Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Email Open Tracking Quietly Took Over the Web (wired.com)

Posted by msmash on from the what's-happening dept.

Brian Merchant, writing for Wired: There are some 269 billion emails sent and received daily. That's roughly 35 emails for every person on the planet, every day. Over 40 percent of those emails are tracked, according to a study published last June by OMC, an "email intelligence" company that also builds anti-tracking tools. The tech is pretty simple. Tracking clients embed a line of code in the body of an email -- usually in a 1x1 pixel image, so tiny it's invisible, but also in elements like hyperlinks and custom fonts. When a recipient opens the email, the tracking client recognizes that pixel has been downloaded, as well as where and on what device. Newsletter services, marketers, and advertisers have used the technique for years, to collect data about their open rates; major tech companies like Facebook and Twitter followed suit in their ongoing quest to profile and predict our behavior online. But lately, a surprising -- and growing -- number of tracked emails are being sent not from corporations, but acquaintances. "We have been in touch with users that were tracked by their spouses, business partners, competitors," says Florian Seroussi, the founder of OMC. "It's the wild, wild west out there." According to OMC's data, a full 19 percent of all "conversational" email is now tracked. That's one in five of the emails you get from your friends. And you probably never noticed.

116 comments

  1. "enable loading of remote content" by v1 · · Score: 4, Informative

    just uncheck this in your email reader. done.

    then if you need to see the images they embed, click the "load remote content" button in the viewing window when you open it.

    I actually got a surprise recently, an email from a vendor saying "you haven't engaged with any of our recent emails, here's a 10% off coupon for your next purchase". Well, we know what they mean by "engaged", don't we? :)

    --
    I work for the Department of Redundancy Department.
    1. Re:"enable loading of remote content" by Anonymous Coward · · Score: 0

      Many mail readers are configured to block remote content loading by default.

      Which, really, is the only sane default.

    2. Re:"enable loading of remote content" by ShanghaiBill · · Score: 1

      just uncheck this in your email reader. done.

      It is possible that you don't even need to do that. Some email clients do not read remote content by default.

      Gmail used to do that. But they changed their policy in 2013, around the same time they dropped their "Don't be evil" motto.

    3. Re:"enable loading of remote content" by fahrbot-bot · · Score: 2

      just uncheck this in your email reader. done.

      then if you need to see the images they embed, click the "load remote content" button in the viewing window when you open it.

      But, better yet, if using an email client, like Thunderbird, read your mail as plain text. This cuts out a LOT of crap.
      [ Thunderbird: View -> Message Body As -> Plain Text ]

      But your recommendation is a good default setting for those cases where the email is all HTML (sigh).

      --
      It must have been something you assimilated. . . .
    4. Re:"enable loading of remote content" by Z00L00K · · Score: 2

      And Thunderbird also blocks remote content by default to protect your privacy.

      I wouldn't say that Thunderbird is immune to this kind of tracking, but it's at least pretty good. Unless you use command line mail clients like elm.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    5. Re:"enable loading of remote content" by klubar · · Score: 4, Informative

      Gmail rewrites your img tags to point to a google server. This is done to speed up emails (the images are loaded off a google server) and to cache the images (if multiple emails download the same image, google only needs to fetch the image once). Google also claims to check the images to make sure they don't contain an malicious code.

      In this case, it looks like every email is read (as the images are always downloaded). The browser string also reports as google, and the IP address of the download is also a google IP address. Not very useful for tracking.

      Many corporate email systems use something like Barracuda which also downloads the images and re-writes the image tag. When you look the reader's IP address, you'll see it's one of barracuda's servers. Barracuda also check all the hyperlinks to make sure that they don't point to malicious sites. They also rewrites on the email links, so they are checked in real time when the recipient clicks on them. (The links are turned into a Barracuda link, then Barracuda checks the link at the time the user clicks on it to make sure it is still not malicious. If it's ok, the Barracuda link does a http redirect.

      Open rates pretty much a bogus statistic these days, although we still talk about them. Between Barracuda- and Google-like approaches, if someone tells you they didn't read your email, they may be telling the truth.

    6. Re:"enable loading of remote content" by klubar · · Score: 1

      For as much as everyone knocks Outlook as an email client, not download images has been the default since at list O2003 (and I think O'97). This may be the origin of Marketing's reported open (read) rates.

    7. Re:"enable loading of remote content" by Anonymous Coward · · Score: 2, Interesting

      I was surprised by an overdue credit card bill. I had email bill alerts enabled but when I logged in they had been inexplicably turned off. I called support and they said since I didn't read any of my alert emails they disabled them (read: I have remote content loading disabled so their trackers didn't load).

      CapitalOne, they are run by pieces of HUMAN GARBAGE.

    8. Re:"enable loading of remote content" by Anonymous Coward · · Score: 0

      Email tracking has become possible again because people read email in mobile apps and web browers, not dedicated desktop email readers. Practically all email apps can be tricked into sending out a beacon for opened emails in some way. Simple tracking pixels may not work for all, but there are other HTML tricks that can be used (even without Javascript) to make the email reader reach out to a server. Many web email readers also don't filter HTML emails properly. As people warned decades ago, HTML email should have been taken behind the shed and shot. Marketers keep winning because people keep being dumbasses with a shiny fixation.

    9. Re:"enable loading of remote content" by Anonymous Coward · · Score: 0

      "just uncheck this in your email reader. done."

      Translation: just do and the problem is solved.

      Further translation: this does not affect me, so what's the problem.

      Again, even further: other Slashdot users, look at me, I can easily solve this problem with my great knowledge, please up-vote this. I'm great.

      Yes, congratulations, you got your +5 score.
      Yet another IT privacy problem solved.

    10. Re:"enable loading of remote content" by Anonymous Coward · · Score: 0

      Slashdot removed the bit between < and >

      Should say
      Translation: just do <thing only nerds know exists> and the problem is solved.

      But I'm sure you already got the point.

    11. Re:"enable loading of remote content" by JoePete · · Score: 1

      I don't think Google does this out of the goodness of their heart. This basically allows them to intercept all marketing email and then perform their own analytics on it, denying the opportunity for the original marketers to do it. Google, like Facebook, and every other absurdly valued "tech" company out there, is in the business of data collection. When it comes to invasion of privacy, they are far more the disease than the cure.

    12. Re:"enable loading of remote content" by cayenne8 · · Score: 1

      I just send and receive text emails....no html.

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    13. Re:"enable loading of remote content" by Anonymous Coward · · Score: 0

      It's bitztream the autism-hating, custom EpiPen-hating, Musk-hating, Qualcomm-hating, Firefox tabs-hating, Slashdot editors-hating Slashdot troll!

    14. Re:"enable loading of remote content" by Anonymous Coward · · Score: 0

      Now if only we could get them to not hide sender email addresses, users might actually have a prayer of identifying spoofed emails. It's shameful that you just about have to open the headers to find out where an email is from.

    15. Re:"enable loading of remote content" by mrbester · · Score: 1

      Still by default for me. Unless I want to see any images, I don't see any images.

      --
      "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
    16. Re:"enable loading of remote content" by Anonymous Coward · · Score: 0

      Now if only we could get them to not hide sender email addresses, users might actually have a prayer of identifying spoofed emails. It's shameful that you just about have to open the headers to find out where an email is from.

      Well of course. According to Microsoft (as inferred by their defaults and their design decisions over the years), users are just plain too stupid to want such things and would only be confused by them. So they are hidden by default unless special effort is made to view them.

      Just like the extension (such as .exe) would only confuse the poor hapless users. Remember what fun that was? Maliciousfile.jpg.exe was a popular way to distribute trojans. Microsoft FTW!

    17. Re:"enable loading of remote content" by VernonNemitz · · Score: 1

      My email client is set to disallow the running of JavaScript. I'm sure that if I'm mistaken, that that prevents the active content of an email from getting acted-upon, folks here will be glad to correct me of that error.

    18. Re:"enable loading of remote content" by TheCarp · · Score: 1

      There is an even more sane default.... to only support text.

      HTML doesn't belong in email; images should be attached to be downloaded and viewed in another application.

      Simple, and has worked flawlessly for me since the 1990s. Formatting isn't content, not having it is no loss at all.

      --
      "I opened my eyes, and everything went dark again"
    19. Re:"enable loading of remote content" by Cederic · · Score: 4, Informative

      If someone sends you a HTML format email that includes a simple image tag referencing a server hosted image then you can be tracked unless you disable third party images.

      No javascript required.

    20. Re:"enable loading of remote content" by anegg · · Score: 1

      Exactly - don't load remote content automatically. And when you get an e-mail that is essentially blank because its all remote code/images, you just delete it. All of the "campaign" e-mail sites (e.g. MailChimp) that I am familiar with automatically embed tracking in the messages that they send, so I'm not surprised at the amount of tracking going on. Whether or not that tracking is a prime requirement of the sender (or even actually monitored), or just came along with the mailing function, is not clear in all cases.

    21. Re:"enable loading of remote content" by anegg · · Score: 3, Funny

      I'm not sure anyone using "gmail" as their primary e-mail service is very worried about "tracking."

    22. Re:"enable loading of remote content" by epine · · Score: 3, Interesting

      I'm not sure anyone using "gmail" as their primary e-mail service is very worried about "tracking."

      So far I trust Google's immense appetite to keep all the cream for themselves. They might track, but they don't share (so far as I've read).

      I've also never seen anything from Google that I didn't know was from Google, so as a personal privacy attack surface, it's so far been fairly conspicuous.

      Google knows everything about me from my search history already (on the order of one million data points).

      Not that I don't have my own e-mail service (as well), but I estimate the my added exposure from Google knowing 99% of my life (by means of my e-mail) instead of 98% of my life (through search alone) as fairly small.

    23. Re:"enable loading of remote content" by rtb61 · · Score: 1

      Also all email should be encrypted by default. Not particular complex encryption, it doesn't need to be all that complex, just sufficiently complex that it needs to be decoded to be read. Similarly to the security of a paper envelope for snail mail, the only reason to encrypt is to tie a criminal penalty for decrypting other people's email without their permission and the penalty, why exactly the same as illegally opening other peoples letters.

      --
      Chaos - everything, everywhere, everywhen
    24. Re:"enable loading of remote content" by AmiMoJo · · Score: 1

      Gmail still doesn't load remote content by default. On the web site or in the mobile app on android. Have not checked iOS.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    25. Re:"enable loading of remote content" by Anonymous Coward · · Score: 0

      Simply turn off all that shit. Display only plain text. Do not run javascript. Do not render HTML. Do not load any trackers. Do not click on any link that uses a tracker (all of which are perfectly obvious when you turn off the HTML shit).

      I have, over the years, got many messages claiming that I do not appear to be opening the messages that are sent to me. This is incorrect. I do not permit tracking. That your tracking systems do not work is YOUR problem, not mine.

    26. Re:"enable loading of remote content" by Anonymous Coward · · Score: 0

      Why on earth would anyone "render" an HTML formatted e-mail? View the text, just the text, and only the text.

      And if you cannot make head-nor-tail of it because it is crappy HTML with links that go on forever, then treat it as any other spam and delete it.

    27. Re:"enable loading of remote content" by schleimkeim · · Score: 1

      Yeah because Outlook was a ridiculous security risk back in the days. Remember I LOVE YOU?

    28. Re:"enable loading of remote content" by Anonymous Coward · · Score: 0

      I was surprised by an overdue credit card bill. I had email bill alerts enabled but when I logged in they had been inexplicably turned off. I called support and they said since I didn't read any of my alert emails they disabled them (read: I have remote content loading disabled so their trackers didn't load).

      CapitalOne, they are run by pieces of HUMAN GARBAGE.

      Yeah they decided I wanted to go paperless without telling me and I had never set up a login for that account.

    29. Re:"enable loading of remote content" by Anonymous Coward · · Score: 0

      > Google knows everything about me from my search history already (on the order of one million data points).

      Hm, what they know about me from my search history is that I'm interested in a very, very, very wide range of topics. Here and there I'm sure there are searches which stick out more as being focused on something which at the time had a strong connection to a personal need, but the vast majority of Google searches I do are not those. This strikes me as far from "knowing everything about me".

      I suppose you use the Google search engine differently? Or you're just trying to justify all the other ways you "leak" personal information to Google, by claiming that they are insignificant? Most people who know me do that (both leak and justify), and think that my being concerned about using Waze or Google Maps, for example, is just silly.

      Well, maybe you (and they) are right, but I still am not convinced yet...

    30. Re:"enable loading of remote content" by angel'o'sphere · · Score: 1

      Same ...

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    31. Re:"enable loading of remote content" by Anonymous Coward · · Score: 0

      I've been pretty happy with CapitalOne. I'm surprised they wouldn't refund you any fees.

    32. Re:"enable loading of remote content" by Agripa · · Score: 1

      Gmail rewrites your img tags to point to a google server.

      Do you mean in the gmail web client? Emails that I fetch to my local client do not have rewritten image tags.

    33. Re:"enable loading of remote content" by Anonymous Coward · · Score: 0

      Share? No of course not. Sell? YE$$$$$$

    34. Re:"enable loading of remote content" by Anonymous Coward · · Score: 0

      That's why you also have to default to "plain text" email. No images, no javascript/external code, etc.

      Nothing but... wait for it.... [text] information.

  2. e-mail is not web by arth1 · · Score: 3, Interesting

    Stop using a web client to read e-mail, and it isn't a problem.

    And if you're an admin, configure your SMTP servers to mark e-mail containing links to trackers as potential malware.

    1. Re:e-mail is not web by sims+2 · · Score: 3

      Even with web clients you have the option to not load remote images.

      --
      Minimum threshold fixed. Thanks!
    2. Re:e-mail is not web by Aighearach · · Score: 1

      You seem to have it backwards; web users are more likely to be protected in this case!

      To get the same level or protection on your own you need... your own server. Not much advantage to using a non-web client at that point, just a flavor issue.

    3. Re:e-mail is not web by Anonymous Coward · · Score: 0

      Horde, for instance.

  3. Huh? by Opportunist · · Score: 2

    There are still mail clients that don't disable loading images by default?

    And they get used?

    Then I guess the people using them don't mind being tracked. Where's the story?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Huh? by gnick · · Score: 1

      There are still mail clients that don't disable loading images by default?

      Gmail defaults to loading external content and is very popular.

      There are other reasons to avoid Gmail.

      --
      He's getting rather old, but he's a good mouse.
    2. Re: Huh? by Anonymous Coward · · Score: 0

      And on the iOS version, will silently ignore requests to not load remote images. Then again, if you care about privacy, you shouldn't use iOS in the first place.

    3. Re:Huh? by mlyle · · Score: 1

      Gmail usually preemptively loads remote content. e.g. it's not tied to whether you look at the message.

    4. Re: Huh? by Anonymous Coward · · Score: 0

      On the contrary, if you care about privacy you should be using iOS.

    5. Re:Huh? by sanf780 · · Score: 2
      I thought that Gmail, the web application and the mobile application, use a proxy for image delivery: https://gmail.googleblog.com/2... Please correct me if I am wrong.

      From the twenty seconds I spent researching this, it looks like companies that do e-mail tracking tell that Apple devices are the ones getting like 45% of the e-mails - just check https://emailclientmarketshare... . I find this number a little bit too high and probably biased, so let us forget about these companies. Anyhow, there are better ways to track your future ex. Like breaching into Facebook, using WhatsApp or diving into Google location history.

    6. Re:Huh? by CronoCloud · · Score: 1

      Gmail defaults to loading external content and is very popular.

      "Gmail" as a service doesn't actually do that... you are speaking of the web interface to it which you do not have to use. In fact, I always recommend using a proper e-mail client with gmail over IMAP on both desktop and mobile.

      Amongst the advantages are:

      1. No remote content unless you specifically want it.
      2. No ads
      3. The ability to use GPG or S/MIME.

    7. Re: Huh? by Anonymous Coward · · Score: 0

      Right, sure, trust the company that got caught sending a list of every cell tower and every WiFi SSID combined with GPS coordinates your phone saw with your privacy. Sounds like a good plan to me.

    8. Re: Huh? by Anonymous Coward · · Score: 0

      Citation needed a

    9. Re: Huh? by Anonymous Coward · · Score: 0

      Or trust google who knowa more about you than you know about yourself....and they send your location data.

    10. Re:Huh? by JoePete · · Score: 1

      Google proxies images including tracking ones/web beacons in HTML email. In short, they scan the HTML, any images they fetch via their proxy servers and then when you open your email, it gets loaded from Google, not the originally intended server. Hence, if you send email to a Gmail account and include a tracking image, it will always show as opened (because Google retrieved the image) regardless of whether you opened it. However only Google will know whether you really opened it. Thus, privacy is a relative thing with Google and it has essentially put itself in a position to be the master of all tracking images.

    11. Re:Huh? by Anonymous Coward · · Score: 0

      Check out the publishers of the survey: they "provide anti-tracking tools".

      They're not about to say "this has been a solved problem for over a decade, but just in case here's another way to do it", are they?

    12. Re:Huh? by Excelcia · · Score: 1

      Gmail retrieves all remote content whether the email is opened or not, and then caches the resultant images (which isn't hard since they are all the same image with different filenames). When you open the email you are only seeing the cached image. Since all images are retrieved at the time Google's servers receive the email, there is no information the sender can get from that image retrieval.

  4. What Is This Site Called? by Anonymous Coward · · Score: 1

    And you probably never noticed.

    This is Slashdot: News for Nerds, Stuff that Matters. We noticed. Hell it was probably one of us that first thought up the idea of using web bugs to track HTML formatted mail. We have all had it disabled in our mail readers since before you were born.

    Wake the fuck up M'Smash and understand who your audience is.

    1. Re:What Is This Site Called? by Rakarra · · Score: 2

      I think the difference here is the rise of email tracking used by people you know. Companies have always tried to track us.

    2. Re:What Is This Site Called? by Anonymous Coward · · Score: 0

      Companies have always tried to track us.

      Only for definitions of "always" which include "... since the internet became a marketing driven clusterfuck of mass surveillance". Email was tracking-free for about the first 25 or so years I used it (it didn't even include the mechanisms used by this technique). It was also spam-free for most of that time. Only later did "we" let it become the abomination that it is today.

  5. They're right by jittles · · Score: 1

    They are definitely right. I haven't noticed the tracking. I don't open images in email, so I wouldn't notice that a 1x1 image was missing from an email. But then again, if my client reported unopened images and I didn't see a spot where an image ought to load, I would probably realize that whoever sent the email is attempting to track me.

  6. What? This is really old news by nctritech · · Score: 4, Interesting

    Email clients have been set to not load remote content by default for over 15 years. Gmail caches remote content to its own servers making tracking bugs in emails mostly useless unless you click an outbound link with tracking data in the URL. Unless you've changed the default setting from "DON'T load remote stuff by default" then you've not been trackable for a really long time. Who needs anti-tracking services? All I have to do is not click on any links. This is an old story. I wonder if the Wired article is "sponsored content;" they are, after all, one of the companies that has complained a lot about ad blockers, so I know they're pretty hard up for dollarydoos.

    1. Re: What? This is really old news by Anonymous Coward · · Score: 0

      Except Gmail is allowing tracking by default. I don't know how it does it, but I email a small list using MailChimp and it can see the instant I open emails. No idea how it works...

    2. Re: What? This is really old news by JoePete · · Score: 1

      Exactly. Folks, Google didn't do this out of the goodness of their heart. They started doing this because it know allows them to all the HTML-based tracking info. If you want to market to a Gmail user, you have to play/pay by Gmail's rules. The real answer if you want privacy and to be a good netizen, plain-text only and stay away Gmail, Hotmail, Yahoo, etc.

    3. Re:What? This is really old news by Anonymous Coward · · Score: 0

      From gmail's help, it talks about sanitizing not removing tracking (except for IP/Location).

      How Gmail helps make images safe

      To help load images safely, images go through Google's image proxy servers and are transcoded before they're delivered.

      This makes images safer because:

              Senders can’t use image loading to get information like your IP address or location.
              Senders can’t use the image to set or read cookies in your browser.
              Gmail checks the images for known viruses or malware.

      In some cases, senders may be able to know whether you've opened an email that has an image attached to a unique link. Gmail scans every message for suspicious content, and if Gmail considers a sender or message potentially suspicious, images won’t be shown and you’ll be asked whether you want to see the images.

    4. Re: What? This is really old news by Anonymous Coward · · Score: 0

      Simple. The images are pre-loaded by Google when you open the Email. This guards your location and browser but does not remove the opening time info. If the image-src is not unique Google might cache it.

  7. URL blockers ... by Anonymous Coward · · Score: 0

    Honestly, with the asshole that run ads, analytics, tracking, and every other bullshit garbage the internet is infested with, you need to do several things:

    1) Stop fucking allowing scripts etc to run by default instead of by exception.
    2) Stop allowing cookies by default instead of by exception
    3) Install something like HTTP switchboard or uMatrix, and block those third party scripts and other shit which does nothing for YOU but for some ad company

    The internet/web has been built quite wrongly on a model of "trust everybody, it will be fine". We need to get browsers to have a much more default "no, fuck you I have no reason to trust you".

    Which is why ads and the like can be co-opted to spread malware, because people's browser is running it by default.

    Those 3rd party scripts embedded in most webpages? That's just assholes trying to monetize your browsing. Stop allowing shit like that.

    1. Re:URL blockers ... by Anonymous Coward · · Score: 0

      Stop fucking allowing scripts etc to run by default instead of by exception.

      Ditto for the web as for email.

      Running scripts by default is fucking INSANE, but somehow everyone decided that's what should be done.

  8. Why would you use a client that did that? by Anonymous Coward · · Score: 0

    - usually in a 1x1 pixel image, so tiny it's invisible, but also in elements like hyperlinks and custom fonts. When a recipient opens the email, the tracking client recognizes that pixel has been downloaded, as well as where and on what device. Newsletter services, marketers, and advertisers have used the technique for years, to collect data about their open rates; major tech companies like Facebook and Twitter followed suit in their ongoing quest to profile and predict our behavior online

    Why would any sane person use a mail client that loaded tracking pixels by default? Or ran embedded scripts by default?

    I've never used one that did that out of the box. With no changes to default settings, they block that sort of thing by default.

    If your client doesn't, or can't, then configure it to, or get a better one.

    You can't complain about email going to shite while you simultaneously enable it to go to shite.

    1. Re:Why would you use a client that did that? by EndlessNameless · · Score: 1

      A lot of corporate employees are stuck with Outlook. It's pretty much a default application since everyone "needs" Office.

      Still, Outlook can be configured to display text-only emails. The option is there, but I'd bet most organizations don't have the will to turn it off in spite of any objections---or whining, whatever you'd like to call it.

      --

      ---
      According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  9. I used to do this on myspace by Anonymous Coward · · Score: 0

    I used to do this on my myspace page to see which friends were viewing my profile the most often. The fact that its done all around the web shouldn't be new or news worthy at this point.

  10. Not always... by QuietLagoon · · Score: 2

    ... When a recipient opens the email, the tracking client recognizes that pixel has been downloaded, as well as where and on what device ...

    My email client is configured to not allow remote connections when I read an email. Some emails are not readable without allowing the tracking stuff, so I don't read them. It is as simple as that. So far, not one important email has been unreadable with remote access disabled.

  11. 1990's want their headline back by avandesande · · Score: 1

    EOM

    --
    love is just extroverted narcissism
  12. Yep by JohnFen · · Score: 1

    This is precisely why I don't allow my email reader to load any external resources (like images), and half of the reason why I don't allow my email to be interpreted through an HTML parser.

  13. Or you by cmaurand · · Score: 1

    Could use a mail client that doesn't automatically load images and break the trackers. The article makes the assumption that all of this email is using some sort of service that does mail tracking (Constant Contact, Mail Chimp, etc.). I don't use mail clients that do tracking.

  14. Bill Gates owes me money by dysmal · · Score: 1

    I got an email from him back in 1997 stating that he was testing his email tracking software and I was selected to help him test it if i forwarded on the message.

    Where's my money Bill? Where?!?!?!

  15. Since you're reading this story by Anonymous Coward · · Score: 0

    Our research shows that you're likely to be interested in these great deals from our commercial sponsors.

    1. Re: Since you're reading this story by Anonymous Coward · · Score: 0

      Creimer affiliate spam

    2. Re: Since you're reading this story by Anonymous Coward · · Score: 0

      Taste test my semen and you might win $1000!

  16. Fuck HTML emails. by Anonymous Coward · · Score: 0

    That's why I use text-only emails, always have, and always will.

    1. Re:Fuck HTML emails. by PPH · · Score: 1

      Also make sure you disable automatic reply receipts.

      --
      Have gnu, will travel.
    2. Re:Fuck HTML emails. by Anonymous Coward · · Score: 0

      Communicating in any other way than morse code via telegraph is fucking insane.

      I, for one, always use sticks with different flags on it and wave in the general direction of the recipient. To prevent, dear lord the horror, third parties from accessing any of this I always make sure to stand right in front of the intended target, in a closed room. A faraday cage ideally, but less will do depending on the severity of the message being transmitted.

      I do not understand why you millenials think you can do better, with your GOOGLE, tracky, tech bullshit.

  17. Oh no. by Anonymous Coward · · Score: 0

    My privacy!

  18. Unless, of course... by Chris+Mattern · · Score: 1

    ...your email client doesn't automatically download external links. Which is the default behavior of most clients these days.

  19. Two words: Plain Text by Anonymous Coward · · Score: 0

    Listen, if you send HTML email, you are doing the equivalent of sneezing in your friends face. If you choose to read HTML email, I suggest you might also enjoy cleaning your toilet with your toothbrush each night before brushing your teeth. HTML email is rude and risky and enables the Web beacons and other tracking data of marketing and spam. Worse yet, HTML-based email is the prime vector of attack for phishing and a great deal of malware. Stop sending it. Stop reading it. You and the rest of the online community will be better off.

    1. Re:Two words: Plain Text by Anonymous Coward · · Score: 0

      I'm glad you've got a basic understanding of security while living in your parents basement but for those of us out there in this thing called REALITY that actually WORK for a living, this isn't going to happen.

      People complain if you use plain text because the font hurts their eyes. They complain if you don't send them a screen shot or highlight/underline/bold what's important.

    2. Re:Two words: Plain Text by Anonymous Coward · · Score: 0

      Fuck, I don't care what happens on my work email -- that's IT support's problem.

      At home, where I'm IT support, I only read/send plain text email.

    3. Re:Two words: Plain Text by JohnFen · · Score: 1

      Listen, if you send HTML email, you are doing the equivalent of sneezing in your friends face.

      This is exactly right. Unfortunately, people don't seem to care about the well-being of their friends and neighbors anymore. Look how many are willing to sell them out by mentioning them to and in Facebook.

    4. Re:Two words: Plain Text by JohnFen · · Score: 1

      People complain if you use plain text because the font hurts their eyes. They complain if you don't send them a screen shot or highlight/underline/bold what's important.

      You need a better set of coworkers. I never send HTML email in business settings, and I've never once had anyone complain about it. BTW, you can still send screenshots (as well as any other attachments) with plain text email.

  20. And that is why browser is not an email reader by gweihir · · Score: 4, Informative

    I read email with Mutt, no tracking. If it is HTML-only, it gets converted by Lynx, no includes, again no tracking. The whole problem would not exist without the insanity of misusing web-browsers to display emails.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:And that is why browser is not an email reader by stabiesoft · · Score: 2

      I use alpine. It cracks me up how big an email can be with just "Hello World". A few KBytes for like 12 bytes if info,

    2. Re:And that is why browser is not an email reader by ben_kelley · · Score: 1

      Mutt with a uid that low? Fancy! I still use elm.

    3. Re:And that is why browser is not an email reader by Anonymous Coward · · Score: 0

      If it is HTML-only, it gets converted by Lynx

      I use Sylpheed. It seems to do a s/<[^>]+>//g to display HTML e-mails.

      I deal with a certain webshop that sends text/plain and text/html e-mail, and their text/html version actually looks better than the plaintext version, thanks to that.

      (Or to put it differently, their plaintext version sucks. It has weird spacing that makes it almost unreadable.)

  21. Re:"show messages as text" by Anonymous Coward · · Score: 0

    Just show them as text, not html. That's even safer.

  22. Thanks, Apple... NOT! by Anonymous Coward · · Score: 0

    It hasn't helped that Apple made automatic loading of remote images the default in iOS, if not also macOS, Mail.
    So much for being concerned about user privacy--this has been a known issue with email for well over a decade!

  23. Worst hidden cost of it? CLIENTSIDE/YOUR "$" by Anonymous Coward · · Score: 0

    Worst hidden cost? Inefficient vs. serverside WinCGI/CGI bins making YOU spend electric power money running it clientside!

    Thiink about it along w/ YOUR CPU cycles, RAM & other forms of I/O driving it up @ YOUR EXPENSE clientside - not serverside as it SHOULD be SUCKERS!

    * Defeats the ENTIRE client-server efficiency for the client (the IMPORTANT PART not a serverside one) making YOUR POWER BILL go up (as well as slowing, tracking + infecting you).

    APK

    P.S.=> God gave you all a brain - USE IT! apk

  24. "Person selling solution tells you about problem" by eepok · · Score: 1

    We all know about the issues with users being tracked along with profiles being made and identities sold, but I can't be the only one who automatically distrusts someone who sells a product tells me how dangerous the world is without their product. It reads too much like paid advertising. (https://www.smithsonianmag.com/smart-news/marketing-campaign-invented-halitosis-180954082/)

  25. Score:-5, Pwned by Anonymous Coward · · Score: 1

    Witness BitZtream getting pwned!... twice.....three times..... four times!

  26. Simple Issue by JoePete · · Score: 1

    On the issue of plain-text vs HTML email, it is not a debate, it is a litmus test. If you send HTML email or insist or reading in that format, you simply don't know enough about email to use it responsibly. Sorry, I know that is harsh, but there is no good reason to send or read HTML email. Meanwhile, in addition to privacy issues, you have spam ones (tracking pixels let the spammers know you are a live email), the phishing ones (HTML obfuscates the true target of links or origin of images), and malware ones (HTML email will automatically load certain attachments that may contain executable code) all facilitated by HTML email.

  27. Don't use an email client that supports that by Miser · · Score: 1

    Pretty simple. Don't use an email client that supports that bullshit, problem solved. :)

  28. Most efficient native way to do all that by Anonymous Coward · · Score: 0

    NEW APK Hosts File Engine 10++ 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

    Ads/script/malware rob speed/security/privacy/bandwidth.

    Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).

    Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!

    Avoids DNSChangers in routers/IP settings & dns redirect (99++% of ISP DNS != patched vs. it) + DNS tracking & lighten DNS load & resolve faster via local RAM!

    * Via what u NATIVELY have in a FASTER kernelmode IP stack (does more w/ less).

    APK

    P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/ (self checking vs. infection of it built-in)

  29. Addons=inferior/inefficient/faulty vs. hosts by Anonymous Coward · · Score: 0

    Hosts protect & addons can't (or as well):

    Redundant NoScript tag parses. Hosts block script before it!

    Bad sites (past ads)
    Botnet C&Cs
    DNS down/poisoned
    Trackers (dns logs/ads/transparent ISP proxy)
    Dns blocks
    Spam/phish payload
    Slowdown 2 ways: adblocks/hardcodes
    Hosts = Ez edit.

    AB+ 151mb https://www.google.com/search?q=Adblock+memory+consumption&btnG=Search&hl=en&gbv=1/

    UBlock 64MB https://www.google.com/search?q=UBlock+memory+consumption&btnG=Search&hl=en&gbv=1/

    Hosts~6mb

    Addons = ClarityRay defeatable & crippled http://www.businessinsider.com/google-microsoft-amazon-taboola-pay-adblock-plus-to-stop-blocking-their-ads-2015-2/

    No 1 addon does as much.

    Stacked addons slowup.

    ADDONS=EXPLOITABLE https://news.slashdot.org/comments.pl?sid=11166303&cid=55266729/

    APK

    P.S.=> APK Hosts File Engine 10++ 64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

  30. Getting too much! by duke_cheetah2003 · · Score: 1

    There are some 269 billion emails sent and received daily. That's roughly 35 emails for every person on the planet, every day.

    I'm getting way more than my fair share, then. Because I receive upwards of 500-1000 spam emails every single day.

    1. Re:Getting too much! by shanen · · Score: 1

      There are some 269 billion emails sent and received daily. That's roughly 35 emails for every person on the planet, every day.

      I'm getting way more than my fair share, then. Because I receive upwards of 500-1000 spam emails every single day.

      I wish I could thank you for taking care of part of my share, but I think I'm getting at least that many per day, too. It's getting hard to tell unless you actually look for the false positives. These days I only check my primary email address for them.

      Much worse is the false negative problem that allows the spammers to confirm an email address using this same technique as long as they can get one of their spams to slip past the filters. Also annoying are the Facebook- and Google-linked spams, where the annoyance is compounded by how little such companies care about the abuse of their own "members" based on trust in the supposedly valuable "brands".

      There is an existence proof for solutions. Haven't you noticed that pump-and-dump stock scams were actually fought successfully?

      --
      Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
  31. Use text only e-mail, bitches by sandbagger · · Score: 1

    Eventually most adults figure this out when they get that one add that's waaaaay too close to creepy after searching for something like Preparation H or morning after pill. As for the rest, guess what, that third of the adult population actually wants those ads. They find those ads economically important and, more power to them. You will not change their minds.

    --
    ---- The above post was generated by the Turing Institute. Maybe.
    1. Re:Use text only e-mail, bitches by Anonymous Coward · · Score: 0

      I don't understand your post. What does text-only email have to do with seeing ads influenced by searches?
      It sounds like you're just talking about using the web (without an adblocker, saints preserve us!). What does that have to do with e-mail?

  32. Re:Addons=inferior/inefficient/faulty vs. hosts by Anonymous Coward · · Score: 0

    Oh no, you only posted that four times in a row. That's too bad.

    If only you had posted it five or six times straight, then maybe I would be interested. Too bad, you lose.

  33. HTML email sucks by Anonymous Coward · · Score: 0

    Use Text only email.

  34. LOL @U out of downmodpoints - why? by Anonymous Coward · · Score: 0

    "I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised" - by mmell on Thursday February 16, 2017

    "I've never tried to belittle (APK's work), I've flat out said it's good" - by BronsCon on Thursday February 11, 2016

    "his hosts program is actually pretty good" - by xenotransplant on Monday August 10, 2015

    "his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources" by alexgieg on Friday September 25, 2015

    "I like your host file system." - by Karmashock on Wednesday September 09, 2015 (#50489401)

    "I do use APK's host file on all my systems at home" by OrangeTide on Friday December 01, 2017

    "I personally use a HOSTS file blocker produced from a genius called APK. Ever heard of him?" by 110010001000 on Friday October 27, 2017

    * Need more?

    APK

    P.S.=> Facts blow your kind (unidentifiable ac burial try) away... apk

  35. I didn't notice. I use alpine, a plain text MUA. by Anonymous Coward · · Score: 1

    My editor and I use alpine - and we work reporting music. Yet, we have to open attached files only infrequently. Plain text works just fine virtually all the time, while eliminating many risks.

  36. pi-holed by Anonymous Coward · · Score: 0

    Tracking requests are denied at the network level. No tracking for joo!

  37. Case for text mailer by manu0601 · · Score: 1

    Security experts should now recomand using text mailers such as mutt, pine or ELM. Or at least GUI-based mailer that do not support HTML.

    Unfortunately, I suspect I will not see that coming.

  38. Old news is old by Anonymous Coward · · Score: 0

    What is news on that? That has been done 10~15 years ago or even longer.

    If you are worried about that, read your mails with mutt.

  39. So by BitztreamNotARealNam · · Score: 2

    How's life in the hypocrite lane?

  40. Fockers by Artem+S.+Tashkinov · · Score: 1

    Luckily my thunderbird defaults to text and even when I enable HTML images aren't loaded automatically.

  41. Huh? by Agripa · · Score: 1

    When a recipient opens the email, the tracking client recognizes that pixel has been downloaded, as well as where and on what device.

    Huh? I open hundreds of emails a day and my email client does not fetch embedded objects unless I specifically ask it to.