SoylentNews is people
SoylentNews
from the dont-track-me-while-i'm-tracking-you dept.
wired runs this story on how 'email open' tracking is becoming more ubiquitous than someone would like
"I JUST CAME across this email," began the message, a long overdue reply. But I knew the sender was lying. He’d opened my email nearly six months ago. On a Mac. In Palo Alto. At night.
I knew this because I was running the email tracking service Streak, which notified me as soon as my message had been opened.
...
There are some 269 billion emails sent and received daily. That’s roughly 35 emails for every person on the planet, every day. Over 40 percent of those emails are tracked, according to a study published last June by OMC, an “email intelligence” company that also builds anti-tracking tools.
The tech is pretty simple. Tracking clients embed a line of code in the body of an email—usually in a 1x1 pixel image, so tiny it's invisible, but also in elements like hyperlinks and custom fonts.
...
But lately, a surprising—and growing—number of tracked emails are being sent not from corporations, but acquaintances. “We have been in touch with users that were tracked by their spouses, business partners, competitors,” says Florian Seroussi, the founder of OMC. “It's the wild, wild west out there.”
According to OMC's data, a full 19 percent of all “conversational” email is now tracked.
I STUMBLED UPON the world of email tracking last year, while working on a book about the iPhone and the notoriously secretive company that produces it. I’d reached out to Apple to request some interviews, and the PR team had initially seemed polite and receptive. We exchanged a few emails. Then they went radio silent. Months went by, and my unanswered emails piled up. I started to wonder if anyone was reading them at all.
That’s when, inspired by another journalist who’d been stonewalled by Apple, I installed the email tracker Streak. It was free, and took about 30 seconds. Then, I sent another email to my press contact. A notification popped up on my screen: My email had been opened almost immediately, inside Cupertino, on an iPhone. Then it was opened again, on an iMac, and again, and again. My messages were not only being read, but widely disseminated
...
I wrote Cook a lengthy email detailing the reasons he should join me for an interview. When I didn’t hear back, I drafted a brief follow-up, enabled Streak, hit send. Hours later, I got the notification: My email had been read. Yet one glaring detail looked off. According to Streak, the email had been read on a Windows Desktop computer.
...
IF TIM COOK is a closet Windows user (who knows! Maybe his Compaq days never fully rubbed off) or even if he outsources his email correspondence to a firm that does, then it’s a fine example of the sort of private data email tracking can dredge up even on our most powerful public figures.
...
"During the 2016 election, we sent a tracked email out to the US senators, and the people running for the presidency," Seroussi says. "We wanted to know, were they doing anything about tracking? Obviously, the answer was no. We typically got the location of their devices, the IP addresses; you could pinpoint almost exactly where they were, which hotels they were staying at."
Time to get back to Pine.
(Score: 5, Informative) by nobu_the_bard on Tuesday December 19 2017, @01:15PM (2 children)
It's not a bad article but it doesn't really get into the technical aspects of how tracking works. Maybe it's just because this is something I know a fair bit about already that it seems to be lacking.
Typically it works by giving each of the pictures (or other external resources, external links, etc) in your email a unique URL. For example, if there's a picture at http://www.domain.com/pix/dog.gif, [domain.com] the server may be set up to load that picture for any starting with query http://www.domain.com/pix/dog. [domain.com] Your email will link http://www.domain.com/pix/dog_1234567890.gif, [domain.com] which the server knows is the number associated with the email that went to you, and will note that the picture was loaded at such-n-such date, the query was from such-n-such IP address (potentially useful for estimating your location), using a browser with such-n-such agent string (from which OS might be guessable). They know email 1234567890 was opened by this specific user with all of that information. Your mail client doesn't want to open external resources automatically to protect this information from leaking; not that I've ever seen one properly explain this to the user.
When you understand this, it is less magical or mysterious, and you can see many things that can go awry or provide misleading results. Everything else that this kind of tracking can do is an extension or adjustment of this basic idea though.
There's more to it but that's the gist of it.
(Score: 2) by inertnet on Tuesday December 19 2017, @02:02PM (1 child)
One could get creative with this and fool the trackers. For instance by accessing a number of 'adjacent' links but not the ones in the email you received. Just for fun of course.
(Score: 2) by nobu_the_bard on Tuesday December 19 2017, @03:29PM
It might be a fun exercise but wouldn't have much impact. The better implementations will note that someone is scanning the various URLs, and that is also a data point in of itself. They don't necessarily simply record the first GET on that URL either, but each usually.
"Black hat" ones might use this to make you a target for more spam or retaliation; actual "legitimate" marketing ones will probably just carve you from the results they feed clients and perhaps block you if it starts getting to DoS levels. Not really great results either way.
Also the URLs could be hashes rather than sequential, though I guess it wouldn't matter if you're just pinging whatever.