Image Privacy in Outlook

Office for Mere Mortals
Your beginners guide to the secrets of Microsoft Office
Invalid email address
Tips and help for Word, Excel, PowerPoint and Outlook from Microsoft Office experts.  Give it a try. You can unsubscribe at any time.  Office for Mere Mortals has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy

‘Click here to download images’ in Outlook may seem like a nuisance but it’s there for a good reason

Why does Outlook prompt you to download images with messages – instead of just getting them?

Outlook%20 %20download%20images%20prompt - Image Privacy in Outlook

The ‘Click here to download images’ may seem like a nuisance but it’s there for a good reason

It may seem that getting an image to display on an email or web page is an innocent and harmless thing, but it reveals more about your computer than you might expect.

To show what is disclosed simply by getting an image, we’ve made a special ‘image’ that displays some of the details sent by Outlook when you ‘Click here to download images’ .  The image will be included in this weeks Office for Mere Mortals.  Here’s an example:

Outlook%20%20info%20image%20example - Image Privacy in Outlook

A full explanation of the image contents is here.


What the????

Long time Office Watch readers probably won’t be surprised by what’s revealed in the special image. Years ago, Outlook security and privacy was a major concern and a big topic in Office Watch. But it seems some of the lessons from those times have been forgotten.

Back in the mid-noughties, Outlook had little Internet security. This was before Microsoft’s famous ‘conversion’ and starting to take security issues seriously.

It was quite possible to send an email which had links back to a hacker’s web site. The email could try to infect your computer simply by displaying in the Outlook preview/reading pane. All it needed was a tiny, almost invisible, 1 pixel image link.

Naturally this caused a lot of concern. Microsoft’s response was typical. Publicly the company downplayed the risk as much as possible while privately developers worked to plug the holes in Outlook. (To be fair to Microsoft, the Outlook email risk was mostly theoretical. There were plenty of code examples of how to infect a computer via an email but few, if any, ‘in the wild’ infections).

Since then, Outlook security has improved immeasurably. There’s now a proper Junk email and phishing filter to quarantine suspect messages. The internal software (engine) that displays emails is now restricted to block many hacking methods. Outlook 2007 and Outlook 2010 use a custom ‘engine’ so that hacks for Internet Explorer should not also work in emails.

However that doesn’t stop standard information about your and your computer being sent by Outlook, which is why images are blocked by default and each user gets the choice about whether to display them.


Your choice

The last line of defence is with each user. The ‘Click here to download images’ note lets you decide which web sites get information about you and your computer. It also warns you about tiny, almost hidden, images in what looks like a text message.

subs profile e1563205311409 - Image Privacy in Outlook
Latest news & secrets of Microsoft Office

Microsoft Office experts give you tips and help for Word, Excel, PowerPoint and Outlook.

Give it a try. You can unsubscribe at any time.  Office Watch has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy
Invalid email address