From DailyTech: Anonymity is one layer of protection on the internet. In recent years agressive marketers, spammers, and phishers have turned to a trick known as "web bugs" -- remotely hosted images embedded in webpages or emails -- to check the exact time a user opens an email and to check the IP address associated with that email.
While some users may not care about this form of tracking, to high profile targets (e.g. politicians, business leaders, etc.) revealing their IP address can put them at high risk. For that reason email clients like Google Inc.'s (GOOG) Gmail and Microsoft Corp.'s (MSFT) Outlook allow users the ability to disable loading images embedded in HTML-formatted email.
Apple, Inc. (AAPL) also appears to give users this option. A check box in the Mail app's options describes "Load remote content in messages" with the warning "Email messages may contain images or content stored on remote servers". The savvy/concerned user will uncheck this box.
But according to security firm Intego, the option is ultimately rendered useless thanks to the overzealous implementation of Apple's Spotlight search app/service. The bug had also been noted by news service IDG's ITWorld, according to Intego.
In its current form, unless the user disables Spotlight from indexing content, the service will poke around through all the user's local files including emails. When it gets to an email it looks inside for any embedded images. And critically it ignores the Mail app's permissions regarding remotely hosted content, requesting that content from the remote servers with or without having permission to do so.
View: Article @ Source Site
