[mike-cardwell]

Yes. There was a bug a few years back though where they would display attached SVG images. These images could actually contain javascript, which left it vulnerable to XSS.

[aptwebapps]

Why is zzz90210's post dead? Everyone knows about tracking via images. I never considered something like bgsound, probably a lot of other people did not as well.

And it's the whole point of the article.

[ars]

His post is dead because this comment he made: http://news.ycombinator.com/item?id=3662065

Took his karma negative, and once that happened his account was killed. As a new member you have to be careful about controversial statements until you build up a karma cushion.

[aptwebapps]

I see, an indirect cause didn't occur to me.

[jongraehl]

The highly-upvoted mail-bug testing site in comments says gmail isn't vulnerable to bgsound - https://grepular.com/email_privacy_tester/