Is there no privacy left in email?

by Preston Gralla

I've been beta testing a piece of email software that some people see as breaking the basic web of trust that holds the entire Internet together, and I hate to admit it, but using it gives me a bit of guilty pleasure.

The software, and associated service, is called DidTheyReadIt. Run the software, and then you can invisibly trace any piece of email you send, for the price of $50 a year. You'll be able to know whether someone opened your email, and even how long the recipient kept your email open. You can even find out where the recipient is physically located.

The software runs in XP or Windows 2000, and it appends a bit of text onto the back end of the recipient's email address. So if you're sending email to preston.gralla@gmail.com, for example, it invisibly changes the address to preston.gralla@gmail.com.didtheyreadit.com. The recipient never sees the address change, and never knows that the email is being tracked. Presumably, the email is routed through didtheyreadit.com's servers, which is how the service does its work.

You don't have to use the software to track mail. Sign up for the service for $50 a year, and you can manually insert the .didtheyreadit.com to the end of any email address, and the tracking works as well.

DidTheyReadIt is not alone in doing this kind of thing. If you use AOL to send mail to another AOL user, you can do something like this. MessageTag has a similar service as well. But neither track you mail as comprehensively as DidTheyReadIt. And you can always use the return receipt feature of Outlook, but that at least alerts the recipient that you want a receipt, and he always has the option of not returning it.

So what do I think? I'm appalled and fascinated at the same time. Appalled because it breaks the trust inherent in Internet communications. Fascinated because like everyone who's ever sent an important email, I want to know whether it's been read, and whether it's being taken seriously.

But although I'm fascinated, ultimately I think it's a bad thing. There should be at least one part of our lives that remains private. Although email is used for business, it's also used for personal communications, and when that intimate barrier is breached, we're all the poorer for it.


What do you think of DidTheyReadIt? Is it a great new service or an invasion of people's basic right to privacy? Let me know.


9 Comments

brian_d_foy
2004-06-01 19:10:51
You can never really tell
I had a professor who thought he was pretty slicked and tried that sort of thing. A couple of hours of Expect programming finally convinced him that he was wasting his time.
jwenting
2004-06-02 00:18:15
one more reason to check all email headers
before opening the message...


Their tracking mechamisn can only work if the email client keeps a constant connection with their server (obviously).
I've set up my firewall to deny all connect requests to the internet from my email clients and set up the email clients to deny all requests for receipts.
Now how do they propose to track what I do with your message when my mailprogram can neither reply to them that I've opened your message nor can the message phone home?


As a last resort I can just read it directly on the server, which is completely passive as it just dumps the data stored on the server to my screen in ASCII format including all headers, sending nothing to anybody.
Tough cookie that can track that...

aristotle
2004-06-02 01:07:57
Uh, what?
I never read the HTML bits of a message, so you can't use webbugs one me. I pull my mails from my freemail provider using POP3. My mailclient never even connects to any server (fetchmail pulls my mail, and esmtp sends it).


You paid $50 for snake oil.

ckeat
2004-06-02 02:29:29
Not new
I'm not sure since when, but http://mailtracking.com/ has been around for ages and they have funnier versions of email too.. including a "mission impossible" count down version.. (i'm amused but i don't work there)


anyways, as mentioned above these methods aren't 100% reliable (less than 100% just defeats the purpose right?)... so, didtheyreadit.com is not correct.. but the more important question is.. did they NOT read it?

kbsingh
2004-06-02 05:34:48
Whats the big deal ?
Ever heard of something called Read Receipts and delivery receipts ? Almost all email clients / servers have these options - and digging backwords, seem to exist from the early 90's. Thats the correct way to keep notified about email status. It also gives the Privacy concerned end user, an option to turn off sending of receipts.

This service brings nothing more to the email usability than the usual read receipts do. But has massive limitations that read receipts dont.

This only works for people who are reading their emails in HTML format and allowing external images to load in their email client ( in other words - brain dead users with brain dead email client s/w )

The 'trick' used is that they drop an image into the html of the email that links to an image hosted on their server ( normally 1px by 1 px - so most people will not notice it ). This is also the trick used by Spammers to verify email accounts.... Most email clients these days will now not allow you to load an image or link to any website from an email message ( or have an option to this effect anyway ).

So if you really want to track how / where you email is and if it was read, use the Read-receipt-notification option, it works in any and every kind of email and on any platform / OS.

Looks like you just got scammed for $50 :)

Elian
2004-06-02 06:00:11
Self-defeating...
Since web bugs are considered signs of spam by most spam filters. (Worth a bit more than a point with SpamAssassin) You're not only unlikely to get notification that the mail's been read because the tech doesn't work, you're less likely to get it because the mail may not have made it to the recipient in the first place...
linuxactivist
2004-06-02 12:57:04
Sorry, Preston
But as it has been pointed out, you've been taken. Even if the trick works for some of the people some of the time, it won't work for everyone all of the time, which makes it somewhat useless.


Listing the full headers will show the correct path that the email took. Shady things like appended addresses get messages relegated to the bit bucket in the sky on my system.

anna69
2005-06-28 12:47:13
will this help to break in to someone email account?
1skydive
2005-12-03 08:40:40
Tech Geeks, huh?
Well, I thought it was pretty funny reading all the posts here about how ineffective this mail tracker is and how it doesn't work. Well, I've been testing it too and for some geeks who send email with altered headers straight to the spam bin or others who read no html mail and even others who read text based email on a shell account... You guys are about 1% of the population. Heck, I'm even one of those guys. However, when my company sends a demand for non payment of invoices, we know almost 95% of the time that the email has been read. Maybe it's not 100% as someone pointed out but 95% is better than 0%. Yes there are one or two that it doesn't work for, but you have to remember that the majority of people are not tech savvy and it does work in these cases. I know, I've been using it for ages and it really works well. No wasted $50 for me.... I wrote my own.