« prev   random   next »

4
0

Why you should never automatically load images in email

By Patrick follow Patrick   2021 Feb 17, 12:16pm 172 views   10 comments   watch   nsfw   quote   share    


https://www.bbc.com/news/technology-56071437

The use of "invisible" tracking tech in emails is now "endemic", according to a messaging service that analysed its traffic at the BBC's request.

Hey's review indicated that two-thirds of emails sent to its users' personal accounts contained a "spy pixel", even after excluding for spam.

Its makers said that many of the largest brands used email pixels, with the exception of the "big tech" firms.

Defenders of the trackers say they are a commonplace marketing tactic.

And several of the companies involved noted their use of such tech was mentioned within their wider privacy policies.

Emails pixels can be used to log:

if and when an email is opened
how many times it is opened
what device or devices are involved
the user's rough physical location, deduced from their internet protocol (IP) address - in some cases making it possible to see the street the recipient is on
This information can then be used to determine the impact of a specific email campaign, as well as to feed into more detailed customer profiles.


Worse than that, they are used to sell information about you, specifically that you are a good target for spam because they know you open spam emails and don't have image auto-loading turned off in your email reader.

BTW, patrick.net emails have no such trackers which you should be able to verify by looking at the raw email text. On the other hand, I don't even allow valid images from my site to be displayed to email programs. That's a byproduct of some security maneuvering I did when being threatened by a copyright lawyer over an image of chicken tenders with Pepe the frog over them. I should fix that.
1   Blue   ignore (0)   2021 Feb 17, 12:23pm     ↓ dislike (0)   quote   flag      

One might also disable one more option. Email clients generally have an option to disable acknowledgemen that send back to sender upon opening the email.
2   Patrick   ignore (1)   2021 Feb 17, 12:45pm     ↓ dislike (0)   quote   flag      

Good point.
3   Tenpoundbass   ignore (15)   2021 Feb 17, 12:49pm     ↓ dislike (0)   quote   flag      

I've known about those since 2006, they used to call them "Click Pixels".
4   Blue   ignore (0)   2021 Feb 17, 1:10pm     ↓ dislike (0)   quote   flag      

I am sure most of you know, there is kind of unique id number is embedded in the image file header. That is used in many ways to track the unsuspected users who may receive/access/view/download. The java script in web page or app send a message back to one of their or partner servers.
6   Ceffer   ignore (5)   2021 Feb 17, 1:40pm     ↓ dislike (0)   quote   flag      

The Fiends! The Foul Fiends!
7   Patrick   ignore (1)   2021 Feb 18, 1:12am     ↓ dislike (0)   quote   flag      

Blue says
The java script in web page or app send a message back to one of their or partner servers.



Firewalls and Little Snitch help to block this sort of thing.
8   NuttBoxer   ignore (2)   2021 Feb 18, 12:29pm     ↓ dislike (0)   quote   flag      

protonmail blocks all images by default. Coupled with Tor no one's getting shit from me.

A big part of identifying you is capturing your screen info when you're browsers in full-screen. Never do this on your laptop monitor, or use Tor. Even with Tor, they purposely make your screen slightly smaller as this form of ID'ing is still possible.
9   Hircus   ignore (0)   2021 Feb 19, 9:55am     ↓ dislike (0)   quote   flag      

NuttBoxer says
A big part of identifying you is capturing your screen info when you're browsers in full-screen. Never do this on your laptop monitor, or use Tor. Even with Tor, they purposely make your screen slightly smaller as this form of ID'ing is still possible.


I think you might have it backwards, or I misunderstand you. The way I see it, changing your window size will significantly help them uniquely fingerprint you.

When you're full size, your dimensions are the same as tons of other people who have the same resolution + physical screen dimensions, of which there are many people with say, a 24" monitor at 1920×1080, who have their browser window maximized. Once you un-maximize, now you are a person with 24" at 1920×1080 res, but with a window size of say 1733x987, which is extremely unique. The odds that another person will have exactly the same size, to the pixel, is unlikely.

When full screen, you may go from being 1 of the 100,000 users who have that combo of dimensions, to 1 out of 5 users with the same ultra-specific 1733x987 size combo.

And of course, they use other variables in your fingerprint too, and that will narrow the group sizes down considerably.

For avoiding fingerprinting, you want to be like others, not be unique.
10   HunterTits   ignore (4)   2021 Feb 19, 12:44pm     ↓ dislike (0)   quote   flag      

ALWAYS load the images I send, tho:

HunterTits says

about   best comments   contact   one year ago   suggestions