Photobucket Replaced My CEO's Email Signature With a Sleeping Cat

[danieljurek]

Best practices aside (like NEVER host email images from a 3rd party), this would be hilarious if we weren't trending on AngelList. :P

My CEO, Brian, uses a picture of himself in his email. The image is hosted here: http://i49.tinypic.com/2uol63m.png (tinypic is a Photobucket company)

Looks lively, attentive, and friendly... right?

Gmail image cache of the image returns a cat: https://ci6.googleusercontent.com/proxy/se_iEEzdxzy1wRbMk8xXJhM7C7jqp2RyINhqPoq8Ybbn4P6yi0FqdB9RXMq-iat9ut2pNofWz7o=s0-d-e1-ft#http://i49.tinypic.com/2uol63m.png

Not the same person...

Now Brian's emails (including emails to investors and all previous emails he's sent) contain a cat sleeping on a couch instead of a goofy smiling face.

Dig into the guts of the problem: When you visit the image (http://i49.tinypic.com/2uol63m.png) with a browser, you get Brian's smiling face. Download the same image with wget and you get a sleeping cat! Looks like Photobucket/tinypic is changing what they return based on headers and Gmail image cache doesn't send the same headers as my browser.

IT GETS WORSE!!!!

Another image in Brian's email signature (which used to look like his name signed in cursive), has ALSO been replaced with a selfie containing quite a bit of cleavage!

Lesson learned: those "unique" image file name hashes are actually recyclable!

[patio11]

This sounds like an attempt by Photobucket to avoid people abusing their system in an automated fashion to build scraping sites -- if you get a psuedorandom photo from their collection every time you use an agent other than a common browser, that thwarts people's intentions but doesn't raise any obvious flags until they put a human in the loop. (You can, of course, circumvent this by having your wget say "No, I'm Chrome! Honest!" or using a headless chrome instance, but simple tripwires like this cut down script kiddies by 90%+ in some circumstances.)

This happens to interact quirkily with your boss' decision to use PhotoBucket as a CDN for his email and Google's recent implementation of the Gmail image caching feature.

[danieljurek]

That would be a pretty awesome way to troll scrapers!

We've had Gmail image caching turned on for a while and these images just started showing up like this today... it seems like Photobucket/tinypic just swapped the images out from under us a couple hours ago. Brian has been sending emails with these images for at least a year.

Also, I feel slightly responsible for not enforcing good practices... never occurred to me to investigate how he was putting those images in his emails.

In other amusing news, I want to check this out without Google image caching... but first need to sign up for a non-google hosted email address since I forgot the password to my Yahoo mail account from all those years back.

Update:: I used a disposable email box that doesn't do Gmail image caching, we're getting the same results:

https://www.dropbox.com/s/arzmt2kcpqovrnd/Screenshot%202014-...

[Brian_Curliss]

If anyone has any idea how we can fix this, I'd love to not have to explain to all the investors/customers why I am messaging them pictures of cleavage..

[patio11]

Hiya $FOO,

Just dropping you a quick note to apologize for the image attachments in my earlier email. Due to a bug with some third party software, you might have gotten someone else's image attached in lieu of my signature. I'm told some people saw some images which weren't appropriate in a professional context. Sorry if that happened to you, too.

We've taken steps to prevent this in the future. If you're interested in the full details see $URL.

Startups, what an adventure right? Anyhow, would still love to chat about $REDIRECT_THE_TOPIC if you've got a minute. $CLOSE

Regards,

$YOU

[k3oni]

I can't find the link to his signed name, i think you forgot to add it :).

Anyway, maybe use this link http://oi49.tinypic.com/2uol63m.jpg . Just tried it using wget and i get his pic.

Edit: Just tried wget on the original link and i get his pic fine, not the cat. This is using wget form a Centos 6+ server.

[danieljurek]

I left out the cleavage image because it behaves slightly differently..

wget results:: When requesting the JPG, you get boobs: http://i50.tinypic.com/1ddlg.jpg

When requesting the PNG you get the signature: http://i50.tinypic.com/1ddlg.png

The real problem is that all previous emails sent now display cleavage and a cat (arguably two of the more popular things on the internet) instead of the correct signature images we had before we went to dinner. We can fix emails moving forward, but it's hard to take emails back.

[jackgolding]

png just gave me boobs NSFW :(

[Gigablah]

Both links gave me the signature. I am slightly disappointed.

I blame Brian.

[danieljurek]

Sorry. Everyone should be careful with these. I can't control tinypic... no idea what they'll return under any circumstances.

[jackgolding]

No worries, no harm done mate!

[danieljurek]

Update: The images APPEAR to have flipped back to normal somehow... I'm having Brian put his images on a server we control from now on (just in case it happens again). So hopefully we don't risk offending our partners/customers/investors again. This has been an amusing 16 hours.

[tvtime15]

That cat ISN'T Brian!?

[danieljurek]

I used stack things around him while he's sleeping (before we finally got separate bedrooms)... but he doesn't normally look THAT catlike.

[mikedmerrill]

What the? Why is that?