I was just half-watching the Today show, and they had a piece about a guy that was developing a method by which the sender of an e-mail could monitor whether the receipient had opened it, the number of times it had been opened, for how long it had been open, and what the reciepient had done with it. I didn’t pick up the name of the guy, the story is not on the Today show website, and I couldn’t locate it after searching.
The story flashed pictures of all sorts of e-mail systems, including Hotmail, Yahoo, AOL, and Outlook, and implied (but did not state) that using this technology would let the sender monitor the receipient’s use of the e-mail no matter how it was picked up. The story also showed the guy sending an e-mail to the reporter, and then monitoring how many times he had opened it and for how long. The story gave no indiciation of the technology worked, what systems it worked on, or how it might be defended against.
Anyway, did this story highlight a letigimate (and worrying) technology that affects all e-mail, was this just an overblown story about some new type of spyware that can be defended against by the usual means, or was it something else in between?
I know a popular method is to embed a small 1 pixel by 1 pixel image in an email, and then just watch how many times that images is called from the server to figure how many times your email has been opened.
Of course, it’s not a detailed method, and only works with HTML-enabled email.
CNN ran a story about this a little earlier in the week - it’s called Did They Read It? It’s a subscription service, although you’re allowed a few free trial uses. The difference with this program is that it apparently works with web-based email, which isn’t the case with other receipt-requested features with which I’m familiar.
The company claims a 98% success rate in being able to get tracking info back, but not surprisingly they don’t tell you the circumstances under which it won’t work. Since I don’t know how it works, I have no idea if there is a way to block it. Hopefully someone more knowledgeable will chime in.
Thanks, sunfish, that company has the logo I saw flashed on the screen, and I remember the guy was from Cambridge.
The DidTheyReadIt website is singularly uninformative about the mechanism by which the service tracks e-mails. The only indication that I got about how it actually worked is in one story linked from their press page, which explains:
That article, dated May 20, 2004, notes that the service was just released. I would suspect that the company’s 98% success rate has something to do with the no one has yet implemented defenses to this service, which I hope will come along shortly.
Anyway, I’d love to hear more details if anyone has them.
It may not be obvious before you open the message, but there’s no way they can make it impossible to tell. And anyone who only accepts plain text messages is going to be completely immune from the tracking. I find their quoted 98% success rate a bit suspect.
What about those of us who read our mail offline, like with Eudora? Wouldn’t they be immune from such spying?
OTOH, does it matter if someone else knows if I’ve opened their mail, and for how long? The fact that your message was left open on my screen for ten minutes most likely means that I got called away from the computer, not that I was fascinated by your offering to grow me a massive penis.
There is absoultely, positively nothing new here. Anyone who knows about html and email has been capable of doing this for years.
The claims are total baloney. I don’t read any html formatted email. Period. Anyone who knows anything about Internet security does likewise.
There are a wide variety of email programs and browsers, each of which allows people to make settings that block this sort of evil. Since it’s been around a long time, there’s been plenty of time for developers to put in settings to stop this. Smarter users are catching on. Even the dumb ones will soon be forced to do likewise.
Companies now realize that email attachments, etc. are a major source of $ drain. So company email systems are rapidly being configured to block all this stuff.
So what you have are unoriginal, overstated marketing glurge that for the Ususal Stupid Reasons the media has decided to promote for free.
Easy. First, follow [url=http://help.yahoo.com/help/us/mail/pop/pop-06.html]these* instructions to set up Outlook Express to read your Yahoo! mail (the process is similar for other non-web-based email clients, like Outlook). Additionally, in OE, go to Tools > Options > Read tab. Check the box labelled “Read all messages in plain text”. Done. No more webbugs.
In the past, it was possible to download your email from a free Yahoo account, using the POP method. Currently, you must have Yahoo!Mail Plus to use POP. Yahoo! Mail Plus begins at $29 per year for 25 MB. Yahoo has announce that this will increase to “virtually unlimited” storage to compete with the forthcoming Google Mail.
Actually, you don’t have a choice about using the web interface for Yahoo if you’re using a free account. Being able to retrieve Yahoo email via Outlook Express, Eudora, etc. requires upgrading to a paid account. I’m pretty sure the same is true for Hotmail, but I can’t check right now because of the firewall I’m currently sitting behind. sigh
A couple of months ago I asked out IT people how I could read all incoming mail as plain text using Outlook (not Outlook Express). They couldn’t help me. Since SD readers are obviously more informed than my IT department, can anyone give me similar instructions for Outlook? I know how to change the format of a single incoming message, but I have to open it first to do so which kind of defeats teh purpose of this.
Thanks, Q.E.D. I use the web interface of Yahoo because I have to log on to my e-mail from multiple computers.
I’ve disabled the images using the instructions you linked. Are we sure that this is done using images, and not some other nefarious method?
Also, I can understand how opening an e-mail that pulls a tiny “image” from a server would enable the owner of the server to identify the IP from which the request comes. However, I can’t understand how this would allow the company to identify when the e-mail was closed.
You don’t mention which OS and version of Outlook you use, but it appears this is possible only indirectly, under Win XP SR1 and outtlook 2002 and up, according to here. Since this involves editing the registry, you’ll need administrator privelges on your machine, and you should back up the registry prior to proceeding.
It depends what you mean by ‘offline’ - this might sound a stupid thing to say, but there are at least two different kinds of ‘offline’:
First, there’s Offline in the sense that your internet connection has been closed completely (easier to do on dialup than broadband or cable) - in this case, one of several things could happen:
-Your machine tries to reconnect to retrieve the web bug image - you allow it and the sender will know you’ve read the email.
-Your machine tries to reconnect to retrieve the web bug image - you stop it and it tries to display the mesage without the web bug image (which will probably work OK) and the sender will not be informed that you’ve read the message.
-Your machine doesn’t try to reconnect and the sender doesn’t know you’ve read the message.
But there’s another kind of ‘offline’ - some mail client applications have ‘offline mode’, which doesn’t necessarily disconnect you from the net, it just doesn’t inconvenience you by trying to send and receive automatically. But it is possible to use ‘offline mode’ in your client while you remain connected to the internet (especially so on non-dialup connections) - in this case, even though your client is offline, the HTML parser/renderer will still try to retrieve the web bug image and the sender will know you’ve read the message.
Actually you do have a choice. Since Yahoo stopped their free POP3 services, script junkies have developed freeware addins to popular third-party email clients that effectively continue the POP3 service with Yahoo. So one can still use their free Yahoo email account and access it via Eudora, Outlook, etc., by using the POP3 addins.