About the image showing your hidden info

About the special ‘Hidden info’ image included in Office for Mere Mortals.

As part of an article on Outlook security Office-Watch.com made a special ‘image’ that displays, within an email, some system information sent by Outlook to the Internet.

This image was included in Office for Mere Mortals for Monday 25 July 2016 .

There’s nothing new in all this – we’re merely showing you something about Outlook and the Internet that is usually hidden away. It shows the importance of Internet security even for getting images to display in an email.

The image looks different each time, depending on their computer, software, settings and the time. Here’s an example:

As you can see, it shows:

• Your operating system
• Outlook or browser version
• Language setting
• Approximate location – city, country, longitude and latitude.
• How many times the image has been displayed on that software
• When the image was last displayed – using a cookie.

All using the information sent by your computer to request an image to display in Outlook or your browser.

The information is important — for example, knowing your OS and browser allows hack code to be targeted to a specific vulnerability.

Live Version

Here’s a ‘live’ version of the image which shows the details sent by your browser to get this web page.

 This image is different for each person who sees this page.

The privacy implications of cookies are well known for browsers but not well appreciated for emails.  With a cookie, a company can track your web usage from the moment you display images in an email.   They can use that info to send follow up emails, change web pages to ‘push’ you to a particular product or category among many things.

Notes:

• This little image trick intended to show that information is out sent merely by displaying a linked image in Outlook. We’ve added options to show some other browser details, but not all; there are far too many.
• Similarly, there’s waaaay too many email programs out there to detect them all.  Non-Outlook email programs will probably show the browser details instead.
• It will detect that you’re seeing the image on an iPad, iPhone or Android device. It’s possible to get more details than we have displayed, like type or version of device.
  • If you view the message in webmail you’ll see the details of the web browser used (IE, Firefox, Chrome etc).  Look at the same message in Outlook 2007/2010, you’ll see Outlook details.

    For example a user_agent code:
    “Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727;SLCC2;.NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Microsoft Outlook 14.0.6117; ms-office;MSOffice14)”
    is changed to read
    “Outlook 2010 64-bit with SP1 and patches to build 6117“.

• Instead of showing the large block of computer code sent, we’ve teased it apart and shown details in plain language.
  • Only Outlook 2007 and later can be detected from the information sent. Outlook 2003, Outlook 2002 (XP) and prior versions share the Internet Explorer engine to display emails. There’s nothing in the ‘user_agent’ information sent that can distinguish Internet Explorer from Outlook using IE.
  • Outlook 2007 and Outlook 2010 wrongly show ‘MSIE 7.0’ in it’s user-agent string.  This is wrong because Outlook 2007 uses a special internal browser to display messages, not Internet Explorer.
  • Outlook 2003 with IE v8 or 9 on the same computer will show as having IE v7. That’s because Outlook 2003 with Internet Explorer v8 or v9 works in ‘IE7 compatibility mode’ so it rightly sends user agent info as if it were IE 7.
• During testing we found errors as large as 140km from the real location as well as many with no location details (shown as ‘undisclosed location’).
  • Internet Service Providers tend to apply the same broad location setting to a range of their IP addresses.
  • If you’re using a VPN link then the location will be waaaay off. http://www.ip-api.info/.
• The language setting is sent by your browser or Outlook. Most likely comes from the Regional setting in Windows though some browsers, like Internet Explorer, can override that.
  • Many ‘English’ computers are installed with the ‘English (US)’ setting (the Windows install default) instead of being changed to the specific English type (UK, Canada, New Zealand etc).
  • In other cases there’s no language setting sent, in that case ‘English US’ is assumed by most web servers.
  • In common cases, we’ve tweaked the language code (eg ‘en-NZ’) into something more or less readable (eg ‘Ennzed English’ .).
• To refresh the image in the preview/reading pane, switch to another Outlook message then switch back to the one with the dynamic image. Your computer might cache the original image, especially if the message is displayed in a browser. Check the server time minutes/seconds to see if the image is updated.
• The ‘times displayed’ and ‘Last Visited’ items are created using a cookie dropped on your computer. Only those two details are saved in the cookie.
  • The cookie is different for each program you display an image on a computer.  So you’ll see a different count in the same message shown in Outlook or a webmail browser on the same machine.
• The background color is random and has no special significance.
• The IP address is essential for any Internet communication and is not a security lapse.  It’s the ‘return address’ used by the web server to send a web page or image to the computer that asked for it.
• The image link is to some ASP.net code which takes the incoming request info and makes up an image.  The image is then sent as the response “image/jpeg” instead of the usual “text/html’ web page).