Slashdot Mirror
Testing didtheyreadit.com's Mail-Tracking Claims
iosdaemon writes "didtheyreadit.com claims to be able to track your sent email: "When, exactly, your email was opened. How long your email remained opened. Where, geographically, your email was viewed. DidTheyReadIt works with every single internet provider and e-mail account, including EarthLink, AOL, NetZero, Juno, Netscape, Hotmail, Yahoo, and much more." Read on for more.
"This appears to be snake oil. I put it to test just in case someone had come up with some magical code. I sent email from a Yahoo.com account through the service, to an account on a Linux Box. Running tcpdump, I received the email from my pop and let 5 minutes pass before opening it. I left the message open with the cursor in the text for another 5 minutes. Tcpdump revealed absolutely no questionable traffic. And, the service control panel indicated the email had not been viewed. Sending email to a Yahoo.com account results in a 'read' in the service CP. But I had the message open for 10 minutes, and it indicated a 2-minute read......"
The company's "How it works" page explains the system to some degree; it involves redirecting all mail to be tracked through their servers by appending "didtheyreadit.com" to your recipient's email address. I doubt this is mutt-compatible ... Reader xrxzzy points out USAToday's article on the service as well.
All I have to do is read my mail when I'm not on line.
Nothing to see here, nothing at all.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Sounds to me like they just embed a simgle pixel gif in the message, and monitor when they recieve the request for it.
How they monitor the length of time the mail stays open is a bit of a mystery.
Turn off 'Download images' and I'd imagine their system becomes useless.
Wasn't there a scare about spam merchants doing this once?
C-x C-s C-x k
If you can't trust the service, and you obviously can't, I don't think there's a very good reason to use it. Unless it works for every single message it's no good. It is a pretty neat idea, but the tinfoil hat crowd will most likely scream and shout about their privacy being invaded.
Martin
From the 'How It Works' page: Will my recipient know that I am tagging my e-mail?
No. Not unless you want them to know.
As I suspected, they are just using a tracking image, sometimes I look at the source of messages (sad, I know), then I would know if I was being tracked. That saves me opening an account to see how they were going to do this.
I always view my email as Plain Text using Mozilla, so this wouldn't work unless I decided to switch back to HTML. I made some of these tracking images once and tried it out. I found that browsers were cacheing them, so it wouldn't always register if it was viewed in a webmail acount.
And yet they claim that there's no way the recipient can know that the message is being tracked (see their FAQ) It may not be complete snake oil, but the company is definitely lying about the service's transparency.
And they route all your mail through their servers. I wouldn't be surprised if they soon started selling "pre-confirmed" email address lists.
Does anyone else find it depressing that the entire privacy issue this service (creates? no... inflames?) hinges on the fact that 99% of Internet users probably don't know whether they're reading email as HTML or plain text?
Clearly, this service isn't being marketed to the SlashDot crowd. The very IDEA of this service reeks of "mass market", which we are not. (Though, with all the MSFT ads, we're getting closer every year. I'm just waiting until I see AOL ads on SlashDot. That'll be the day...)
Honey, I shrunk the Cygwin
Wouldn't this be a great way to harvest thousands or millions of known good email addresses?
The TOS only states that they will not store the emails -- yet their own logs will contain the email addresses. There is nothing in the TOS that explicitly prevents them from using those addresses.
The real "Libtards" are the Libertarians!
In my personal opinion, I think this might actually be a good thing. Considering the fact that didtheyreadit.com uses external images for tracking, and that they're getting a whole bunch of publicity right now (partially due to this very article), this is just another reason for email clients to block external images by default - spam apparently not being a big enough reason yet.
:)
With a bit of luck, this will make more sites and clients want to implement image blocking, which will in turn make it harder for spammers to get their messages across.
Spam is merely an annoyance to most people. Privacy issues are not.
Now whould you like to pay for an email service that doesn't even have a fallback mailserver and is likely be busy handling mail for info@didtheyreadit.com.didtheyreadit.com.didtheyr
A typical user would not know that a web bug was in place and the typical users are exactly who they're trying to get to buy into the service.
You and I might ignore their attempts, but there are a hell of a lot of people out there who would like the sales pitch, the 5 free samples/tests and spend the money to use the service. For the most part, they'll be emailing people without mutt and the service may just work (more or less) as described.
Where I would have an issue is with the small percentage of emails that they can't track due to clients forcing text only mail. If a user was to build a strong reliance on this service, they would only assume that the receiver had never even read their email when in actual fact they could've opened it in a text-only client and pored over it for days!
And the privacy issues are astounding -- they would essentially get every copy of email sent through their system -- personal information and details, etc. If you care enough about the information you're sending to want to know if the receivee will read it, then you can bet that this company may care enough about the content too...
'Thats they exact same thing a banana wrench monkey.'
I signed up for a free account. It does work, it's fast and convenient enough. But there's a major problem...
.didtheyreadit.com to any victim address, and dtri1.rampellsoft.com will relay the message to the victim. I'd say this service has a 10% chance of survival.
INSTANT OPEN RELAY.
All a spammer has to do is forge their From address (the only means of relay authentication!) and append
Guess what folks. There's no law that says you have to let a megacorp run your e-mail. With a fixed IP and a 24/7 server, you can run your own server. (Though, admittedly, it's not something a novice can make work.)
All this is is simple "web bug" HTML IMG link spying. Anyone with any kind of sense has configured their e-mail client to not automatically download remote images. Or even to not display HTML crap at all. And please don't tell me that they use Javashi^H^Hcript, because that means there's a brain-damaged popular e-mail program out there that allows it (or a webmail site that doesn't filter it). All we need is another way for e-mail to run wild code.
Is anyone else getting a flashback to the all the stupid ideas that would burn through millions of dollars in VC cash back in the dot-com bubble days?
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
No need to render it useless. The service seems pretty useless all by itself.
Beauty is in the eye of the beerholder.