Tuesday, June 08, 2004

A New Form of E-mail Tracking: Kiss More of Your Privacy Goodbye

You probably already know that you should be sweeping your PC for spyware, and viruses regularly. You should be updating your virus definitions daily. You should have a firewall installed to keep hackers out. If you’re just a little paranoid, you should also have a disk utility such as Evidence Eliminator which not only clears out junk files, but also writes over unused portions of your disk drive so that nobody can read files that you previously attempted to delete.

If you don’t think its anybody’s business what your doing when your online, you may want to install some secure connection software like AnonX or Anonic, which encrypt any data you send over the web and masks you IP address.

Finally, if you really want to go for broke, you can install some disk encryption software such as PGP (stands for Pretty Good Privacy) which will make it difficult for a hacker to read the data on your hard drive if they manage to get past that firewall I mentioned previously.

The reason for these precautions is simple. The internet is a dangerous place. If you log on without the proper tools, it’s akin to going tiger hunting with a butter knife. The only real difference here is that the tiger is apt to kill you quickly. On the Internet, you’re only likely to be maimed and then forced to suffer for years.

You could have your identity stolen or experience a ruined hard drive that can shut your business down permanently if you haven’t been backing up your data regularly. You could find your bank accounts drained, and lenders breathing down your neck for loans that you never took out.

Personally, I’ll take the tiger any day of the week. He may cause some pain but at least he’ll be quick about it.

Yes, the internet is a minefield for the inexperienced or the naïve. Programs known as Trojans and spyware can invade your PC without your knowledge, simply by virtue of the fact that you’re surfing the internet. Viruses can enter your PC through e-mail, websites, or shared files.

But let’s just say that you have taken the proper precautions. You have a firewall installed, up to date virus definitions and a host of other protections. Now, you’re safe from intruders, right? Well, I hate to ruin your day but it is time to rid you of your delusions concerning online safety.

Just when you though it was safe to go back in the water, along comes “DidTheyReadIt”!

DidTheyReadIt is an insidious little web bug. It generates an e-mail receipt from messages that are sent to you, every time they are read. Furthermore, if you forward the message on, receipts from the forwarded message will also be generated. This however is not the bad news.

Most e-mail programs such as Outlook, Outlook Express and Eudora give you a means to block e-mail receipts. These programs also have the ability to notify you when an e-mail receipt is requested from the person who sent the originating message. It is left completely to the person receiving the message as to whether or not a receipt will be generated. DidTheyReadIt changes this. Here, by the way, comes the bad news.

When a DidTheyReadIt message arrives on your PC, a receipt is generated without your knowledge. In fact, the receiving party gets no indication whatsoever that the mail message is being tracked. The information generated by DidTheyReadIt includes the date the message was received, when it was read, the amount of time it took to read the message, and the location where the message was read.

DidTheyReadIt works by embedding a single tracking pixel in HTML e-mail. This pixel sends information back to DidTheyReadIt’s mail servers and, in turn, to the person who originated the message.

At present, no virus software is capable of stopping a DidTheyReadIt mail message. Programs that scan for spyware are also useless.

The implications of this are tremendous. No longer can you say, “I didn’t receive that message.” You certainly can’t say, “I haven’t read your message yet.” Plausible deniability goes out the window. Just think about what this means. If your boss uses DidTheyReadIt, you could be in trouble.

The impact of DidTheyReadIt has the potential to be devastating. It can provide evidence of communication between two parties, even when one party is denying that there was communication. Just think of the impact that this could have in certain law suits.

DidTheyReadIt will not work in e-mail clients that don’t read HTML e-mail. If you are like most of us however, you want to be able to read HTML e-mail. Furthermore, most of the e-mail you generate probably uses HTML. So, what can you do?

Outlook 2003 gives users the ability to prevent the downloading of images. If you select this option, DidTheyReadIt will not work unless the sender of the message is in your address book. People in your address book are automatically exempt from this setting in Outlook.

Most of the better e-mail clients, such as Outlook, allow you to assign rules or filters to e-mail messages. At present, one thing that you can do is create a rule that looks for “DidTheyReadIt” in the body of the email message, and delete any messages that contain this phrase as they come into your inbox. Unfortunately, this is only a temporary fix because it will not take the designers of DidTheyReadIt long to figure out a simple work-around for this. Wizard-Industries makes software by the name of Email-Tracking Blocker, which they claim will block services such as DidTheyReadIt. If e-mail privacy is a big concern, you may want to consider their program which only costs $2.99 for a year of service.

While there may be some legitimate uses for DidTheyReadIt, the idea that someone is tracking e-mail messages without the knowledge of the recipient seems unscrupulous at best.

The DidTheyReadIt’s service is free for up to ten messages per month. They also have a variety of premium services available.

0 Comments:

Post a Comment

<< Home