email tracking

Discussion in 'privacy general' started by luv2bsecure, Sep 1, 2004.

Thread Status:
Not open for further replies.
  1. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    I've been on the fence about this issue of email tracking services. Until today. I think this column by Andrew Brandt at PC World says it all:

    Privacy Watch: New Services That Peep Into Your Inbox

    Two companies track recipients' handling of any message that carries a snippet of HTML code.

    Andrew Brandt
    From the October 2004 issue of PC World magazine


    "You sent me an e-mail? My spam filter must have zapped it."

    Lots of us have used this line, and chances are that a few times, like when the message was a bunch of lame jokes from Uncle Morty, it wasn't the absolute truth. But the excuse won't work anymore if Uncle Morty starts using one of the new services that track whether you got an e-mail and what you did with it.

    These services, from MsgTag ($20 with a free trial) and DidTheyReadIt ($50 per year, with a free trial), insert a small piece of HTML code into outgoing messages. When the recipient opens the message in an HTML-compatible e-mail client such as Outlook or Outlook Express, or with a Web-based mail service like Hotmail, either service can track the message.

    Both MsgTag and DidTheyReadIt can tell senders when the message was received and when it was opened. DidTheyReadIt goes a few steps further, allowing the sender to find out how long the message window was left open and whether a message was forwarded.

    <edit snip>

    But does that concern justify empowering people to snoop into your e-mail reading habits? In some circumstances, these services could be downright dangerous. DidTheyReadIt grabs the IP address of the computer you use to open an e-mail message, and then uses that address to determine your location, right down to the city you're in. The service "gives you the location [of the recipient] and a link to MapQuest," Rampell says. Imagine how helpful this would be to a predatory adult who's in e-mail communication with a child.

    The entire article is here.

    Thoughts?

    John
    Luv2BSecure

    .
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Of course, spammers have been putting uniquely coded image links into their email messages for a long time now. They'd then scan their webserver logs in hopes that people would read the spam in an HTML enabled mail client, which would reach out to that webserver with the unique coded URL. The benefit to the spammers was that it proved that the email addresses were valid and being actively read. All the same principles apply there, too. The spammer would also know the IP address of the system where the email was read, unless a proxy was used, from which they could locate (within the limits of WhoIS information availability) the user.

    I guess the disturbing thing in this new development is that most people on the web don't have the resources themselves to set up this kind of tracking for their personal emails. So these services let them "join the club" in tracking emails and the recipients.
     
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks for the article John,

    I think it's creepy. A spammer's dream service. It is an invasion of privacy.

    I wonder, would a secure email client like Mozilla Thunderbird in Original HTML mode stop the tracking?
    Thunderbird has 3 modes: Plain text, Simple HTML, and Original HTML.
    Neither mode allows scripts or pictures by default.
    Would it still be able to track me? Maybe through accessing a CSS file or something?

    Also, how accurate are those IP location traces? The ones I've used only give you the general part of the country and are not very specific.
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Actually, spammers wouldn't use these services directly, their volumes are far too high (in the hundreds of thousands or millions of emails in relatively short periods of time). They would use their own webservers to track spam messages as I mentioned in my reply. This service is more about allowing normal home users to track messages, determine if they've been read, and all the rest.

    It's all about the email client acting as a web browser and resolving embedded links. If it pulls remote web objects from the tracking service's webserver then it reveals the information mentioned. If it doesn't render the remote located objects then no tracking occurs.

    However, a web filter (like a product that kills webbugs) or a software firewall can easily defeat this type of thing and still allow you to read and render HTML email messages if you really want to. (I once posted my Outlook Express configuration in Zone Alarm Pro, which prevents this completely. Most any software firewall can do the same thing.)

    They are only as accurate as the WhoIS information related to the IP address range assignment. Some ISPs have very accurate and detailed information available for their IP address ranges, while others have very non-specific information. I've seen people post about how their IP address resolves right to their home town, and others post that the same locator service showed their IP address as being some 1000 miles away from where they really were.
     
  5. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thank you LowWaterMark.
    That answers all my questions. :)
    If I want to see how to block these type of tracking measures with TB, I could test the trial and see specifically what HTML code they are using and what embedded objects are being linked to. Because I could track the test message to myself, I could see if it would work.
     
  6. Acreepything

    Acreepything Guest

    I'm not familar enough with Thunderbird, but isn't there a mode that allows it to stop remote loading all objects? In any case, I know Pegasus does, and I recall that once someone claimed on the mailing list that Pegasusmail does not protect you from such services.

    Could never prove it though.
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    I use dull, boring Calypso in the text mode. It receives html mail and breaks it down to text. Other objects are on the side if you want to open them.

    It also has an encrypted address book so no viruses can stick their nose in it and "borrow" the contents.
     
  8. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    XP sp2 blocks all these tracking bits in emails by default

    also a good firewall set properly will prevent an email phoning home to say it's been read
     
  9. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thunderbird by default has block loading of remote images checked and Javascript disabled. It doesn't specifically have an option for blocking all objects, so I wonder if that leaves a loophole for other objects like external css and others. Maybe it blocks all objects and was just worded incorrectly. You could test out Pegasusmail with the free trial to see if you can block it.
     
  10. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Ronjor,
    I like the encrypted address book feature. When it shows the "Other objects" on the side, did Calypso already download and just not open, or does it download only after you open them?


    dvk01,
    Thank you.
     
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    They are downloaded with the message and split off to the side.

    Calypso has been purchased by Rose City Software and renamed Courier. Calypso is still available.

    Calypso was involved with doubleclick at one time. People found out and the spyware was removed with apologies from MCS Dallas.

    http://10xshooters.com/calypso-free/

    http://www.rosecitysoftware.com/courier/
     

    Attached Files:

  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Another showing how the mail looks.
     

    Attached Files:

  13. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    But if the pictures are already downloaded with the message, then spammers will be able to track you. Unless the other objects list on the side are only references to the objects (the embedded links). In that case, the pictures would not have been actually downloaded unless you click on the object.
    Which way do you think Calypso/Courier handles this?
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    As long as you don't use the .htm or a link, I don't see how they could garner info.

    You are warned before you open a monitored file type. And you can add whatever type you want.

    I would think a bigger problem would be your email address in a persons Outlook program that has been compromised.


    http://10xshooters.com/calypso-free/quick-start.htm
     
  15. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Okay thanks Ronjor, I think I understand know.
    If you stay in plain text mode you are fine, it won't download any of the linked files. But if if you allow HTML emails in Calypso and open the .htm, it will download the pictures.
     
Loading...
Thread Status:
Not open for further replies.