iMessage Preview Problems; leak your location by receiving a text message

tl;dr iMessage now previews links automatically<p>&gt; The updated iMessage loads the link preview and in essence clicks the link for you! That’s what irks us with this, the choice. OK we might not stop people clicking links anytime soon but Apple have taken this very choice away from us and facilitate the information leakage. The very act of receiving an SMS message can reveal your rough geographic location, your cellular operator, your current WiFi network.

<p><pre><code> &gt; Early 2016 we were the first company in the UK to offer &gt; SMShing services. These SMS messages are like phishing &gt; emails and contain a pretext alongside a link within the &gt; message. When a mark receives an SMS message and clicks the &gt; link a host of details are available to us. </code></pre> This kind of thing happens with email too. In Apple Mail you can disable the loading of external contents. Does anyone know in detail how the preview in iMessage work?

Sending the requests from the client is probably not the most secure idea. Requests should be proxied through a cloud server on Apple&#x27;s end to reduce the security risk of these previews.

Incidentally, I received a bit of iMessage spam this weekend that I looked into. Was a series of 302s to an affiliate link. So this is actively being used right now for financial gain.

Apple should fetch the data via their servers instead of the clients&#x27;. It leaks way too much information.

Many comments are in regards to fixing this feature. I think this is one of those situations where the feature (previewing links) is not a good idea in the first place, or at least do not enable it by default.

What&#x27;s wrong with web hosts nowadays? a few 100 users and everything dies.<p>Cached: <a href="https:&#x2F;&#x2F;webcache.googleusercontent.com&#x2F;search?q=cache%3Ahttps%3A%2F%2Ftheantisocialengineer.com%2Fimessage-preview-problems%2F&amp;ie=utf-8&amp;oe=utf-8" rel="nofollow">https:&#x2F;&#x2F;webcache.googleusercontent.com&#x2F;search?q=cache%3Ahttp...</a>

I find myself thinking a recent story of an middle eastern human rights activist who&#x27;s iPhone was attempted hacked via a sms url. He avoided it by not tapping the url. I do wonder if this preview &quot;feature&quot; will help automate future attacks.<p>It seems that whenever we try to make software helpful we produce more problems.

it also happens on the macOS and there is no way to disable it.

Well it&#x27;s possible to disable imessage right?<p>Go to settings &gt; messages &gt; and disable iMessage.<p>That should be a temporary fix right?

imessage won&#x27;t auto-load previews until you ask it to do it the first time.