[olliej]

This post repeats the false claim that link previews in messages provide attacker controlled network loads.

They do not.

The page preview included in Messages is created on the sender side. On those occasions the sender can't create a preview you get a "click to load preview" message instead of a preview with the url. In other words, nothing more than just sending the url in the first place. I'm curious what "disabling link previews" actually means in lockdown.

[refulgentis]

I'm a bit confused, aren't you describing that the attacker controls the network load? The preview is created by the sender?

[olliej]

When you receive a link that has a preview, at least in Messages, what you get is the true url and an image that was created on the sender side. There is no networking unless you tap the link. If you tap the link then you've tapped the link and of course tapping links loads them.

Hence I want clarification on what is involved here.

[edit: s/server/sender/]