×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Web Bugs the New Norm For Businesses?

Soulskill posted more than 3 years ago | from the stop-or-i'll-say-stop-again dept.

The Internet 108

An anonymous reader writes "What ever happened to the good old days, when underhanded email practices were only used by shady email marketing companies and spammers? Today, it seems, the mainstream corporate world has begun to employ the same tactics as spammers to track their customers' email. Jonathan Zdziarski noted in a blog entry that AT&T is using web bugs to track email sent to customers. Could this be used for nefarious purposes?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

108 comments

How Long? (1)

ArhcAngel (247594) | more than 3 years ago | (#34435318)

How long before this is used for nefarious purposes?"

FTFY

Re:How Long? (3, Insightful)

KublaiKhan (522918) | more than 3 years ago | (#34435646)

How long has it been -since- they started using this for nefarious purposes, you mean.

Re:How Long? (0, Flamebait)

beakerMeep (716990) | more than 3 years ago | (#34436364)

Agreed. This isn't the kind of article that belongs on Slashdot. Email tracking has been going on probably almost 10 years.
 
The fact that this guy discovered 1x1 pixels in email and mis-attributes them to "bugs", is so technically incompetent I would think I am reading the technology section of AOL.

Re:How Long? (1)

omnichad (1198475) | more than 3 years ago | (#34436452)

1x1 pixel images are more likely to fix really lousy email rendering by wildly different clients. ANY image in an email can be used for tracking.

Re:How Long? (1)

yuhong (1378501) | more than 3 years ago | (#34440744)

Yep, spacer GIFs are old too. David Siegel's old books on HTML was one of the earliest books that mentioned it, for example.

Re:How Long? (0)

Anonymous Coward | more than 3 years ago | (#34437262)

With the mere difference that now a different class of people have understood that it is possible.

The latest hit in web-bugging is not that. It is putting it into internal corporate releases to pick out the ones that do not read them. There are apparently a few "ready-to-use" packages that bolt onto Exchange + sharepoint which give the management stats on who read what from the internal pressreleases and how good did they adhere to the party line.

Posting anonymously as I have just been notified on the Q-t by my line manager that our management intends to use these from now onwards to ensure that we all listen and indoctrinate ourselves accordingly.

Re:How Long? (1)

yuhong (1378501) | more than 3 years ago | (#34440754)

Yea, can you say horrible? In fact, I consider what I call "legacy" PR that is based on controlling the message fundamentally flawed these days.

Re:How Long? (2)

styrotech (136124) | more than 3 years ago | (#34437342)

The fact that this guy discovered 1x1 pixels in email and mis-attributes them to "bugs", is so technically incompetent I would think I am reading the technology section of AOL.

Ummm... "web bug" is the actual term for them.

http://en.wikipedia.org/wiki/Web_bug [wikipedia.org]

I would've thought someone ranting about technical incompetence would've known that.

Re:How Long? (1)

Chapter80 (926879) | more than 3 years ago | (#34437464)

The fact that this guy discovered 1x1 pixels in email and mis-attributes them to "bugs", is so technically incompetent I would think I am reading the technology section of AOL.

Ummm... "web bug" is the actual term for them.

http://en.wikipedia.org/wiki/Web_bug [wikipedia.org]

I would've thought someone ranting about technical incompetence would've known that.

shoot, you beat me to it!

I was thinking the same thing! It's always humorous to read someone rant like that, and demonstrate their own ignorance!

Then again, maybe we fell for a troll!

Re:How Long? (2)

beakerMeep (716990) | more than 3 years ago | (#34440204)

You're sarcasm aside, that term seems to me to be a mis-representation by laymen and marketing folk; just like "beacon" and all the others. Look at one of the image tags for the article -- Soulskill mis-tagged it with the bug picture. The reality is, it's a tracking pixel.

Still, you're right, mea culpa. I didn't know that term, even having worked in online advertising and publishing for many years. But it's hard to know all the names marketing folk come up with.

However, I don't think this changes the fact that this is stupid blog-spam about an almost universally used, 10 year old technique that the article seems to think is something new. This has been around and used as long as HTML email has been around. They could call it a blue penguin if they wanted but it wouldn't change anything. Imagine an article worrying about the fact that websites might be tracking visitors using "logs" or that newfangled "javascript."

Is this news? (2)

klubar (591384) | more than 3 years ago | (#34438134)

I assume that almost everyone who sends commercial email does this. It's not really news, and I don't think it's a big deal. Almost every email program (even Outlook) has an option to not download images--if you don't want to confirm that you've received the email, don't download images.

Also, as an occasional sender of commercial email just because the image has been downloaded doesn't mean it's been read. Just means the images have been downloaded.

This is why if you are sending out commercial email, make sure the key messages are visible without the images being downloaded. Tell your reader enough to make them want to a) read the rest, b) confirm that was read and c) download images.

This topic isn't news.

Re:How Long? (1)

yuhong (1378501) | more than 3 years ago | (#34440736)

Yea, which is why most email clients has an option to not load images by default for years now.

Re:How Long? (1)

Monkeedude1212 (1560403) | more than 3 years ago | (#34435662)

I'm going to guess negative 1 or 2 years.

Re:How Long? (0)

Anonymous Coward | more than 3 years ago | (#34436858)

Way off. I saw this technique described a decade or more ago. It is one of the reason gmail blocks images by default, IIRC.

Re:How Long? (1)

B Nesson (1153483) | more than 3 years ago | (#34438544)

I thought the point of the story was that legitimate businesses are now commonly using a technique that was originally used exclusively for nefarious purposes. So I would say... two or three sentences ago?

Honestly, is there a script that tacks "Could this be used for nefarious purposes?" on the end of every entry or something?

Re:How Long? (1)

fleebait (1432569) | more than 3 years ago | (#34439120)

The first time I wrote a program to do this was about 1996 or so. It worked better than reply receipts for some customers. It's been around since Outlook/Outlook Express/Eudora first started supporting HTML formatted e-mail.

Our "nefarious purpose" was (at the time) supporting a paid subscription e-mail publication, and then the marketing people got wind of it...

So, if you consider marketing and their desire for another useless statistic nefarious -- define it as you wish..

Use Thunderbird (3, Interesting)

Compaqt (1758360) | more than 3 years ago | (#34435374)

It doens't load web bugs until you tell it to.

Fastmail.fm does the same.

Re:Use Thunderbird (0)

Anonymous Coward | more than 3 years ago | (#34435388)

I was under the assumption that most email providers do not load any images either, unless instructed to do so.

Re:Use Thunderbird (0)

Anonymous Coward | more than 3 years ago | (#34435632)

Thunderbird is not an email "provider"

Re:Use Thunderbird (1)

characterZer0 (138196) | more than 3 years ago | (#34435668)

I was under the assumption that most people use webmail, and most webmail systems render everything.

Re:Use Thunderbird (2)

icebike (68054) | more than 3 years ago | (#34436054)

They you were under the wrong assumptions.

Most people still use the email client that came with their machine, which equates to some form of Windows / outlook stuff, which shows images by default.

A few percent have switched to Thunderbird or other clients that do not load images by default. But its far from the norm.

Gmail's web interface blocks images sometimes. Not so much from individuals or other gmail accounts, but most of the time from commercial accounts.

You will see a yellow bar at the top of the message that offers two choices:

Display images below - Always display images from whatever@domain.com

See this page for Google's Gmail help [google.com] on this issue. The default is to no show any images till you ask for them.

So even those using web interfaces need not be tracked if they don't want to be.

Once again, this practice seems aimed at Outlook users, where (correct me If I'm wrong) images are ON by default.

Re:Use Thunderbird (1)

clodney (778910) | more than 3 years ago | (#34436782)

.

Most people still use the email client that came with their machine, which equates to some form of Windows / outlook stuff, which shows images by default.

A few percent have switched to Thunderbird or other clients that do not load images by default. But its far from the norm.

Actually, I would guess that some significant fraction - 30% maybe - are business computers that use either Notes or Outlook, both of which block images by default.

The real WTF reaction to me is considering web bugs more than trivially nefarious. Every business that sends bulk email wants to collect metrics, and web bugs are one way to determine if someone actually opened the email. I think the only reason they are not utterly ubiquitous is the fact that so many email clients do block display of images.

Re:Use Thunderbird (1)

icebike (68054) | more than 3 years ago | (#34437090)

Well, not all versions of Outlook block images by default. The older versions showed them all by default. Further the options provided for selective blocking usually include Show All Images, with no warning at all.
Its precisely the business hireling that selects show all, because they really don't give a rip.

Admittedly, the use of this is probably quite benign in most cases, intended to be used to pare down the mass marketing list, saving bandwidth, and customer aggravation.

However, it takes a fair amount of web log processing to actually put that plan into use, and I bet all but the largest companies do absolutely none of this.

And as you say, with most clients blocking images by default, the payback for this becomes slimmer and slimmer.

 

Re:Use Thunderbird (1)

Blakey Rat (99501) | more than 3 years ago | (#34437582)

Most people still use the email client that came with their machine, which equates to some form of Windows / outlook stuff, which shows images by default.

Outlook, and Windows Mail/Windows Live Mail block images by default. Outlook has for years (decades)? Windows Mail/Windows Live Mail has as long as its existed. Your knowledge is severely out-of-date.

Re:Use Thunderbird (1)

psyclone (187154) | more than 3 years ago | (#34440568)

RoundCube [roundcube.net] does not display images by default. It is a modern web mail application used by hundreds of ISPs and thousands of end users.

Re:Use Thunderbird (1)

smartr (1035324) | more than 3 years ago | (#34436254)

This is hardly a bug. If you load anything from a remote server, as long as they put a randomly generated id tying it to the sent email, it can be used to track. A server gets the request, marks the email as read, then returns a standard image... On the other hand, there's no reason an email server couldn't get tricky and pre-load every image it gets, then pipe it as an attachment to the user on a request.

Re:Use Thunderbird (1)

Cougar Town (1669754) | more than 3 years ago | (#34436350)

As a programmer, the first thing I think of when I hear "bug" when related to computers is a flaw or defect... but I think in this case they mean a more traditional bug, like when you say someone's phone is "bugged." A tracking or listening device.

I've even heard some users refer to viruses/malware as "bugs" (like having a flu "bug")... confuses the hell right out of me as a programmer until I realize what they really meant.

Re:Use Thunderbird (1)

Linker3000 (626634) | more than 3 years ago | (#34437884)

The popular MailScanner [mailscanner.info] spam/virus filter removes 1x1 Web bugs by default so there are quite a few mail servers out there that will neutralise this issue.

Re:Use Thunderbird (1)

Timmmm (636430) | more than 3 years ago | (#34438886)

It doens't load web bugs until you tell it to.

That's a standard feature on every mail client I've used for at least the past 5 years.

Email client remote image blocking (3, Insightful)

hackersass (785308) | more than 3 years ago | (#34435396)

Don't most email clients block remote images in the out of the box configuration? I know Outlook and Thunderbird do. Doesn't that make this pretty much a non issue? Yes, I'm failing to account for the Outlook 97 users out there...

Re:Email client remote image blocking (0)

JonySuede (1908576) | more than 3 years ago | (#34435416)

yeah but most people click show images....

Re:Email client remote image blocking (1)

cforciea (1926392) | more than 3 years ago | (#34435652)

You don't really need a hidden 1x1 pixel someplace to generate information when you can just imbed the information in the get request for one of the big images, then, do you?

Re:Email client remote image blocking (1)

JonySuede (1908576) | more than 3 years ago | (#34435914)

If the server serving the image is part of the analytic campaign,no you dont. However, most of the time, the analytics services are not provided in-house, but the big image is.

Re:Email client remote image blocking (1)

icebike (68054) | more than 3 years ago | (#34436366)

But even in that case, it wouldn't have to be a 1x1 image.

Any size image would do. The 1x1 bit is just to keep bandwidth down and allow the same image to be uses for every request, and to allow the insertion of the image to be done by the email engine without messing up the layout.

Re:Email client remote image blocking (1)

sqlrob (173498) | more than 3 years ago | (#34436404)

You can strip the "for one of the big images". You just need the Get request. CSS, images, whatever.

Re:Email client remote image blocking (1)

Anonymous Coward | more than 3 years ago | (#34437014)

Why would you use an image to track an email campaign, when there are other filetypes that an HTML email client will load without asking?

I once wrote an email campaign system in ASP.NET. One of the fun things you can do with .NET is create IHttpHandlers that handle an incoming request for a given resource, but have server-side executable code associated with them (without having to change any file type associations!). So I created a handler that updated a database with tracking stats and retrieved a 1x1 image. Then I created another handler that updated that same tracking database and retrieved the proper CSS for the email template. Guess which one got blocked and which one didn't.

We actually had it tracking which mechanism first hit the tracker for a given message ID, and most of them were for the CSS. Most email clients block images, but stylesheets are almost never blocked. Even Outlook 2007 didn't bother to block CSS (and still retrieved it!), and it won't even use the external stylesheet because it renders with the Word 2007 engine. All styles must be inline or in-page for it to work.

And that was 2 years ago, for a limited-release, suck-it-and-see effort. Imagine what the guys working on this day-in-day-out have figured out by now.

Re:Email client remote image blocking (1)

reboot246 (623534) | more than 3 years ago | (#34439074)

Reading email in plain text thwarts all of those. I use Magic Mail Monitor to check my mail and open what I want to read in UltraEdit. May not get the message that the sender intended, but that's their problem, not mine.

Uh.... (0)

Anonymous Coward | more than 3 years ago | (#34435426)

Since when was at&t not underhanded, shady or nefarious?

As far as i can remember... at&t have always been the biggest scumbags on the block. Or haven't you ever looked at a phonebill?

Turn off preview. (3, Insightful)

140Mandak262Jamuna (970587) | more than 3 years ago | (#34435496)

Why read mail with html turned on by default? Turn on "dont show images" if your mail client allows it.

Re:Turn off preview. (2)

Monkeedude1212 (1560403) | more than 3 years ago | (#34435938)

Both Gmail and Hotmail have images turned off by default - Yahoo might as well I don't know. So any of the regular web clients are safe enough.

Re:Turn off preview. (0)

Anonymous Coward | more than 3 years ago | (#34437296)

Protip:
If you are using firefox, use an adblocker with the easy-privacy list. It squashes all known web bugging services before even showing the page. Including script based.

Every Legit Email Marketer Has Always Done This (0)

longacre (1090157) | more than 3 years ago | (#34435550)

How else would they have any stats?

"Legit Email Marketer" (2, Funny)

betterunixthanunix (980855) | more than 3 years ago | (#34435614)

I laughed a little bit at that characterization of spam.

Re:"Legit Email Marketer" (1)

Anonymous Coward | more than 3 years ago | (#34435878)

I threw up in my mouth at that oxymoron.

FTFY

Re:"Legit Email Marketer" (3, Insightful)

radish (98371) | more than 3 years ago | (#34437390)

There's a difference you know. I get promotional email from Amazon, quite often it actually alerts me to deals I'm interested in, so it serves it's purpose. If I change my mind I can switch it off. It's not spam, it is email-based marketing.

Fighting spam is hard enough without confusing what it actually is.

Re:"Legit Email Marketer" (1)

T.E.D. (34228) | more than 3 years ago | (#34439234)

It isn't nesscarily an oxymoron. There are quite legitimate reasons why a person might want to put themselves on an email list. Particularly ones that function as newsletters.

Looking for participants... (1)

nitsew (991812) | more than 3 years ago | (#34435580)

I heard about this years ago. I am still waiting on my check from Bill Gates.

2003 called (4, Insightful)

circletimessquare (444983) | more than 3 years ago | (#34435676)

it wants its story back

this news is very old

i read email text only. i'm not paranoid, i just prefer it. the conversion to text sometimes results in some really fugly emails, and they are always emails from businesses, usually ads. and i'm talking about valid businesses i have some sort of demographic contact with with my lame public email address (as opposed to my personal public email address, that i actually attempt to protect and actually pay attention to): starbucks, cvs, best buy, verizon, etc

i pay attention to 1% of such emails, usually for half a second, when i scan this folder maybe once a month for any valid correspondence. but the image links always stand out since they usually burst the flow of text when converted to text. they are always something like 88daeef445bb23c1.jpg. never banner.jpg or greatoffer.jpg. it's always some unique code

yes, every time you view an html email (with automatic image download), you are spied on. this should be of no surprise to anyone half awake, since this is true for i would say a decade or more as the normal status quo

Re:2003 called (1)

cfulton (543949) | more than 3 years ago | (#34435858)

No kidding. This is (has been) used by companies big and small since email started to be sent to customers. I don't believe that I have ever worked with an "email marketing firm" or product that didn't include this "feature". It is stale old news.

Re:2003 called (0)

Anonymous Coward | more than 3 years ago | (#34440796)

but the image links always stand out since they usually burst the flow of text when converted to text. they are always something like 88daeef445bb23c1.jpg. never banner.jpg or greatoffer.jpg. it's always some unique code

This is very true but I thought I would point out that not all such image links are illegitimate. Sometimes an image is embedded within the email. In those cases the images are also typically named with an obscure ID.

Everyone does this (2)

mbuimbui (1130065) | more than 3 years ago | (#34435686)

Vertical response, mail chimp, etc.. all commercial email marketing companies include a tracker. Its really not all that much different than websites tracking you, knowing that you clicked on their page at such and such time, except this time you are looking at the page from your inbox.

Re:Everyone does this (2)

lemur666 (313121) | more than 3 years ago | (#34435888)

You'll also note that every URL on one of these mails is a redirect that has the ability to track which user and which email it originated from.

They then use this info to generate click-through reports on what type of user did what with which email.

I'll add this is very old news.

Get a better email client (0)

Anonymous Coward | more than 3 years ago | (#34435780)

There's no use in complaining. It can be done, it is done. Every email client worth using has an option not to load external resources (images, etc.). Enable it, forget about web bugs. Anyone who sends emails with images should be shot^H^H^H^H sending them with the mail, not referencing external images. External resources can be changed after the mail has been sent. That alone should be reason enough to disregard them.

Don't Load Images (4, Insightful)

StevisF (218566) | more than 3 years ago | (#34435818)

Every e-mail client I've used in recent times doesn't load images by default. I generally assume that I am being tracked if I choose to load the images.

Re:Don't Load Images (1)

rahvin112 (446269) | more than 3 years ago | (#34437392)

I think the more appropriate question is what person believe they aren't being tracked when downloading images from some server?

Every Web transaction is tracked and when it loads images it downloads those images from a website which is tracking downloads. But the main question is who in their right mind doesn't realize that happens? I thought this was common knowledge. There is simply no way for a website not to know you are downloading images unless they turn off all tracking and that would make bug reporting and troubleshooting impossible so it's not going to happen. I know people like to load the images and don't like dealing with the garbled text emails but I really did think it was common knowledge that everyone knew loading the images tells them you opened the email.

who DOESN'T block web bugs by late 2010? (0)

Anonymous Coward | more than 3 years ago | (#34435820)

Seriously - tracking bugs have been around so long now that unless you've been living under a rock for the past decade, you know about them.

Anyone who isn't blocking them by now deserves what they get. You can't claim to value privacy while freely giving it up. Your computer is the thing *requesting* the web bug. If you don't mind it doing that, then don't turn around and complain about the consequences.

Re:who DOESN'T block web bugs by late 2010? (1)

Peristaltic (650487) | more than 3 years ago | (#34436380)

Anyone who isn't blocking them by now deserves what they get.

I was wondering when you'd show up.

Isn't this built into Salesforce.com (1)

Imawesome (1928564) | more than 3 years ago | (#34435970)

Isn't this the same thing built into Salesforce.com's CRM? I've been using that for ages to see if prospects are reading the emails I send them.

We do this (1)

Anonymous Coward | more than 3 years ago | (#34435990)

We send mass mails to people who have opted in. It's mostly just ads, with a little bit of genuinely-interesting "content" which is the ostensible purpose of the mail from the receiver's point of view. From our point of view, the purpose is to show the ads. The mails are HTML. I haven't looked too hard at 'em, because I don't personally read HTML mail, and also I'm not the guy who handles this particular part of our business. But I know it has at least one "web bug."

Currently, the purpose for the web bug (for us, not sure about the third party that we use who actually delivers the mail; it's actually their web bug) is to track "open rate." What fraction of people read the mail?

Assumptions: 1) People read HTML mail. 2) When their mail reader renders the message, it will fetch externally-references resources such as images. 3) If the mail is rendered, it's because a human read the message.

As the "open rate" dips or increases, we take that as a lesson in tuning our subject line, making the mails less obnoxious / more interesting so that more people will read it next time, and so on. The open rate is a measure of success and our goal is to maximize it.

So.. nefarious? It's all about getting people to look at ads. You make the call as to whether or not that's nefarious.

Re:We do this (1)

plover (150551) | more than 3 years ago | (#34436214)

Do you care as much about the recipients reading the email, or do you care more if they act upon it? I'd go for the tracking URL if it's the latter.

As a recipient of such fine emails as yours, a web bug will never tell you if I got them or not as I long ago blocked linked image downloading. But if I'm interested in the content, I'll usually click on the tracking link rather than going to my browser and manually loading the related web page. If the email is useful to me, I don't mind rewarding the email system with feedback saying they successfully delivering an interesting link to me.

Of course you'll still only have a unique sneakemail.com address, and if you cheese me off for any reason you'll end up on my blacklist, unknowingly never able to deliver a message to me again.

Re:We do this (1)

Imawesome (1928564) | more than 3 years ago | (#34436336)

Well first off, not a spammer - I sell very industry-specific solutions and I do my research beforehand so at the very least it's applicable to a prospect's role and business, etc. I was just saying when you send an email through Salesforce.com, it typically (not always depending on how their EM is configured) shows me how many times they opened it and when the last time was that it was opened. I was just trying to discern what is new/different in the AT&T article from what I have used in SF for a while.

Re:We do this (0)

Anonymous Coward | more than 3 years ago | (#34440564)

Do you care as much about the recipients reading the email, or do you care more if they act upon it? I'd go for the tracking URL if it's the latter.

(Same AC as GP.) We want all the stats we can get, to tune each piece as well as we can. If you click ads, yes, we count those too.

a web bug will never tell you if I got them or not as I long ago blocked linked image downloading.

We know that our open rate stats are not complete. But nevertheless is it something we can measure, and we can compare measurements between mails. If we measure an open rate of n%, n is meaningless, but if the next mail's open rate is (n+5)% or (n-5)%, that is real data. If we use a large enough sample (and we do), then even if only 10% of users enable image loading, we're getting a good poll among that 10% about how much better/worse each mail did.

Of course you'll still only have a unique sneakemail.com address, and if you cheese me off for any reason you'll end up on my blacklist, unknowingly never able to deliver a message to me again.

(I personally do that too.) We're not interested in cheesing anyone off. There's no profit in that.

Re:We do this (1)

Bill Dog (726542) | more than 3 years ago | (#34436830)

It's mostly just ads, with a little bit of genuinely-interesting "content" which is the ostensible purpose

Is that something like plausible ostensibility?

It's Done (1)

ScientiaPotentiaEst (1635927) | more than 3 years ago | (#34436048)

The general population has lost much privacy and many freedoms. And the encroachment continues - accelerates even.

But the fault is ours. We gave it all away for the promise of cheap baubles, entertainment and security. So many click still on the "get rich quick" eMail scams. So many happily use credit/debit cards to buy every little thing. So many willingly surrender their privacy & dignity - all for the vacuous promise of security. And deity forbid one gets in the way of TV entertainment. Use that cable box/HD/DVR. Let Time Warner/Comcast or (hey!) AT&T monitor every button press.

I suspect many here would agree. But then, many here clamor also for regulation and control over other areas, giving the beast more power and money for the "unwanted" bugaboos. Yet this results the loss of more privacy and freedom - for everyone.

Perhaps my vantage point is clouded, but it looks like the experiment failed.

Re:It's Done (2)

Archangel Michael (180766) | more than 3 years ago | (#34437180)

The Web/Internet is not private, it is Public. Treat it as if you are in your front yard and your neighbors can see and hear everything you do or say. This is what I tell everyone.

Inevitably they ask about email, which I say "it is like a post card", anyone anywhere along the chain can read it, and you'll never know.

Treat the internet like it is public, not private, and you'll be safe(r).If you want to be "private" on the iNet you best be encrypting and making sure that only the person you're communicating with has the keys, AND is trustworthy. Anything else ... you're screwed.

Like Receipts (0)

Anonymous Coward | more than 3 years ago | (#34436220)

Images are not loaded unless they are from someone I trust. Receipts are not sent without explicit permission either.

I remember someone being extremely confused how I replied to the email without them getting a receipt from me opening it.

Could this be used for nefarious purposes? (1)

Dunega (901960) | more than 3 years ago | (#34436272)

Uhhh... Yes, as evidenced by the first sentence in the summary.

The new norm for customers (0)

Anonymous Coward | more than 3 years ago | (#34436354)

For a long time now, the recommendation to users has been to disable (if it isn't the default) automatic loading of images. I would guess Goople's gmail doesn't have this disabled by default, but I believe Mac OS X Mail does.

The answer is "Yes" (0)

Anonymous Coward | more than 3 years ago | (#34436472)

You're kidding right? Next up: bit.ly links watch your clicks!

As someone else said above, if I choose to load images in an e-mail I *assume* I'm being tracked.

Of course they're using bugs to track us. It's been used by "legitimate" e-mail marketing as well as spammers for a long, long time. It's an easy and widely supported way to evaluate confirm receipt.

Should we start freaking out about Google Analytics next? Every page that loads it, Slashdot included, subjects their readers to cross-domain stats gathering and potential dynamic code modification. That's a lot more significant than a transparent pixel load.

The Republican Party uses them. (0)

Anonymous Coward | more than 3 years ago | (#34436580)

Mail from Michael Steele and from the Republican National Committee uses them.

Oh boo-hoo a tracking gif (1)

AC-x (735297) | more than 3 years ago | (#34436746)

I'd be surprised if any companies haven't been using tracking images as a matter of course for all their mailouts for the last 5 years.

Having spent 6 years working for web agencies I can tell you that marketing people love to see statistics on their mailouts, even if they do nothing more than get a rough estimate on number of views.

Re:Oh boo-hoo a tracking gif (2)

dhammond (953711) | more than 3 years ago | (#34437516)

Exactly. Since when did this start being considered "underhanded"? If this is underhanded, then it is also underhanded to track any of the activity of any logged-in user on a website. Legitimate businesses use that tracking information to better serve their customers. Let's not get confused. Spam is wrong, but it's not necessarily wrong to use a method that is also used by spammers.

Nothing new here... (1)

jfine (1938120) | more than 3 years ago | (#34437016)

Web bugs in emails are nothing new. For as long as there has been HTML email there have been web bugs. Every image you load could be considered a web bug because it's creating a log entry somewhere. The bugs don't need to be 1x1 transparent gifs though many tend to be just out of convenience. Almost all links now a days (and for a long time) run through some sort of click tracking tool as well, just like every search engine as well.

One solution: non-HTML-enabled mail readers (1)

Caerdwyn (829058) | more than 3 years ago | (#34437432)

At least one solution is out there:

Don't use webmail or web-enabled mail clients like Outlook. Mutt and Alpine and similar mail clients that don't interpret HTML are immune to this particular form of jackassery.

You know that axiom about how security and convenience are inversely proportional? It's true. You have to set the slider where you choose to, and unless you're willing to write the perfect HTML-interpreting-except-for-web-bugs-which-are-differentiated-from-other-objects-somehow-but-is-still-Exchange-compatible mail client yourself (in which case you get rich), that's the hand you're dealt. There are some alternatives like "it should be illegal to attach tracking bugs to email content", but that assumes people would actually obey the law (ha!).

Useful for market research (1)

Kim0 (106623) | more than 3 years ago | (#34437788)

I worked with this for 6 months. Learned a lot of interesting stuff about how people react to variations of emails.
Short messages that are to the point works well, but so do some marketing tricks, such as scaring people, FUD.

Since the company was never satisfied, and wanted everything I did as their exclusive property, I used mainly multiple overlapping test groups with random sampling. I would have preferred advanced modelling, which I am really good at, but did not want to loose rights to do that. I later read some scientific articles about lipid research, and was surprised that they used much simpler and quite inefficient methods compared to what I did when demotivated. What a waste of human life. When I was in the oil business, they used modelling, but with only vague understanding of it, so I improved that a lot. And in all such cases, I got sort of fired. Does not seem like companies or organizations want such improvements. But they try to sell them anyway.

Wreck their plans... (1)

JohnWiney (656829) | more than 3 years ago | (#34437814)

Copy the bug into your own messages, and swamp their stats base with crap.

Re:Wreck their plans... (0)

Anonymous Coward | more than 3 years ago | (#34440828)

Oh wow this person really likes our message they opened it 100 times. Lets send them more.

Not necessarily nefarious (1)

6Yankee (597075) | more than 3 years ago | (#34438468)

I bought some train tickets from GNER, as they were then, and got signed up to their "newsletter". Since I'm hardly ever on that side of the country, I had no reason to even bother reading the thing. I never got round to unsubscribing from it, just deleted it unread.

A few months back, I got an email from their successor, along the lines of, "We noticed you haven't read the newsletter in quite a while. Click here to stay subscribed, otherwise it'll stop coming." I thought that was pretty good; I always assume these things track me somehow, but it's the first time a company's ever volunteered to unsubscribe me based (presumably) on that information. Of course, I use Gmail and the images are blocked by default, so they couldn't have known if I *was* reading...

What *really* annoys me is news"letters" with no text, where you *have to* download the images if you want to see the content.

Forever (0)

Anonymous Coward | more than 3 years ago | (#34438492)

This was a standard feature for reputable (as in double-opt-in) bulk email services at least as far back as 2003, when I worked in email marketing for nonprofits. It's how you tell whether your campaigns are effective. Well, it was -- back then all email clients loaded remote images by default. Nowadays it's probably most effective at determining who liked your email enough to actually load the images.

This is standard in all email marketing (not spam) (2)

illogic (52099) | more than 3 years ago | (#34438534)

People who send email newsletters (not spam) that people have signed up to receive, want to have analytics data on who reads their messages. Perfectly normal, not dastardly companies that offer email marketing platforms like Constant Contact, MailChimp, CampaignMonitor, etc. all include such recipient tracking by default. Not only by noticing whether or not somebody downloads an image in an HTML email, but also by rewriting all URLs linked in the message so that individual clicks can be registered. These are all recorded uniquely to each subscriber so the sender can tell who is interested in what content. Anyone who is surprised about this is out of the loop. This kind of information is very useful for the nonprofit I work for to understand which of our opt-in subscribers are interested in what content and how we can make our emails more useful for their work.

http://www.mailchimp.com/features/reports [mailchimp.com]

Oh shove it (1)

geegel (1587009) | more than 3 years ago | (#34438580)

Hammers can apparently be found in many residences. Can they be used for nefarious purposes?

It's called split testing or multivariate testing and it's a perfectly legitimate marketing tool. If you don't trust a specific company, unsubscribe from its damn mailing list

Marketing if evil (0)

Anonymous Coward | more than 3 years ago | (#34438998)

I have a friend who works for a big realty company and they do this. using whatever bug it is in gmail to track their addresses, and then send them "market relevant" pitches based on what they were searching for. scum of the earth IMO.

Yes, it is now OK (1)

T.E.D. (34228) | more than 3 years ago | (#34439108)

I hate it too, but yes it is now considered socially-acceptable to harvest info from your readers via "bugged" images.

About a year ago I was talking to a local party official about this, after I discovered the local party was doing this with its email list. He's a nice guy, but everyone who works there including himself is a volunteer, and none of them are particularly computer-saavy.

I tried to explain to him that that kind of harvesting is a Bad Thing, but I don't think I had much success. Email is about all of the internet he's ever been exposed to, so if he spends a lot of (scarce) local party money on a software tool based on all the nifty stuff the salescritters tell him he can do with it, and all his peers are using it or packages just like it, its going to take a lot more than one yahoo off the street to convince him there's an ethical problem with that.

Most folks don't have a clue about this kind of thing, and frankly there are more marketeers telling them its OK than there are knowledgable geeks telling them it isn't. I'm afraid we are going to lose this one. Harvesting info via embedded pictures has become standard operating procedure.

Re:Yes, it is now OK (0)

Anonymous Coward | more than 3 years ago | (#34440878)

You didn't have much success, because you don't know shit about what you're talking about. If you don't track that information and purge people who don't want your email, but are to lazy or afraid to unsubscribe (because dick heads like you have convinced them every single company in the world is a spammer and they shouldn't ever unsubscribe) you won't ever make it to the inbox of yahoo, aol, gmail, or hotmail, because the users aren't engaged. By not having engaged users you hurt you're IP / domain reputation.

If you feel it's unethical to use these you should start a crusade to convince every major isp it's okay to email non-engaged users and open the flood gates for real scumbags.

The solution here is simple (0)

Anonymous Coward | more than 3 years ago | (#34439148)

Just read your email the way email was intended to be read, in plain text, in a plain text email reader.

Voila, no bugs.

Wake up and smell the coffee ! (1)

AftanGustur (7715) | more than 3 years ago | (#34439162)

Everyone does this! Since at least 10 years now !

Have a look at salesforce.com, they sell this as a service and they do it well !

Use a decent e-mail program. (1)

Kaz Kylheku (1484) | more than 3 years ago | (#34439182)

I receive all my mails using RoundCube webmail these days. It warns that an HTML e-mail contains images, and will only display them if you want to. If an e-mail demands a read receipt, you are prompted whether or not you wish to send that.

The bottom line is that web bugs are not possible without the cooperation of dumb client software.

Some lame mail providers still use linked icons! (1)

Kaz Kylheku (1484) | more than 3 years ago | (#34439202)

Receive an e-mail with smileys from a Hotmail user and your decent e-mail program will warn that the message contains images. If you choose not to display them, the e-mail is devoid of all emoticons.

Idiots.

old news (0)

Anonymous Coward | more than 3 years ago | (#34439314)

Four years ago (that means 2006) I found a web bug in a newsletter sent by a small to medium sized bookstore. The owner did anything from hiding it with several techniques up to their lawyer sending me a cease-and-desist letter. They even lied to the authorities, told rubbish to the public. "No, we don't do that, it would be illegal."

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...