More on Email Privacy

by Preston Gralla

In my last weblog, I wrote about a fascinating but disturbing new email service called DidTheyReadIt that lets you trace every piece of email you send, for $50 a year. It tells you if someone opened your mail, and even how long the recipient kept your email open.

I've used the service more since then, and done a bit of investigation, and what I've found is both disturbing and reassuring. Disturbing because DidTheyReadIt uses a technology commonly used by spammers to help harvest email addresses, and reassuring because it's so easy to defeat.

DidTheyReadIt attaches an transparent, one-pixel .gif called a "Web bug" or "Web beacon" to emails you send out. When someone opens your email, your email server grabs the .gif from the DidTheyReadIt server, which then logs information about when you opened the message, and for how long you had it open. It then sends that information to you. Spammers commonly use this technology to confirm people's email addresses, so that they can spam them more in the future, and sell the confirmed email addresses to other spammers.

The DidTheyReadIt service has more problems than that it invades people's privacy, and uses a technology that spammers use. Ultimately, too much of the time it can't actually tell you if someone has ready your message. If you send a message to someone who doesn't use HTML email, you won't be able to know whether he's opened the message. Outlook 2003, and all future versions of Outlook, turn off HTML email by default. So send a message to someone who uses Outlook 2003, and you won't know whether your mail got through. (The exception is if you're on the Contact list of the person to whom you're sending a message. In that case, Outlook 2003 turns on HTML.)

Because Web bugs are associated with spam, some anti-spam software blocks email that includes them. In the future, expect that all anti-spam software will do it. It even appears that some ISPs block email with Web bugs as well. I've sent several emails using DidTheyReadIt to my beta Google Gmail account, and not a single one has gotten through.

What's the upshot? DidTheyReadIt is one of those bad ideas that probably won't stick around long. Legislation won't be needed to kill it (as some have proposed) -- technology will handle that all by itself.


What do you think of DidTheyReadIt and similar technologies? Should the government intervene?


3 Comments

brian_d_foy
2004-06-08 11:58:28
Won't necessarily work with Gmail either
Gmail does not automatically show external images with email, although I can see they are there as broken image icons. I have to select the "Display External Images" link to see the images.


I agree that technology will sort this out. Maybe I should bring back my home-grown image blocking technique: I simply altered my local host lookup table to make things like doubleclick.com refer to 127.1, then served up images of my cats instead of the intended ads.


I haven't used that in a while since I have FireFox block most ads.

bahree
2004-06-08 14:11:23
Is this a rip off?
A friend of mine had a blog entry of this at http://www.karan.org/blog/index.php/2004/06/02/p161 and this looks like a complete ripoff of that? Too many similarities for a coincidence, won't you say?


Amit.

aristotle
2004-06-08 20:46:37
Is this a rip off?
Err, this entry is pretty much a summary of the points raised in the comments to Preston's previous blog, which the blog you refer to was also posted as.