¬сего сообщений: 2707
–ейтинг пользовател€: 22—сылка
ƒата регистрации на форуме:
5 июн€ 2009
—ообщение отправлено: 15 декабр€ 2017 19:00
"I JUST CAME across this email," began the message, a long overdue reply. But I knew the sender was lying. HeТd opened my email nearly six months ago. On a Mac. In Palo Alto. At night.
I knew this because I was running the email tracking service Streak, which notified me as soon as my message had been opened. It told me where, when, and on what kind of device it was read. With Streak enabled, I felt like an inside trader whenever I glanced at my inbox, privy to details that gave me maybe a little too much information. And I certainly wasnТt alone.
There are some 269 billion emails sent and received daily. ThatТs roughly 35 emails for every person on the planet, every day. Over 40 percent of those emails are tracked, according to a study published last June by OMC, an Уemail intelligenceФ company that also builds anti-tracking tools.
The tech is pretty simple. Tracking clients embed a line of code in the body of an emailЧusually in a 1x1 pixel image, so tiny it's invisible, but also in elements like hyperlinks and custom fonts. When a recipient opens the email, the tracking client recognizes that pixel has been downloaded, as well as where and on what device. Newsletter services, marketers, and advertisers have used the technique for years, to collect data about their open rates; major tech companies like Facebook and Twitter followed suit in their ongoing quest to profile and predict our behavior online.
But lately, a surprisingЧand growingЧnumber of tracked emails are being sent not from corporations, but acquaintances. УWe have been in touch with users that were tracked by their spouses, business partners, competitors,Ф says Florian Seroussi, the founder of OMC. УIt's the wild, wild west out there.Ф
According to OMC's data, a full 19 percent of all УconversationalФ email is now tracked. ThatТs one in five of the emails you get from your friends. And you probably never noticed.
УSurprisingly, while there is a vast literature on web tracking, email tracking has seen little research,Ф noted an October 2017 paper published by three Princeton computer scientists. All of this means that billions of emails are sent every day to millions of people who have never consented in any way to be tracked, but are being tracked nonetheless. And Seroussi believes that some, at least, are in serious danger as a result.
AS RECENTLY AS the mid-2000s, email tracking was almost entirely unknown to the mainstream public. Then in 2006, an early tracking service called ReadNotify made waves when a lawsuit revealed that HP had used the product to trace the origins of a scandalous email that had leaked to the press. The intrusiveness (and simplicity) of the tactic came as something of a shock, even though newsletter services, salespeople, and marketers had long used email tracking to gather data.
Seroussi says that Gmail was the ice breaker hereЧhe points back to the days when sponsored links first started showing up in our inboxes, based on tracked data. At the time it seemed invasive, even unsettling. УNow," he says, "itТs common knowledge and everyoneТs fine with it.Ф GmailТs foray was the signal flare; when advertisers and salespeople realized they too could send targeted ads based on tracked data, with little lasting pushback, the practice grew more pervasive.
УI do not know of a single established sales team in [the online sales industry] that does not use some form of email open tracking,Ф says John-Henry Scherck, a content marketing pro and the principal consultant at Growth Plays. УI think it will be a matter of time before either everyone uses them,Ф Scherck says, Уor major email providers block them entirely.Ф
It Takes Just $1,000 to Track Someone's Location With Mobile Ads
Email Is Broken. Can Anyone Fix It?
A Clever Way to Tell Which of Your Emails Are Being Tracked
СMailsploitТ Lets Hackers Forge Perfect Email Spoofs
That's partly to do with spam. "Competent spammers will track any activity on your email because they tend to buy entire lists of addresses and will actively try to rule out spam traps or unused emails,Ф says Andrei Afloarei, a spam researcher with Bitdefender. УIf you click on any link in one of their messages they will know your address is being used and might actually cause them to send more spam your way.Ф
But marketing and online salesЧeven spammersЧare no longer responsible for the bulk of the tracking. "Now, itТs the major tech companies," Seroussi says. "Amazon has been using them a lot, Facebook has been using them. Facebook is the number one tracker besides MailChimp." When Facebook sends you an email notifying you about new activity on your account, "it opens an app in background, and now Facebook knows where you are, the device youТre using, the last picture youТve takenЧthey get everything."
Both Amazon and Facebook "deeplink all of the clickable links within the email to trigger actions on their app running on your device," Seroussi says. "Depending on permissions set by the user, Facebook will have access to almost everything from Camera Roll, location, and many other logs that are hidden. But even if a user has disabled location permission on his device, email tracking will bypass this restriction and still provide Facebook with the user's location."
I STUMBLED UPON the world of email tracking last year, while working on a book about the iPhone and the notoriously secretive company that produces it. IТd reached out to Apple to request some interviews, and the PR team had initially seemed polite and receptive. We exchanged a few emails. Then they went radio silent. Months went by, and my unanswered emails piled up. I started to wonder if anyone was reading them at all.
ThatТs when, inspired by another journalist whoТd been stonewalled by Apple, I installed the email tracker Streak. It was free, and took about 30 seconds. Then, I sent another email to my press contact. A notification popped up on my screen: My email had been opened almost immediately, inside Cupertino, on an iPhone. Then it was opened again, on an iMac, and again, and again. My messages were not only being read, but widely disseminated. It was maddening, watching the grey little notification boxЧУSomeone just viewed СRegarding book interviewsТЧpop up over and over and over, without a reply.
So I decided to go straight to the top. If AppleТs PR team was reading my emails, maybe Tim Cook would, too.
I wrote Cook a lengthy email detailing the reasons he should join me for an interview. When I didnТt hear back, I drafted a brief follow-up, enabled Streak, hit send. Hours later, I got the notification: My email had been read. Yet one glaring detail looked off. According to Streak, the email had been read on a Windows Desktop computer.
Maybe it was a fluke. But after a few weeks, I sent another follow up, and the email was read again. On a Windows machine.
That seemed crazy, so I emailed Streak to ask about the accuracy of its service, disclosing that I was a journalist. In the confusing email exchange with Andrew from Support that followed, I was told that Streak is Уvery accurate,Ф as it can let you know what time zone or state your lead is inЧbut only if youТre a salesperson. Andrew stressed that Уif youТre a reporter and wanted to track someone's whereabouts, [itТs] not at all accurate.Ф It quickly became clear that Andrew had the unenviable task of threading a razor thin needle: maintaining that Streak both supplied very precise data but was also a friendly and non-intrusive product. After all, Streak users want the most accurate information possible, but the public might chafe if it knew just how accurate that data wasЧand considered what it could be used for besides honing sales pitches. This is the paradox that threatens to pop the email tracking bubble as it grows into ubiquity. No wonder Andrew got Orwellian: УAccuracy is entirely subjective,Ф he insisted, at one point.
Andrew did, however, unequivocally say that if Streak listed the kind of device usedЧas opposed to listing unknownЧthen that info was also Уvery accurate.Ф Even if pertained to the CEO of Apple.
IF TIM COOK is a closet Windows user (who knows! Maybe his Compaq days never fully rubbed off) or even if he outsources his email correspondence to a firm that does, then itТs a fine example of the sort of private data email tracking can dredge up even on our most powerful public figures.
"Look, everybody opens emails, even if they donТt respond to them," Seroussi says. "If you can learn where a celebrity isЧor anyoneЧjust by emailing them, itТs a security threat.Ф It could be used as a tool for stalkers, harassers, even thieves who might be sending you spam emails just to see if youТre home.
"During the 2016 election, we sent a tracked email out to the US senators, and the people running for the presidency," Seroussi says. "We wanted to know, were they doing anything about tracking? Obviously, the answer was no. We typically got the location of their devices, the IP addresses; you could pinpoint almost exactly where they were, which hotels they were staying at."
This is what worries Bitdefender's Afloarei about malicious spammers who use trackers, too. УAs for the dangers of being tracked in spam, one must keep in mind the kind of people that do the tracking, and the fact that they can find out your IP address and therefore your location or workplace,Ф he says. Just by watching you open your email, Afloarei says spammers can learn your schedule (Уbased on the time you check your emailФ), your itinerary (based on how you check mail at home, on the bus, or so on), and personal preferences (based on where they harvested the email; say, a sports forum, or a music fansite).
Because so many people can be looked up on social media based on email addresses, or their jobs and locations, Afloarei says itТs "pretty easy" to correlate all the data and track someone down in person. "Granted, most spammers are only interested in getting your credit card or simply getting you infected and part of their botnet, but the truly devious ones can deduct so much information besides all that."
"I always wonder when a big story is going to come out and say that people broke into a house because they used email trackers to know the victims were out of town."
FLORIAN SEROUSSI, FOUNDER OF OMC
ThereТs one more reason to be wary: Email tracking is evolving. Research from October looked at emails from newsletter and mailing list services from the 14,000 most popular websites on the web, and found that 85 percent contained trackersЧand 30 percent leak your email addresses to outside corporations, without your consent.
So, if you sign up for a newsletter, even from a trusted source, thereТs a one in three chance that the email that newsletter service sends you will be loaded with a tracking image hosted on an outside server, that contains your email address in its code and can then share your email address with a Уlarge network of third parties.Ф Your email address, in other words, is apt to be shared with tracking companies, marketing firms, and data brokers like Axiom, if you as much as open an email with a tracker, or click on a link inside.
УYou can have tens of parties receive your email address,Ф says Steven Englehardt, one of the computer scientists behind the study. УYour email hash is really your identity, right? If you go to a store, make a purchase or sign up for somethingЧeverything we do today is associated with your email.Ф Data brokers have long stockpiled information on consumers through web tracking: browsing habits, personal bios, and location data. But adding an email address into the mix, Englehardt says, is even more reason for alarm.
УThis kind of tracking creates a big dataset. If a dataset leaks with email hashes, then itТd be trivial for anyone to go see that personТs data, and people would have no idea that data even existed,Ф he says. УYou can compare it to the Experian data leak, which exposed peopleТs social security numbers, and could cause fraud. In my mind, this leak would be even worse. Because itТs not just financial fraud, but intimate details of peopleТs lives.Ф
Given the risks, perhaps whatТs most striking about the rise of ubiquitous email tracking is how relatively quietly itТs happenedЧeven in a moment marked by increased awareness of security issues.
"ItТs shifted. ItТs more and more used in conversational threads. In business emails. This is what scares us the most," Seroussi says. "One out of six people that emails you is sending a tracker, and itТs real life"Чnot marketing, not spammers. УIt could be your friend, your wife, your boss, this number is really mind bogglingЧyou give up a lot of privacy just opening emails."
AFTER THE GREAT Tim Cook Email Tracking Incident, I left Streak on. IТd found, grudgingly, that it was useful; it was sometimes more efficient to know when sources had read my email and when I might need to nudge them again. But because I was using the same Gmail account for personal and professional use, I ended up tracking friends and family, too. ThatТs when I saw how starkly tracking violates the lightly-coded social norms of email etiquette. I watched close friends read an email and not respond for days. I saw right through every white lie about email (about not receiving it, or it getting stuck in the spam folder). Sure, itТs occasionally nice; you can get a rough sense of how many people read the latest update to the weekend plans on a thread, and you can feel confident that your brother isnТt blowing you off, heТs just really bad at reading email. But it mostly serves to add yet another unnecessary layer of expectation onto our already notification-addled lives, another social metric to fret over, and another box to click on feverishly whenever it arrives. Not to mention a tinge of surreptitious digital voyeurism.
"Most consumers donТt understand just how much information they are giving up."
MARKETING CONSULTANT JOHN-HENRY SCHERCK
Clearly, this is a situation that the tracking outfits want to avoid. TheyТve kept mostly to the shadows, harvesting useful sales data and email open rate info without causing too many ripples; the last thing they want is for their products to be deemed invasive or spyware. This, however, puts them in a deeply awkward position: In order to stand out amongst a burgeoning field of email tracking services, they need to tout their accuracy and ease of useЧwhile somehow giving the public the impression the data theyТre soaking up isnТt a threat.
As the number of easy-to-use, free tracking products proliferatesЧsome email clients are beginning to simply ship with tracking features, as Airmail did in 2016ЧweТre going to have to contend with a digital social landscape where thereТs an insurgent mix of trackers and trackees. And, increasinglyЧanti-trackers.
IF YOU DONТT want people to know your precise whereabouts whenever you glance at a specially priced offer for a cruise featuring your favorite 90s alt rock bands; if youТd rather Facebook not harvest your device data every time a former high school classmate inveighs against Trump in a comment on one of your vacation pics; if youТre the CEO of one of the top technology companies in the world and youТd rather not be associated with using a rivalТs productЧyou have options.
A host of anti-tracking services have sprung up to combat the rising tide of inbox tracersЧfrom Ugly Mail, to PixelBlock, to Senders. Ugly Mail notifies you when an email is carrying a tracking pixel, and PixelBlock prevents it from opening. Senders makes use of a similar product formerly known as Trackbuster, as part of service that displays info (Twitter, LinkedIn account, etc) about the sender of the email youТre reading. Using these services, I spotted more than a few acquaintances and even some contacts I consider friends using tracking in their correspondence.
But even those methods aren't foolproof. Tracking methods are always evolving and improving, and finding ways around the current crop of track-blockers. УItТs a fight weТre having over the last couple of years,Ф Seroussi says. УThey canТt counter all the methods that we knowЧso they get around the block by setting up new infrastructures. ItТs a chase, theyТre doing a job.Ф
To prevent third-parties from leaking your email, meanwhile, PrincetonТs Englehart says Уthe only surefire solution right now is to block images by default.Ф That is, turn on image-blocking in your email client, so you canТt receive any images at all.
OMC has found dozens of novel methods that newfangled trackers are using to get your email open info. УWe found 70 different ways where they use tracking,Ф Seroussi says, УSometimes itТs a color, sometimes itТs a font, sometimes itТs a pixel, and sometimes itТs a link.Ф ItТs an arms race, and one side has an immense advantage.
When Seroussi debuted Trackbuster in 2014, he was expecting a few hundred downloads. Within hours, heТd had 12,000. People who knew about email trackingЧoften trackers themselves, ironicallyЧwere eager for a way to quash it. Still, other trackers are furious with what the track-blockers are doing. УWe receive death threats,Ф he says, more agitated than angered. ItТs the wild west, after all. УTheyТve been trying to destroy us for two years.Ф
Scherck, the marketing consultant, thinks that Google could up and kill email tracking altogether. УI do think public opinion could turn on email tracking, especially if Gmail started alerting users to tracking by default inside of Gmail with pop ups, or some native version of Ugly Email,Ф he says. УJust look at how consumers have turned on Facebook for their advertising. People absolutely hated that Uber was buying data on who was using Lyft from Unroll.me.Ф It would only take a strong enough nudge. УMost consumers donТt understand just how much information they are giving up,Ф he says.
If Google and the other big tech firms wonТt budge, though, Seroussi believes the problem is serious enough to warrant government intervention. УIf the big companies donТt want to do something about it, there should be a law defining certain kinds of tracking,Ф he says. And if nothing is done at all, Seroussi thinks itТs only a matter of time before email tracking is used for malign purposes, potentially in a very public way. УI always wonder when a big story is going to come out and say that people broke into a house because they used email trackers to know the victims were out of town,Ф he says. УItТs probably already happened.Ф
As for me, I was tired of all the tracking. After a couple months of ambiguous insights, I didnТt want to know who was opening my emails and not replying anymore. I didnТt want to wait, strung-out-like, for a notification to ring in a response from a crucial source. I didnТt want to feel like I was breaking the rules of whatever slipshod digital social compact weТve got; my semi-spying days were done. I deleted Streak, and left Senders runningЧand kept a screenshot of Tim CookТs Windows on my desktop as a souvenir.