I take it by your lack of response that you're just going to ignore this bug report and leave your users exposed to the privacy issue.

Here's a Youtube video I created of it happening: https://www.youtube.com/watch?v=P30Qi2MSbUQ

I'll be blogging this up unless it's acknowledged and fixed.

I assume that once you've fixed the bug you'll be contacting all of your users to let them know that they've been exposed to this privacy flaw. At least the ones that may have disabled remote content at some point.

I just tested Tutanota and it does not have the same bug that skiff has. I think you must be having trouble understanding what the bug is. In skiff, even if you choose to not load remote images, when you view an email that has remote images, although it doesn't show the images, it does fetch them. I look at my web server logs, and I can see it happen. Emailprivacytester.com also shows it happen. I have tested this several times now.

I do not know what your difficulty is. Perhaps you should pass this on to somebody more technical than yourself at your organisation who can actually understand and diagnose the problem.

Also. Since you used Tutanota as an example. From https://tutanota.com/security

> by default, does not load external content from other servers (pictures and videos in emails). The user can choose to have external content shown with a single click or tap, if they trust the sender.

So there you go. An email company that does not load images by default. Whereas the default setting for Skiff is to load images automatically. So in this respect, Tutanota puts "privacy first" and Skiff doesn't.