How to block emails from tracking your behavior: Internet Scambusters #971
A tiny single pixel hidden in your email can report your reactions and responses back to the sender without you knowing.
They've been around for years but now this spying is such a common practice that one Internet security expert described its use as "endemic."
In this week's issue, we'll tell you how these "web beacons" work, what they do, and how you can block them.
Let's get started…
Stop the Hidden Spy In Your Email
When an email lands in your inbox, you may think it's just for you, that the sender has no idea what you do with it, and that it's for your eyes only. Not so.
Crooks, spammers, scammers, and even legitimate marketing organizations can tell almost instantly if you opened it and what you did with it. They may also know your location and even what type of device you're using.
At its most basic level, this email tracking as it's known is down to a single tiny dot, invisible to the naked eye, hidden in the message.
The culprit is known as a tracker pixel or spy pixel. As you may know, pixels are the little electronic dots that make up a digital image.
And it's not difficult to drop a tracker into a message. There are many totally legal apps that allow anyone, whether an individual or an organization, to drop a pixel spy into a message. You don't need any technical or programming skills.
Earlier this year, an email messaging service called Hey identified that as many as two-thirds of the messages sent to its users contained these "spies," which are also known as "web beacons."
The firm handles more than a million emails a day -- though, in this case, Hey tries to identify the pixels and block them. Multiplying that by the number of email service providers adds up to a huge number of spies, a situation Hey describes as "endemic."
Tech site ZDNet explains: "The recipient of an email does not need to directly engage with the pixel in any way for it to track certain activities. Instead, when an email is opened, the tracking pixel is automatically downloaded -- and this lets a server, owned by a marketer, know that the email has been read, when, and how long it was open.
"Servers may also record the number of times an email is opened, the IP address linked to a user's location, and device usage."
The spy pixel is usually buried inside a picture or graphic that's automatically downloaded into a message (rather than in an attachment) when you view or open it. The information can then be used to identify your level of interest and your potential vulnerability to a marketing message or even a scam.
Attempts to create laws to prevent the use of trackers have foundered because when an individual signs up to receive emails from organizations, they may unknowingly give their consent, buried in the small print of terms and conditions that most of us never bother to read.
Business magazine Fast Company describes the use of trackers as "creepy," noting for example: "By using tracking pixels, a stalker could see when an object of his or her obsession has read their latest email screed."
How To Block The Trackers
Here are a few things you can do to block email tracking:
- Check if your email provider either routinely blocks trackers or will do so at your request. For example, do a search on "Does (name of your provider) block email trackers?"
- This search may also provide information about how to block the trackers yourself. You'll also find more detailed information on how to defeat the trackers on some of the most popular PC, Mac, and mobile email clients, as well as more useful background, in the previously mentioned Fast Company report here: How to Stop Emails From Spying on You.
- Install an extension to your email that will spot and block them. Again, for example, search on "Apps to block email trackers in (name of your provider)." For example, an extension called Ugly Mail allows you to identify and disable Gmail trackers. Yahoo and Outlook webmail can be blocked by another extension called Trocker.
- Check the terms and conditions of any organization that you sign up for to receive regular emails. Even if you don't feel like reading the lot, open the T&Cs and do a text search for words like "track," "monitor," and "email."
- Switch off the automatic downloading of images that accompany messages. Many email clients already do this, giving you the option to download them just for a specific email when you open it.
ZDNet quotes Hey founder David Heinemeier Hansson as describing email trackers as "a grotesque invasion of privacy." But it's more sinister than that. When scammers are able to monitor your behavior in such detail, you're much more likely to be a potential victim.
Alert of the Week
Here's a neat and nasty trick that data harvesters can use to learn more about you via social media sites, without you realizing.
As we've warned before, what appear as innocent posts asking a simple question, can be used to help build a picture about your identity. By itself, the individual data item may be of limited use but, behind the scenes, marketers and data brokers add each bit to a description they're building of you.
Users think they're just a bit of fun and happily answer the questions that may be about their favorite movie, food, nickname, or latest purchase. But the outcome goes far beyond that.
In the latest trick, a Facebook post asks users what their age would be if the number was reversed. So "18" becomes "81." Sound innocent enough? But all the poster now has to do is reverse the number back to its original and tie it in to your profile, which is already identified through your username.
Now they know how old you are. Now you know what they're up to. Think twice before joining in the "game."
That's it for today -- we hope you enjoy your week!