Pixel dust.
Posted on 02/17/2021 9:08:39 AM PST by Red Badger
The use of "invisible" tracking tech in emails is now "endemic", according to a messaging service that analysed its traffic at the BBC's request.
Hey's review indicated that two-thirds of emails sent to its users' personal accounts contained a "spy pixel", even after excluding for spam.
Its makers said that many of the largest brands used email pixels, with the exception of the "big tech" firms.
Defenders of the trackers say they are a commonplace marketing tactic.
And several of the companies involved noted their use of such tech was mentioned within their wider privacy policies.
Emails pixels can be used to log:
if and when an email is opened how many times it is opened what device or devices are involved the user's rough physical location, deduced from their internet protocol (IP) address - in some cases making it possible to see the street the recipient is on This information can then be used to determine the impact of a specific email campaign, as well as to feed into more detailed customer profiles.
Hey's co-founder David Heinemeier Hansson says they amount to a "grotesque invasion of privacy".
(Excerpt) Read more at bbc.com ...
Big surprise..No. Social media sites have are probably more into data mining than people realize selling that info to sites that customize advertising for a persons particular tastes.
If companies are using this for tracking, you know our gov’t is using something even more sophisticated.
Pixel dust.
I’ve had my “don’t show images” setting for decades.
If someone crafts an email that requires you to do this in order for it to be legible is a creeper (or idiot) anyway. Best to just ignore them as they are leaning more towards manipulating rather informing you.
Don’t let images show in your emails.
When you have that set properly, you have to click a button or link to allow images to be seen.
“And several of the companies involved noted their use of such tech was mentioned within their wider privacy policies.”
Nobody reads that 4 page #7 font privacy policy. They just click the button and go on.
>>I don’t get it. How does an image manage to get that information. What is the mechanism?
The ‘image’ doesn’t actually get the request, its the fact that your email client is requesting the image from a web server to download it - so without being too technical, outlook (in my case), or perhaps gmail for someone else - once the users says ‘download images’, an HTTP request is made to a web server - almost the same as if you went to a website with a browser - all http requests contain header information (i.e. ip address, browser, os version etc) and just about every website you go to logs this information.
Thanks.
Then it would seem that if you use a VPN based in Timbuktu might send these spies on a wild goose chase, no?
Its called “Steganography”
You easily can find the software to do this on-line.
It is unlikely a VPN would protect you if you downloaded a infected file.
The two are unrelated.
“It is unlikely a VPN would protect you if you downloaded a infected file.
The two are unrelated.”
True, but we were talking about pixel spies.
They will waste a lot of time and money searching the streets of Singapore for me... Even with the pixels...
No. It’s not that simple. Thanks to emails ability to embed HTML (legitimately used to include pictures while keeping the actual email small) you can put all this stuff in and your autoreply rules have no effect.
Blade Runner?.......................
Not necessarily but it works the same way. So in an email I can include a link to my corporate banner that will put a picture in the email.
Or I can include a link that has no visible payload that will tell my website you opened your email. And it can count off ticks to let me know how long you had the email opened.
The methodology is the same, so if you stop one you stop both. And if I really wanted to my thing with the banner could include the tracking.
This was previously called a web bug, and has been used by many web sites for 20 years or so.
Usually it’s a 1 pixel weblink, that does what someone else already described. It sends a web page request, along with headers and all sorts of info concerning you, your computer and surfing habits.
Most websites would use one that was a very slight shade different from their background color, making it invisible for all practical purposes. Being only one pixel it was hard to see. An off white (eggshell, for instance) dot against a white background, one pixel in size, almost invisible and rarely noticed.
At that time, 1024x768 was the most common desktop size, so you’d be trying to see one of 1024 pixels in a horizontal line, or 768 vertically. My current laptop is 1366x768, not much different, and one pixel is not easy to see. Sometimes you could see it by trying to highlight the background. Sometimes slowly moving the mouse cursor over it would briefly show the mouse cursor change to indicate a weblink. That’s easy to see with a computer, not as easy with a phone or tablet.
As some have already advised, in this case, turning off the ability to view images will probably stop it from “phoning home”. That’s what web bugs were designed to do, send all kinds of info about you to the website owner’s home server. Only now they’ve turned it into a tiny picture.
That’s not a defense.
Armed robbery is a commonplace methed of transferring wealth.
At my age, Blade Hobbler is more appropriate...🥲
You mentioned the font size in your post.
FONTs do the same thing.
A web page includes a custom font for displaying the page.
Every time someone views the webpage your browser requests the font to display the web page.
Folks who use noscript can prevent this type of spying but many web pages don’t render correctly without the custom font.
Many poorly rendered web pages will still work without a custom font but you might not see the button required to complete filling out a form.
The ‘play’ button on a vid or audio is usually done this way.
I have my email client (Thunderbird) set to not display remote content unless I specifically request it.
This should be the default for all of them. It would make this kind of crap a lot less useful.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.