E-Mail Tracking

Good article on the history and practice of e-mail tracking:

The tech is pretty simple. Tracking clients embed a line of code in the body of an email­ -- usually in a 1x1 pixel image, so tiny it's invisible, but also in elements like hyperlinks and custom fonts. When a recipient opens the email, the tracking client recognizes that pixel has been downloaded, as well as where and on what device. Newsletter services, marketers, and advertisers have used the technique for years, to collect data about their open rates; major tech companies like Facebook and Twitter followed suit in their ongoing quest to profile and predict our behavior online.

But lately, a surprising­ -- and growing­ -- number of tracked emails are being sent not from corporations, but acquaintances. "We have been in touch with users that were tracked by their spouses, business partners, competitors," says Florian Seroussi, the founder of OMC. "It's the wild, wild west out there."

According to OMC's data, a full 19 percent of all "conversational" email is now tracked. That's one in five of the emails you get from your friends. And you probably never noticed.

I admit it's enticing. I would very much like the statistics that adding trackers to Crypto-Gram would give me. But I still don't do it.

Posted on December 13, 2017 at 6:14 AM • 47 Comments

Comments

teoDecember 13, 2017 6:42 AM

not sure if fully relevant but here is an analysis of hacking team leaked emails.
https://labs.rs/en/metadata/
look how much they have found by watching only metadata.
-they have found when someone went on holiday
-who was late at work
-who is the boss and who is top position workers.
-that there was many agents one for continent/zone
-much more

while for the schneier article:
aren't images and remote content blocked by default since long time?
some are also proxying the images so that you can watch them without leaks.

jimDecember 13, 2017 6:48 AM

That's ok and I'd probably answer any of your questions, but unless my client processes html when I tell it text only, you probably won't get a response from me. I guess this should prompt me to investigate what my email client (Thunderbird) actually does.

AussieDanDecember 13, 2017 7:01 AM

If you disallow remote content in messages then Thunderbird won't request the assets that are used for tracking. Combine that with default text-only view and it does a pretty good job of opting out of tracking.

StephanDecember 13, 2017 7:03 AM

As AussieDan said:

Set TB to text only, I have an additonal html temp plugin that allows me to easily switch if I wanted (I rarely need this).

I still fail to see the point of html emails though.

RogerBWDecember 13, 2017 7:46 AM

I see the same attitude now that I saw with third-party web bugs a few years ago: 1x1 gif, evil nasty spyware! A custom font served by Google, or a Disqus comment box, that track you from site to site, oh we're just fine with that.

I read email in mutt. I don't seem to miss much actual content.

Gord BrownDecember 13, 2017 8:13 AM

If we can't trust you, Bruce, not to track us, then we can't trust anybody at all. ;)

225December 13, 2017 8:31 AM

@Gord Brown hopefully he wouldn't want that toxic asset data, you could make the last traceable jump or your home address the EICAR string for laughs.

TRXDecember 13, 2017 11:12 AM

> I would very much like the statistics that adding trackers to Crypto-Gram would give me.

What would that information be, and how could you make use of it?

Clive RobinsonDecember 13, 2017 2:23 PM

And people wonder why I stoped doing email quite a while ago.

In the US you have to watch out for the second and third party doctrines. That is if I send you a communication that has the ability for you to reply which nearly all email does by default in the "open metadata" then you have in effect given permission for not just the second party but a viewing third party as well (the old "business records" chestnut again).

But the problem is actually fundamentally deeper and goes back socially to the 1950s/60s.

Back them society still worked by and large on the "village model" that is you lived in amongst your friends and family and had done for life. Thus the people around you knew all about you either directly or through gossip. You had a reputation from birth that was almost impossible to shake off.

The 1960's were seen as a time of freedom not just in the "hippy sense" but in the social sense. People were leaving the confines of their social village the large number of jobs available with few questions asked enabled people to "walk away" from their problems with few of the difficulties previous generations had.

From the 60's through the early 90's was an almost "golden age" where you could be just about any body you cared to be or within reason cared to go[1]. The hard part untill the 80's was actually getting a bank account.

Since the 90's however the world has been "closing in" on people again. Various people do not like the idea of "unaccounted for citizens" and it's not because of Serious Crime and Terrorism. No it's "Tax Evasion" and the US Gov is the worst offender at this. Other countries have since realised the benifit.

Put simply variois "entities" do not pay the tax they should do, but they can pay off legislators to make their non payment legal. This has moved down the legal entity structure to even quite small companies in various ways. The problem is the Government sees a significantly shrinking tax base with which the encumbrants can use to buy votes and obtain funds both for campaigning but also for personal uses.

The solution has been to trade one form of revenue raising legislation for another. That is high end and personal taxes for low end fines.

The problem is thay with a very open society walking away from fines can be fairly trivial. As people are finding out from the various forms of identity theft, as long as the authorities have a warm body to squeeze for cash, they care not if it's the right body. It falls to you as an individual to be able to prove beyond the authorities far from impartial doubt that you are not the warm body responsible for the crime.

So in effect we are moving back into a village level of non privacy, the difference being that as in the 60's TV show called "The Prisoner" you can not see who knows what about you, and if it is true or not.

From the Governments point of view forcing people to use electronic communications has two big benifits. The first is it is as good as hanging one of those "home prisoner anklets" on you. The second is it makes you do their job for them with you filling in the data therefore you assume liability (thus fines). You see this especially with the "Tax Collectors" who now are starting to reject paper records for electronic filling, with you taking full responsability for their IT cockups etc or criminals pretending to be you. Either way you get to pay, and they now know where you are...

The fact that private data collectors see money in such data makes things considerably worse, as their lack of responsability makes the lives of data thieves easier.

I can see the upshot very soon being a universal "benift card" where the Government and Corps enjoy the benifit of your new "data subject" incarceration. It's carrying will be come in effect mandatory as you will have to prove your ID for shopping and travel etc on the excuse of "age to buy" and the now old "terrorist prevention" chestnuts.

The fact that eID is a bad idea as many places not just Estonia have shown in many will not stop this happening. For instance it's been tried to be put in place in the UK a couple of times but so far minority parties and serious preasure from various groups has made it more trouble than it's worth in "bungs and brown envelopes". However the UK London Met Police realize that the "ZIP card" that 11-18 year olds get issued for free travel are almost as good as an eID, likewise the now required photo ID for higher value transport tickets.

At some point after an eID is issued carrying will become mandatory and not doing so will be fined, which will rise to about 1/12th of the average income... They will check for this by putting RFIDs in the cards and readers in those "portable metal detectors" that are becomming more common. Thus they will also make the sheilding of the cards likewise a finable crime. Unless of course some idiot in government makes eID part of the mobile phone specification say as an idSIM, in which case removing the battery or not charging it will become a chargable fine as well with the phone networks telling the Government who's phone is not registerd with the network at any point in time, or it's to still so not actually on the person etc...

But it will get worse in other ways. As most here now know or are realising smartphones are in no way secure and any security apps on them can be easily dealt with by an end run attack in the OS etc by getting at the plaintext User Interface. What people are still thinking is PC/Pad and a Smartphone, they are not thinking Smartphone as a PC/PAD, which is what the next generation of Xmas and Business goodies will become,

https://www.wired.com/story/qualcomm-building-pcs-out-of-smartphone-parts/

It's an area Microsoft are desperate to get in on with Win10 especially if it's an ARM or other non x86 processor. Because their "bulk OS licence" for hardware manufactures means that they can lock up a non x86 platform tighter than Google does with Android and you will not be alowed to root it to remove telemetry and cloud activities... So that the authorities will not even have to say "Papers Please" they will just quietly look when ever they want...

[1] Various loop holes in birth certificate and passport rules enabled you to take on an identity that was real. Likewise social security payments worked on the idea that if you paid it but without a number they simply issued you a new number.

hmmDecember 13, 2017 3:06 PM

Always disable HTML and external images in email and selectively allow it.

It would be nice if there was an email provider that would strip out this junk by default.

I don't want to download a message only to find out it's tracking bs, I want that info before access.

Impossibly StupidDecember 13, 2017 3:38 PM

What modern email clients actually default to loading external content? I can't think of a single one I've used in the last 5 years that has such a poor approach to security.

SheilaDecember 13, 2017 3:44 PM

For all its security bruhaha, Protonmail only now added a plaintext option solely for composing.

echoDecember 13, 2017 3:45 PM

One of the pluses about countries with a clearly codified constitition is it is more visible. One of the worrying things about Brexit is the supreme court case about empowering parliament was a very good lesson in UK constititional law which essentially is the state is a feudal entity with power to choose who is on the inside or outside of the castle and prioritise itself when resources are scarce. UK constititional lawyers also seem not always to be the unbiased enlightened experts they claim to be and almost exclusively hide behind academic walls and rarely if ever publish in high profile publicly accessible media. State authority is is based on a tug of war between the judicial and executive with parliamentary representation being subject to the same tug of war politics with the people.

If leadership colours the environment being circumspect about mechanisms like email tracking helps put a brake on arbitrary abuse of power and keeps open the opportunity for groups to prevent being coerced into self-reinforcing arbitrary leadership?

With respect to email tracking and related issues is it possible to define a formal model such as an object syle stack of increasing complexity and permissions to hone in on a technical argument which can be used to create a popular narrative?

Can tools such as virus checkers/email scanners be used to enforce this model?

Excuse my daft question - is it possible to create an open standard open source shell for a computers userland which operates at a higher level permission level than the bios/system stack and make this the default standard rather than present attempts by hardware and OS vendors to own the end points?

hmmDecember 13, 2017 4:56 PM

"Can tools such as virus checkers/email scanners be used to enforce this model?"

At ISP/mailserver level, otherwise it's too late.

Sancho_PDecember 13, 2017 5:53 PM

”I would very much like the statistics that adding trackers …” (@Bruce)

I think curiosity, as for the Crypto-Gram statistics, is only one driving factor for the desire of feedback, and it is the very least valuable one:
The gathered “intelligence”, as in broad surveillance, is too noisy to be of value. It’s overwhelming, and no one has the time to investigate.
Even in bulk it is worthless, 1k data points aren’t worth a single ice cream, try it.
If you really want to know (um, what?) better address your comm partner personally.
Btw. all serious recipients would have external content disabled at first.
This is a good example why social work needs real humans.

Anyway, there is only one but basic serious flaw with email:
The sender can’t be sure the message made it to the target’s Inbox [1].

Some mails vanish, others are blocked or diverted by spam filters. This happens to email because email is an old, established and abused technique. Our “modern” comm possibilities will be there in a couple of months.

[1]
It doesn’t matter when or where they read it, it would be important if they understood it, but only their personal reaction could tell.
The “was it delivered?” can be answered by filter rules in context with the contact list if the recipient is willing.
At the core of email’s beauty is the simple command interface, a telnet client is all you’d need.

echoDecember 13, 2017 6:05 PM

@hmmm I meant in a way which essentially creates an endpoint with the rulesets in code providing an equivalent for human rights and privacy needs. By working through the stack of technical issues I surmised that certain kinds of behaviour by emails could essentially be a withdrawal of consent and a communication to third parties. Perhaps if implemented carefully there could be some form of graceful fallback mechanism?

If this kind of tool took off then much like present virus and email scanners it would provide not just a solution to technical security breaches but also more abstract breaches which may not be properly be covered by corproate governance guidelines and simialr expectations.

@sancho Perhaps a rethinking of protocols and enforcement tools might open up questions about email receipts which itself is a security issue of its own?

PeanutButterJellyTimeDecember 13, 2017 6:06 PM


We need some way of sandboxing email clients so they can only communicate with the provider email server and other specifically authorized sites. Text only is fine, but it doesn't always do the job for business use. We are getting to the point where every application needs a whitelist of allowed internet connections, too bad nobody really wants users to have that control.

Sancho_PDecember 13, 2017 6:10 PM

@Clive Robinson, re permission for third party (sorry, my pet)

”That is if I send you a communication that has the ability for you to reply which nearly all email does by default in the "open metadata" then you have in effect given permission for not just the second party but a viewing third party as well (the old "business records" chestnut again).”

The permission, or your consent, as they think, is given automatically when using someone else (or something not in your sole possession) to deliver a message. It doesn’t depend on a sender or recipient address, everything (in metadata) would be fair game.

I’m not sure if the TPD would allow to distinct between gov access and business access.
I’m afraid basically a service provider could sell a customer’s metadata, say, all metadata of emails between @Bruce and Russian entities, to a news agency.
AFAIK what holds them back is their (not our) legal small print.

Rex RollmanDecember 13, 2017 6:20 PM

> Always disable HTML and external images in email and selectively allow it.

What about fonts? Do modern mail clients try to pull in fonts for HTML mail even if you have images turned off?

Sancho_PDecember 13, 2017 6:28 PM

@echo, (Rex Rollman)

I did not understand your “this model”, but re higher level permissions than “bios/system stack” this is not feasible, all “permissions” are granted by the underlying hardware. If you don’t own the hardware you are the slave, not the master.

Two remarks re your “protocols and enforcement tools” post:

First, be careful to address someone at the end of a posting, as it would be missed if the person (like me) usually only checks the latest 100 and searches for the nick.

Second, again I may not fully understand. Protocols (POP, IMAP, SMTP) are very simple and text only. You have all possibilities like only check for sender and topic without downloading the email from the provider. Receiving at the provider would not trigger any tracking action, so it’s completely innocent.

The devil is at our (modern and comfortable, yes, fonts loading) email clients with bells and whistles, very similar to our browsing spy-software, only that email is really simple compared to the needs of a webbrowser.

JonKnowsNothingDecember 13, 2017 10:30 PM

These 1x1 pixel/hidden trackers are pretty much everywhere.

iirc a while back, some Big Name Co was found out to be opening the emails passed through their systems for selective target advertising: eg reading your mail.

I think this is still a "common" practice.

So even if you don't open your own emails, THEY will do it for you.

Also, iirc another Big Name Co providing backend services was opening the data packets and inserting their own tracking sets independent of the ones actually in the original email. Some of those were extracted when the items were delivered to the mailbox/browser.

email is not secure at all regardless of where it originates because the entire stream is vulnerable. With encryption being popularized as the New Bad Word and providers of services are/will be making more off of you because they read your mail first.

Even if we had decent encryption when you sign up for services you waive all rights to the contents and metadata.

I'm not sure how email virus scanners work. They must be Looking AtCHu Too.

justina colmenaDecember 14, 2017 12:28 AM

The best defense, again, is either to use text-only e-mail or to choose, "Do not load external images," which is possible in certainly next to all modern e-mail clients.

Otherwise it is a Hobson's choice. If you want html-style e-mail with custom fonts and images, then any images either must be included as attachments in the e-mail, or they are stock images which the client is instructed to load from a server somewhere

<img src="..." alt="..."/> ...

If the images are attached, then they considerably bulk up a mass e-mail, which is undesirable from a point of view of efficiency, because most people rarely read *all* promotional e-mail in their in-box.

If the images are stock, and loaded from an external server, then of course they may be tracked when they are loaded from that server.

I would most naturally assume that a 1x1 pixel image is most likely intended to be resized with a given width and height to an arbitrary rectangle of a particular color on the html canvas of the displayed e-mail.

Most html e-mails load so many images that a 1x1 pixel is scarcely remarkable or more likely to be tracked than the other images that are loaded.

There are three choices:

  1. text only (with fonts)
  2. attached images only
  3. load external images

The third of these is trackable.

Pavin JosephDecember 14, 2017 5:00 AM

This is a growing concern for ESPs. Lately, its not just email marketers who use tracking pixels but normal businesses as well and that's a problem because we can't accurately differentiate b/w the two.

SteveDecember 14, 2017 8:09 AM

As a Linux user, there are two answers, both of which I use:

1) Use Thunderbird and block remote content.

2) Go "old school" and read your mail with a command line mail reader like good old BSD mailx. HTML? What's that?

Virtually all of the mail I get (and I admit I may be an extreme outlier) is just text anyhow, so using a "fancy" (for small values of fancy) mail interface like even Thunderbird, is overkill. And there's an added bonus with mailx that I see all the headers automatically and by default, not just subject lines and "To" and "From" addresses.

Any email that requires elaborate HTML markup is probably an ad or junk anyway.

AnuraDecember 14, 2017 9:13 AM

@Steve

I suggest setting "View -> Message Body As" to "Plain Text". This works for most of the emails I get, and almost all emails that I actually need to read. Most HTML emails are sent with a text-only alternative.

JardaDecember 14, 2017 11:10 AM

Therefore a decent e-mail client doesn't download external images by default and doesn't open whichever link in the mail and paranoid user doesn't either. And a good mailer would preferably do only text and no html crap.

Who?December 14, 2017 11:19 AM

The key issue here is HTML-based email. Semantic markup techniques, like the ones used by microformats, is enough. There is no way a tool will succesfully avoid risks derived from HTML-based email, configuring our clients to not displaying embedded images is not enough.

We should return to something similar to RAND MH as mail user agent and removing any trace of HTML code from our mailboxes. Until then, any protection against email tracking will be a wonderful but useless academic exercise.

SteveDecember 14, 2017 12:19 PM

@Anura:

I do what you suggest (set to "Plain Text") as well in Thunderbird.

I use mailx mostly for convenience and out of thirty years of ingrained habit. I "live" mostly in the xterm-based "command line" world and it's easier and faster to read mail there, rather than to have to click on a menu or taskbar item.

Since I prefer to edit my outgoing mail in emacs rather than use the funky editor in Thunderbird, mailx really suits me just fine. (Yes, I know emacs can read mail but I've tried it and never really liked it.)

Again, I know I'm an outlier and a dinosaur to boot but I'm happy with that fact.

h4ndDecember 14, 2017 12:55 PM

@Bruce: You could put a "click here to tell me about how you read this letter (uses tracking)". Not complete data, but consensual, and probably useful to you.

echoDecember 14, 2017 1:45 PM

I use Thunderbird and set my default to text only and don't download images. People raise concerns about HTML email but I believe it naturally folloow that the next class on is only allow local content. This would both enable richer content without the secuirty concerns of tracking. Further classes based on permissions and whitelisting are also possible.

This is somewhat orthogonal to the top but I have noticed within large organisations (especially healthcare and legal) is staff attempting to own the endpoint even where the strict rules of the system, such as policy and professional standards, disallow this.

I have accumulated evidence and have citations covering media where both inadeuqacy and deliberate and persistent failure to acknowledge issues affects a significant number of third parties which beggars the question: Is it possible to codify the security model in a simple way so citizens can be more empowered, or has this already done and how can it be translated from a general security context to something citizens can use when interacting with organisations?

Petre PeterDecember 14, 2017 2:07 PM

Remember! Even if i secure my email, i have no guarantee that my recipients will. Clicking on a link it’s part of the link’s functionality; i do not want to read the link, i want to click on it because that’s what links are for. If i have to read all the url encoding before clicking on links, i am not using email, i am misusing it.

markDecember 14, 2017 2:59 PM


STOP USING HTML EMAIL!!!!!!!!!!!!!!!!!!!!! Turn it *off*. Set for reply in plain text only.

Which, of course, kills 90% of spam and phishing, when you see, say, "IRS.gov" and the link is in Brazil, and not .gov....

Clive RobinsonDecember 14, 2017 4:13 PM

@ Mark,

STOP USING HTML EMAIL!!!!!!!!!!!!!!!!!!!!! Turn it *off*.

Some years ago I said the same thing in a similar way about JavaScript, I was more or less told I was being a little paranoid...

Now if you look at another thred here you will see others taking my viewpoint on JavaScript...

I've taken the choice to ditch EMail in my personal life, whilst I don't expect others to do that yet, I suspect in a year or so HTML mail will get universaly bounced, and a year or so after that EMail to have passed into major decline.

So hang on in there for now, just keep saying it gently and it will drip by drip soak in.

The question of course arises what to do about the EMail replacments we know they are insecure at best. But as has been said "Lifes journey begins and progresses one step at a time".

echoDecember 14, 2017 5:04 PM

I disagree with the mainstream position because there is nothing stopping a new security model being designed which is a subset or tweak of the bigger implemention. Similar arguments have been made about C/C++ being a security nightmare (which it is) or too bloated to change (which it is) or handwringing over supporting legacy code and refactoring compilers (both of which are a none issue). Similar arguments have been made with respect to HTML standards.

I proposed a model for critique and wondering why this has gone down like a lead balloon.

Much like voice systems (such as SIP) or email alternatives (such as Signal) the biggest problem is open standardsand getting friends and colleagues to use the implementation which leads to another question:

By approaching the general problem is a relaxed way is it possible to create a new standard which might be integrated with minimal fuss within existing well known platforms which will accelerate uptake and universaility?

Sancho_PDecember 14, 2017 5:56 PM

@echo

The very first problem with new standards is compatibility.
If it’s not compatible it will go nowhere, if it is, it’s obsolete (because no one cares).

echoDecember 14, 2017 6:09 PM

@Sancho I have addressed all these concerns in my proposal and follow up. The only barrier is office politics. Case in point the OpenGL standard managed to navigate as close as it gets issues with industry acceptance and compatibility with relative ease so it can be done.

Grumpy FahnenschwingerDecember 15, 2017 9:32 AM

I got a question re e-mail tracking. Perhaps someone from the community has got a "zielfuehrende" (as they nowadays in German would say) response, i.e. a real response, rather than some banter. I know that 30 years ago everything was better. In may day, cigarette smoking was 'fashionable', 'grass' was mown, 'coke' was kept in the coalhouse, a 'joint' was a piece of meat you ate on Sundays and 'pot' was something you cooked in.

Back to the question: Let us assume I get an e-mail from a business partner. That business partner will use - just for this specific e-mail (for argument's sake) - an e-mail tracking service.

Will that business partner also obtain correct details about my location and OS if I read the e-mail over TOR (using webmail, obviously, and Windows OS) or would he - in that case - get incorrect details (location / OS)?

Thanks in advance for your responses.

I just noticed that a software vendor from which I purchase software has changed its online shop and also uses some kind of e-mail tracking. It is all nice and good but it renders printing of the e-mails more tedious; I have to use "Print Friendly" for the e-mail text and paste the sender details into Word. Then I can merge the two PDFs into one. Bad. Very bad.

In addition, I would not use such a tracking service since it would affect my privacy. Some of the traffic would run via that tracking service (at least the metadata) and that is not what I want.

@ teo: Yes, your post is highly relevant (HT e-mail metadata). After having done some search on your indicated website - as a taxpayer of the Canton on Zurich - my blood pressure increased again. Just to remember: Two id**** from the police of that county / canton have sunk at least $500k for (unauthorized purchase) HT software [Galileo] that they used twice only. Without any warrant, BTW. So, yes, very interesting post. It showed some more strange connections and led to an interesting presentation I found on internet.

bttbDecember 15, 2017 10:13 AM

Regarding e-mail tracking, on a plain vanilla iOS device, with no additional installed Apps, what can be done besides: a) not loading remote images in Mail and b) disabling JavaScript in Safari.

What could be done with iOS devices using other installed Apps or techniques?

Sancho_PDecember 15, 2017 4:46 PM

@Grumpy, bttb

I think your questions are going somehow off the track (sorry for the not “zielfuerende” answer).
The original topic is regarding tracking possibilities hidden in emails, like external references, that are revealing information the user is not aware of.
The email itself is innocent in this regard.

An email is a bunch of characters, delivered at first to your email provider, let’s imagine into a folder, ready for your access. The ‘tracking function’ (this topic) is waiting there within the characters, but can/does not fire (and is not intended to do so).

It’s your access to the email account that could probably trigger the leak by interpreting the characters / code.

- Email client: Depends on the client and settings (and bugs).
- Web interface: Depends on the used web interface plus browser (and bugs).
- Download: A plain download (e.g. by telnet or a simple embedded device) using POP or IMAP protocol will not trigger any hidden function [1], but probably the email content can’t be read by a simple text editor.
(HTML emails also “should” always have a readable text part, but some sending apps omit it nowadays.)
Take care when using e.g. a browser to read it!

Obviously the used OS+version is also part of the game (it determines the possibilities + bugs), and using Tor can at least reveal time and your using Tor (+ bugs).
Some providers may not allow web access to the account by Tor.
Could the browser use Tor and not-Tor connections simultaneously?
(The tracking function would run on your machine, not at the provider!)

The basic line is:
Using complex + opaque systems increases the likelihood of problems.

[1]
Of course the provider logs your activity, and some of their special customers know, but the average sender will never learn about such an access.

VinnyGDecember 17, 2017 2:51 PM

This may diverge from the main thrust of this vuln discussion, but for whatever counterpoint value it has, I experimented with ReadNotify and WhoReadMe (need to be careful with capitalization on that one :) last Summer. The purpose was to try to determine whether emails going to potential reunion attendees had been read or possibly routed to mail client spam folders. The results of my limited experiment, using only Yahoo, GMail, and AOL addresses in web client mode was that neither tracking service provided any reliable indication of client message open or read behavior. YMWV.

-VinnyG

bttbDecember 18, 2017 1:31 PM

@Sancho_P

Thanks for the feedback. I guess I'll stick with the iOS Mail app among other things. You wrote

"Could the browser use Tor and not-Tor connections simultaneously?"

I think Tails claims something like this shouldn't happen with Tails, with exception(s) like the Unsafe Browser. For example,

"use the Internet anonymously and circumvent censorship; all connections to the Internet are forced to go through the Tor network;"
https://tails.boum.org/


@VinnyG

Interesting feedback

Maybe I'll skim the article at the top of this thread again sometime.

Neil in ChicagoDecember 19, 2017 1:00 AM

It would be a very cheap experiment to post a button asking for some personal info, or even a couple with different sized data sets returned. See what you get. I assume you have data like page hit counts, by hour and country, and the usual stuff.
You can rely on your fan base to reassure itself that nothing else is being returned!

ShawnJanuary 1, 2018 7:11 AM

What about server-side deleting of those 1x1pixel trackers?… All my incoming mails reach me by passing through my own Ubuntu server.

Has anyone seen a server-side script that I could use to strip those parts?… and/or reveal them by appending my own meta header tag to flag that the tracker was noticed?

JonKnowsNothingJanuary 1, 2018 9:21 AM

@Shawn

What about server-side deleting of those 1x1pixel trackers? All my incoming mails reach me by passing through my own Ubuntu server.

For the most part, people do not have their own email servers. While you can strip these trackers provided you can find them, most people cannot. These trackers are not just in email, they are embedded in nearly every webpage, application on the internet.

Additionally, these sorts of trackers are embedded on the fly, like a virus: "if not there, then put me there" as the communication goes thru the rest of the system.

How do you find the tracker when it is inside a second image? Image tagging is now the Big Thing and what is a "tag/hash"? Nothing less than another tracker.

If you look at the code/source for many pages you will see how hard it is to find them before they hit your containment system. And HTML5 is making some of this even nastier.

Parsing text, obj, exe files have their own challenges.

Rather than hunt for an image, find the SOURCE and block that. Unfortunately, nearly everything on the net passes through one or more of these sources.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.