As if the common use of "web bugs" inside spam was not enough, companies are using new techniques to watch and track the private emails you read, forward, print, and more.
"This is an arms race. Every time the technology changes to enable further surveillance, something happens to render that surveillance inoperable..."
In January, it was reported that a 24-year-old thief in Medellin, Colombia had himself
Last October, Bruce Schneier reported a new technique used by car thieves:
And now, perhaps the sneakiest technique of all, although I can find no actual stories of anyone using it in the news (if someone knows of one, please send it to me). It seems that cell phones made by Nokia, Motorola, and others have a great new feature: you can make the phone appear to be turned off, then call it and initiate a
And, I think most of us would agree, pretty creepy, if not close to downright dishonest. Unfortunately, such behavior is easy to find in the online world - just take a look at email.
Most of us have been the victims of the dreaded email "read receipt". You know: "Mr. Duplicitous has requested confirmation that you have received his email." And underneath are two buttons: Yes and No. I don't think I'm alone in always choosing No (unless someone is dumb enough to send such a request to a mailing list, which hopefully results in about a thousand "confirm" messages drowning the jerk in email). In fact, my email program of choice - Kmail - allows me the choice of four settings in the program's preferences: (a) Ignore, (b) Ask, (c) Deny, (d) Always send. Guess which one I've got checked?
Many other email programs have similar options available (unless you're using Outlook to check an account on an Exchange server, in which case you're hosed). These options are a good thing. It's nice that we have some measure of control over our email. And, to be honest, I can see how certain folks, in certain situations, may need to use read receipts (and deleted receipts, and forward receipts, which are sometimes found as well). But for most people, read receipts are annoyances at best, privacy intrusions at worst. But at least they're visible - assuming, of course, that you've haven't set your email program to always send a reply, automatically. It's hard to be unaware of the situation when a big dialog box opens up asking you what you want to do. At that point, you know that someone is trying to track your email behavior.
Read receipts were bad enough, but they weren't good enough for certain Net users, like spammers, so-called "email marketers", and your overly-paranoid boss. For years, while email was still the blessed realm of simple text, these people wailed and gnashed their teeth, awaiting the day when they could begin tracking in earnest. And finally, with the arrival of HTML-based email, their prayers were answered. For now a plague of "Web bugs" swept over the Internet, alerting the spammers, the marketers, and yes, your wacko boss, that you had in fact read their email - and precisely at 2:49:34 p.m. I hope they're happy.
Web bugs, for those of you who don't know about these insidious little beasties, are basically tiny, 1 pixel by 1 pixel, transparent GIF images embedded in HTML emails. When you open the email, a connection is made back to a server requesting the GIF, letting those who sent the email know that you have in fact opened their missive offering you an enlarged body part - or ordering you to work on Saturday. Either way, it's a raw deal.
Web bugs are in far greater use than I think any of us realize. A lot of "companies" offer the "service" - just search Google for "
Email clients to the rescue, once again. Kmail allows me to go into the program's options and check whether or not I want to allow my email program to "Allow messages to load external references from the Internet". Mozilla Mail and Thunderbird offer "Block loading of remote images in mail messages". Even Outlook 2003
At least read receipts are visible and obvious. Web bugs are another story. They're insidious, used by people who don't have the guts to stand up and announce themselves. But at least we can block them. Of course, the same people bent on ensnaring us in their own private
They Like to Watch
By the way, that "much more" in the first bullet point is in fact much more. You get maps of the reader's location, her IP address, her email address, referrer details - and everything is also available for anyone who reads the forwarded email as well. Yikes!
- Tracking: find out when email you send gets read, where the reader is located, how long they read it for, if they printed it out, whether they forwarded it to someone else, and much more.
- Certify your email: get proof-of-sending and proof-of-opening digitally signed and time-stamped court-admissible receipts.
- Self Destructing Email which blocks printing, copy, save, forward, print-screen, can be retracted after sending and deletes itself after being read.
- Ensured Receipts guarantee you get a receipt when your email gets opened, and lets you retract your emails after sending.
- Detailed Notifications arrive via email and optionally by SMS, Pager, ICQ, IRC, MSN/AOL/AIM/Yahoo Messenger and on your own "Personal Tracking Page" on our web site.
Now, you may be thinking, "why not just block this email's Web bugs like we do all the others?" Well, that would be great, if ReadNotify just used Web bugs. Unfortunately, these clever, clever people use another technology in addition to Web bugs: IFRAMEs. If you're a Web developer and you need a brush-up on the IFRAME element,
(And y'know what's even better? The thoughtful Orwellians at ReadNotify also offer the same tracking service for Word and Excel documents! How sweet of them!)
So how do we defeat ReadNotify's IFRAME trick? The short answer: we can't ... yet. Oh, we can disable HTML-based email. That option is easy to do in Kmail.