Foiling Electronic Snoops in Email
Nytimes.com Tech
Fix
By BRIAN X. CHEN NOV. 18, 2015
IT
didn’t take much for Florian Seroussi, a technology investor in Manhattan, to
become suspicious of his email.
His
misgivings were sparked late one night last year when he opened a message from
an entrepreneur who was asking him to invest in a start-up. Minutes later, Mr.
Seroussi’s cellphone rang with a call from the same start-up executive.
Coincidence?
Not to Mr. Seroussi. “What are the odds that at 10:30 at night, a guy suddenly
has a vision that I’m reading his email?” he said. “They must know something
that I don’t.”
It
turned out that the start-up executive had planted a tracking mechanism into
his message to Mr. Seroussi, a trend that is increasingly afflicting all of our
email. Trackers, which come in many forms including a single invisible pixel
inserted into an email or the hyperlinks embedded inside a message, are
frequently being used to detect when someone opens a message and even where
that person is when the email is opened. By some estimates, trackers are now
used in as much as 60 percent of all sent emails.
HOW-TO GUIDE
Follow these steps to disable images from
loading automatically:
·
On Gmail
1. Click on the gear icon and click Settings.
2. Under the General tab, scroll down to Images.
3. Select “Ask before displaying external images.”
4. At the bottom, click Save Settings.
·
On an iPhone
1. Open the Settings app.
2. Tap on Mail, Contacts, Calendars.
3. Swipe left on “Load Remote Images” to turn it off.
·
On an Android
1. Open the Gmail app.
2. Select your account.
3. Tap on Images.
4. Select “Ask before showing.”
The
trackers are traditionally offered by email marketing services like GetResponse
and MailChimp. They have a legitimate use: to help commercial entities send
messages tailored for specific types of customers. The New York Times, too,
uses email trackers in its newsletters. The Electronic Frontier Foundation, a
nonprofit that focuses on digital rights, estimates that practically every
marketing email now contains some form of a tracker.
Yet,
the prevalence of these trackers raises consumer questions. Because trackers
are invisible, many people are unaware of them and have no inkling of how to
dodge them. “It’s definitely a privacy concern,” said Cooper Quintin, a
technologist and privacy advocate for the Electronic Frontier Foundation.
“There’s no mechanism for people to opt out.”
A
basic method for thwarting some email trackers involves disabling emails from
automatically loading images, including invisible tracking pixels. But that
doesn’t defeat all trackers, which are also hiding in other places like fonts
and web links.
I
recently put a handful of free email tracking services and tracker detectors to
the test to assess whether there was a viable method for identifying and
removing the invisible snoopers. I tried the trackers and detectors on the most
popular email service, Gmail.
My
conclusions aren’t heartening. I found that the available solutions for
combating trackers were far from ideal. Some failed to ferret out many
trackers, while others required major trade-offs.
I
began by testing the email trackers themselves. One was MailTrack, which is a
plug-in for Google’s Chrome browser that can quickly insert a hidden tracking
pixel into a message. Setting it up is simple. You install the plug-in and enable
a Google mail account to use the service. After typing an email, you hit a
double check mark icon to embed the invisible tracker. When the recipient opens
the email, you receive a notification and an email alerting you that the
message has been opened.
I
also tried a better-known email marketing service, MailChimp, which includes tracking as part of
a suite of features. The service is tailored for small businesses to compose
and send email campaigns for their products. The company says its trackers can
see when specific recipients open email and also pull data on where they are
and what devices they are using.
“People
want to be spoken to as a snowflake, an individual,” Eric Muntz, MailChimp’s
vice president for product, said in an interview. “Our tools help our users
talk to their customers in a very specific way.”
In
my experiment, I was able to create an email newsletter on MailChimp in 10 minutes
with trackers embedded into the email itself, as well as inside buttons for
sharing on social media and buying an item. After I sent the newsletter to
myself, MailChimp showed when I opened the email and that I clicked on all the
buttons. It also showed that I opened the message in the United States, though
it could not pinpoint my precise location.
I
then tried two tracking detectors that aim to help people identify whether the
trackers have invaded your messages. One is called Ugly Email and
the other is Trackbuster,
a company that Mr. Seroussi founded last year after receiving the suspiciously
well-timed email from the start-up.
Ugly
Email works as a Gmail plug-in. When a tracker is detected, it shows the icon
of an eyeball in the subject line to alert you that a tracker is hidden inside
the email. The software notified me about some marketing emails containing
trackers, including trackers from MailChimp. But after I sent myself test
emails with trackers using MailTrack, Ugly Email failed to flag those.
Sonny
Tulyaganov, the web engineer who created Ugly Email, said he manually added
different email tracking pixels to a list for his detector to look for them. He
added MailTrack after I shared my test results. But Mr. Tulyaganov said Ugly
Email was a hobby project and was not a fully staffed organization with the
resources to catch every new mail tracker.
Trackbuster
was more thorough, though it also wasn’t ideal. The service, which works with
Gmail, connects with your inbox, scans all your messages for trackers in a
temporary folder and purges trackers before spitting the scrubbed messages back
into your inbox. Trackbuster also sends weekly reports on the number of emails
it found to have trackers.
In
testing the service over two weeks on my work email account, I learned that
about 280 of my 1,400 emails, or 20 percent — including many from public
relations professionals pitching me their products — contained hidden trackers.
(I deleted their emails without opening them.)
But
there is a major trade-off with Trackbuster. You have to grant the app access
to your messages. The start-up’s privacy policy says it won’t store your
emails and it won’t read them except in cases where a user requests technical
support or to comply with laws. But that is a big leap of faith for a consumer
to take, especially for a young and relatively unknown company.
What
responsibility do email providers like Alphabet’s Google have in all of this?
In a statement, Google said that for two years, it has taken steps to prevent
users from having their locations, browsers, devices or apps tracked through
emails.
For
example, when you read email on Gmail.com or the official Google Mail apps for
iPhone or Android, images are intercepted and rewritten on a server between the
sender and the recipient. That makes it impossible for the sender to receive
detailed information like the recipient’s location, device or app used.
“Since
we launched Gmail we’ve worked to make it the most secure email service
available,” the company said in a statement.
Some
privacy advocates have gotten enterprising about circumventing email trackers.
Mr. Quintin of the Electronic Frontier Foundation says he sets up his devices
to dodge the trackers in two ways. Inside Gmail.com, there is a setting that
requires Gmail to ask for your permission before displaying images in an email.
Clicking “no” to that request will prevent images, including invisible tracking
pixels, from loading.
For
another, he sets up his email apps — the desktop client Thunderbirdand
the Android app K-9 Mail — to disable HTML, the standard
web language that trackers use to ping external servers. That can prevent the
loading of other components, like fonts, that contain tracking code, according
to Mr. Quintin.
Those
two solutions combined aren’t foolproof against trackers. If you visit any web
links inside an email, chances are that they will still detect that you clicked
on them. Taking these steps also makes it likely that your emails end up
looking ugly.
I
opted to disable Trackbuster because of the sensitivity of my work emails. I
also turned off Ugly Email because it did not appear to detect many trackers.
Then I heeded some of Mr. Quintin’s advice and configured Gmail to ask for
permission before loading an image, and I also set up the iPhone’s built-in
mail app to prevent images from loading automatically.
It’s not perfect, but it was the best I could
do without ruining my email experience.
================================================================**Important note** - contact our sister company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:
www.tabularosa.net
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I
am the founder and president of Tabula
Rosa Systems, a company that provides “best of breed” products for network,
security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT
product information for virtually anyone.
==============================================
No comments:
Post a Comment