Imagine being able to trace where your e-mail goes, and where it’s forwarded.
Imagine being able to trace where your e-mail goes, and where it’s forwarded.
Say you had a way to verify that the CEO of the Fortune 500 company you’ve been hounding for a job indeed got the resume you e-mailed him. Or that you could tell if your girlfriend lied when she denied getting your message that begged her not to go to that conference in Jamaica with her assistant who turned out to be rather hunky?
Both scenarios are possible, thanks to services that track when and where e-mail messages are read without the recipient’s knowledge. The technology has long been used by online marketers to determine who reads their spam; now it’s available to consumers as well.
Now imagine that you were the person being bugged.
“Any time such information is passed back to a sender without the recipients’ knowledge and permission, it is a violation of their privacy,” said Lauren Weinstein, co-founder of the People for Internet Responsibility. “The whole thing is predicated on people not knowing what’s going on.”
Two companies, Postel and iTraceYou rely on hidden HTML tags to determine when an e-mail is opened. Online marketers call them “pixel tags” and use them to measure the success of advertising and spam campaigns. (In fact, Wired News uses pixel tags in its HTML newsletters to compare how many are actually opened and how many are dumped into the trash.)
Privacy advocates call them Web bugs and say they are used to spy on unwitting Internet users. They are so controversial that the Congressional Privacy Caucus has announced plans to hold hearings on the issue later this month.
The e-mail tracking services are a cinch to use: You can either tack a suffix onto the recipient’s address or use a form posted on iTraceYou’s website. In order for the bug to work when the e-mail is opened, the recipient must have an HTML-enabled reader. If the recipient has text-only mail, the message points them to a URL where they pick up their e-mail and a receipt is forwarded to the sender.
These services are similar to programs in many popular e-mail clients that can alert the sender when a message has been received; the difference is that the recipient not only is alerted of the request, but can opt in or out.
Korea-based Postel has the added feature of alerting a sender whenever e-mail is forwarded, along with the date, time, e-mail address and IP of whoever else reads it.
The bug could potentially affect millions of people; according to Jupiter Media Metrix, approximately 60 percent of e-mail users have HTML-compatible readers. In Korea, the tracking system is wildly popular, said Postel founder Soobok Lee.
“We have hundreds of thousands of clients in Korea,” Lee said. “They use our service for business correspondence they want to track and to see if their mail is being read. Without our services they’d have to confirm by phone, so they saved themselves a phone call.”
Postel offers consumers 90 free traceable e-mails after they pay $10 for 600 more. The iTraceYou service is free. What do these companies get out of the deal? Advertising dollars, or in Lee’s case, wons. Banner ads are attached to the e-mail confirmation receipts. In iTraceYou’s case, users fill out a detailed survey that allows the company to offer marketers “customized e-mail-driven publicity campaigns.”
“It’s a new level of snoopiness,” said Richard Smith, chief technology officer at the Privacy Foundation. “It’s almost like caller I.D. for e-mail.”
The bug is one step away from wire-tapping, Smith contends. And because Postel is located in Korea, it falls under the radar of U.S. privacy laws.
“It doesn’t require too much more code than what they’ve already done,” he said. “The problem is that the Internet is global, (and) laws are national.”
Although there’s software to block everything from cookies to ads, none detect Web bugs, said Woodrow Mosqueda, a spokesman for McAfee.
“That’s probably something the industry as a whole will have to look at,” he added.
The only way to find a Web bug is to search a Web page’s source code for image tags that link to separate URLs.
The easiest way to secure your inbox against snoops and spammers is to use a text e-mail reader, said People for Internet Responsibility’s Weinstein.
“It’s a no-brainer,” he added.
Author: Julia Scheeres
News Service: Wired News
URL: http://www.wired.com/news/technology/0,1282,41686,00.html
Leave a Reply