|
|
#
?
Feb 14, 2018 08:45
|
|
|
Potato Salad posted:Take legal documents, hash them, and put them in the block chain. I literally went to a meeting where this was being touted yesterday. as usual, it's nothing anyone couldn't do already if they wanted to (but nobody does) but with blockchains!!! edit: if you bolted a REST service onto Git it would do exactly what they were talking about, I should build my own and call it gitChain Powerful Two-Hander fucked around with this message at 12:04 on Feb 14, 2018 |
|
#
?
Feb 14, 2018 12:01
|
|
|
Subjunctive posted:I though gmail always fetched the images whether or not the user showed them or opened the email, and then rewrote the links to reference their proxy cache. wouldn’t they do something similar here?
|
|
#
?
Feb 14, 2018 12:07
|
|
|
just checked and yeah that's deffo what google does. the images are cached and then loaded via something like https://mail.google.com/mail/u/0/?u...38b17&zw&atsh=1 edit: that link is from one of my e-mails but it disnae matter as they require auth
|
|
#
?
Feb 14, 2018 13:05
|
|
|
Powerful Two-Hander posted:if you bolted a REST service onto Git it would do exactly what they were talking about, I should build my own and call it gitcoin ftfy
|
|
#
?
Feb 14, 2018 13:27
|
|
|
Subjunctive posted:I though gmail always fetched the images whether or not the user showed them or opened the email, and then rewrote the links to reference their proxy cache. wouldn’t they do something similar here? I think they're only fetched once you open the email. So spam senders can still tell if you opened it and when, but not get your origin IP or cookies. It was a halfway privacy measure so they could switch image loading on by default.
|
|
#
?
Feb 14, 2018 13:28
|
|
|
mrmcd posted:I think they're only fetched once you open the email. So spam senders can still tell if you opened it and when, but not get your origin IP or cookies. but if google caches the images when the mail is received, not when the mail is opened...?
|
|
#
?
Feb 14, 2018 13:47
|
|
|
https://twitter.com/paklonginvul/status/961694761580036096
|
|
#
?
Feb 14, 2018 13:48
|
|
|
I think the AMP stuff will last just long enough to goatse the entire gmail userbase.
|
|
#
?
Feb 14, 2018 13:58
|
|
|
Penisface posted:but if google caches the images when the mail is received, not when the mail is opened...? Yes I'm saying they don't do that. At least, that's what this quote:Using cached images is a fine idea for Gmail, but it has the potential to mess with open tracking for ESPs. Fortunately, MailChimp can still detect the first request for the open-tracking pixel. This won’t interfere with the count of “unique opens” you get in your reports, but it could prevent us from seeing multiple opens per subscriber. Maybe it's changed since then. I don't actually care enough to find out.  edit: It could also be motivated entirely by capacity than preserving open rates for marketers. There's possibly a lot of dormant gmail accounts and spam that's never opened out there, and you can't keep the cache around forever on the hope they might request it. mrmcd fucked around with this message at 14:06 on Feb 14, 2018 |
|
#
?
Feb 14, 2018 14:02
|
|
|
Penisface posted:ftfy forked already I see!
|
|
#
?
Feb 14, 2018 14:45
|
|
|
from what i observed google only fetches when you open the message. there's zero reason for them to retrieve and cache images upon message receipt because i'm pretty sure the gmail app doesn't download messages by default so why bother when the user may immediately archive/delete the message?
|
|
#
?
Feb 14, 2018 15:04
|
|
|
https://twitter.com/enigma0x3/status/963832760224894981 https://twitter.com/hexwaxwing/status/918227574106607616
|
|
#
?
Feb 14, 2018 18:57
|
|
|
I guess that's a vulnerability but its bypassing one of 3 or 4 prompts the user has to ignore to get the payload to launch. at that point you'd probably be better off sending them an actual executable.
|
|
#
?
Feb 14, 2018 19:30
|
|
|
lmao i signed up for IHG's (holiday inn's parent comany I guess?) dumb rewards program because it cuts like $20 from the price of the room and when creating an account instead of a password you pick a 4 digit numeric pin  i sure hope the credit card info i had to enter to book the hotel isn't tied to that! e: holy crap it sent me a separate email to thank me for "updating" each individual field on the sign-up form i filled out to create the account, this site is amazing Shame Boy fucked around with this message at 20:00 on Feb 14, 2018 |
|
#
?
Feb 14, 2018 19:49
|
|
|
better make it the same as your ATM pin, just to be safe
|
|
#
?
Feb 14, 2018 19:54
|
|
|
the most important thing about defense in depth is that it lets you justify a weakness in any layer, until you discover too late that they can be made to line up
|
|
#
?
Feb 14, 2018 20:24
|
|
|
Subjunctive posted:the most important thing about defense in depth is that it lets you justify a weakness in any layer, until you discover too late that they can be made to line up That's a tad cynical, at least for people who really do defense it's so that one of those weaknesses doesn't totally loving you everytime.
|
|
#
?
Feb 14, 2018 20:32
|
|
|
|
| # ? Jun 1, 2024 19:07 |
|
|
Schadenboner posted:I mean, if it were "Mine coin for us while you read this story" and it were well-behaved and respectful of the reader's computer and it reliably hosed-off after the tab was closed I wouldn't even be against it. ya in theory i think its actually pretty smart but in reality probably lol
|
|
#
?
Feb 14, 2018 20:37
|
|
