Today, checking my email via Outlook Web Access, I noticed a difference in how graphic inserts are handled in the email viewing window.
Say you insert a link to a picture in your email from a public unencrypted web site. When you open the message in OWA on IE7, you would get the following window asking if you want to deliver the non-secure information (i.e. pictures embedded in email):
If so, you click “Yes”. I’ve learned this habit.
Now, I’ve upgraded my laptop to IE8 and have started using OWA. All was great at first, and then I received an email with graphics in it. Specifically, graphics not as inserted attachments, but linked to external non-secure sources. So, I click the “show pictures” link on the email header and get this message:
Instead of reading the lovely dialog box, I make the assumption that the behavior has been unchanged in the dialog box and click “Yes” thinking that I will then see the pictures. Alas: that is not to be the case. I can now only see place-holder images for the duration of my session.
At first, I thought there was a bug in IE8 and its communication with OWA. But, it is instead a “user error” of assumption. An assumption that the questions asked by similar dialog boxes has not changed. This assumption is wrong.
My interpretation of this button is that it went from “Yes – show me the pictures anyway” to “Yes – don’t show me the pictures”.
While I personally think this is somewhat silly, I can only assume that the developers have decided to default on the side of security – which is usually a good thing. Of course, the other side of the coin is that this behavior has changed since the IE8 betas (at least as far as I can remember) and I’m not the only one who has been having this problem.
All this goes to show that we all need to read the dialog boxes.
You know what happens when we assume…
I for one like the change a lot. The old default didn’t say "it's OK to remove the protection from the pictures that don’t really need protection." It said, "Forget about securing this channel anymore – it really doesn’t matter." In the short term it
might mess up some sites (like
https://www.verizonwireless.com/) but hopefully it will drive good behavior.