Web Bugs the New Norm For Businesses? 108
An anonymous reader writes "What ever happened to the good old days, when underhanded email practices were only used by shady email marketing companies and spammers? Today, it seems, the mainstream corporate world has begun to employ the same tactics as spammers to track their customers' email. Jonathan Zdziarski noted in a blog entry that AT&T is using web bugs to track email sent to customers. Could this be used for nefarious purposes?"
How Long? (Score:2)
How long before this is used for nefarious purposes?"
FTFY
Re: (Score:3, Insightful)
Re: (Score:1, Flamebait)
Agreed. This isn't the kind of article that belongs on Slashdot. Email tracking has been going on probably almost 10 years.
The fact that this guy discovered 1x1 pixels in email and mis-attributes them to "bugs", is so technically incompetent I would think I am reading the technology section of AOL.
Re: (Score:2)
1x1 pixel images are more likely to fix really lousy email rendering by wildly different clients. ANY image in an email can be used for tracking.
Re: (Score:2)
Yep, spacer GIFs are old too. David Siegel's old books on HTML was one of the earliest books that mentioned it, for example.
Re: (Score:3)
This looks like a web bug to me. If you want to use an image for rendering purposes, you would link to an image with a static name like http://image.att.com/spacer.gif [att.com] .
The article specifically shows the image name as http://click.wireless.att.com:8080/31198108.178649.1159326048.-3 [att.com] If you think that is not passing information back to at&t you would probably believe that IE is the most secure and standards compliant browser.
Re: (Score:2)
Yea, can you say horrible? In fact, I consider what I call "legacy" PR that is based on controlling the message fundamentally flawed these days.
Re: (Score:3)
Ummm... "web bug" is the actual term for them.
http://en.wikipedia.org/wiki/Web_bug [wikipedia.org]
I would've thought someone ranting about technical incompetence would've known that.
Re: (Score:2)
Ummm... "web bug" is the actual term for them.
http://en.wikipedia.org/wiki/Web_bug [wikipedia.org]
I would've thought someone ranting about technical incompetence would've known that.
shoot, you beat me to it!
I was thinking the same thing! It's always humorous to read someone rant like that, and demonstrate their own ignorance!
Then again, maybe we fell for a troll!
Re: (Score:3)
You're sarcasm aside, that term seems to me to be a mis-representation by laymen and marketing folk; just like "beacon" and all the others. Look at one of the image tags for the article -- Soulskill mis-tagged it with the bug picture. The reality is, it's a tracking pixel.
Still, you're right, mea culpa. I didn't know that term, even having worked in online advertising and publishing for many years. But it's hard to know all the names marketing folk come up with.
However, I don't think this changes the fact
Is this news? (Score:3)
I assume that almost everyone who sends commercial email does this. It's not really news, and I don't think it's a big deal. Almost every email program (even Outlook) has an option to not download images--if you don't want to confirm that you've received the email, don't download images.
Also, as an occasional sender of commercial email just because the image has been downloaded doesn't mean it's been read. Just means the images have been downloaded.
This is why if you are sending out commercial email, mak
Re: (Score:3)
Re: (Score:2)
I think, at least with Outlook, the default is to not load images and the warning message is reasonably clear. Also, knowing that you received a message doesn't seem like that big of a deal. If you're concerned about confirming your email address (which is all the web beacons do) use a throw away address or turn off downloads
Re: (Score:2)
Yea, which is why most email clients has an option to not load images by default for years now.
Re: (Score:3)
The fact that this guy discovered 1x1 pixels in email and mis-attributes them to "bugs", is so technically incompetent I would think I am reading the technology section of AOL.
It certainly is something to discuss here, but the suggestion that it is a "New Norm" is absurd.
What makes you think the guy was wrong?? They've admitted to using them. What other 1x1 graphics do you expect? A period would typically take four, not that it makes much sense to use a graphic for a period.
What possible legitimate use a
Re: (Score:3)
he was refering to bug as in a bugged telephone not faulty software
Re: (Score:2)
How long has it been -since- they started using this for nefarious purposes, you mean.
Whatever goes around, comes around.
Re: (Score:2)
I'm going to guess negative 1 or 2 years.
Re: (Score:1)
Honestly, is there a script that tacks "Could this be used for nefarious purposes?" on the end of every entry or something?
Re: (Score:1)
The first time I wrote a program to do this was about 1996 or so. It worked better than reply receipts for some customers. It's been around since Outlook/Outlook Express/Eudora first started supporting HTML formatted e-mail.
Our "nefarious purpose" was (at the time) supporting a paid subscription e-mail publication, and then the marketing people got wind of it...
So, if you consider marketing and their desire for another useless statistic nefarious -- define it as you wish..
Use Thunderbird (Score:4, Interesting)
It doens't load web bugs until you tell it to.
Fastmail.fm does the same.
Re: (Score:2)
I was under the assumption that most people use webmail, and most webmail systems render everything.
Re: (Score:3)
Gmail blocks images by default. Yahoo and Hotmail can be told to. Get better webmail.
Re: (Score:3)
They you were under the wrong assumptions.
Most people still use the email client that came with their machine, which equates to some form of Windows / outlook stuff, which shows images by default.
A few percent have switched to Thunderbird or other clients that do not load images by default. But its far from the norm.
Gmail's web interface blocks images sometimes. Not so much from individuals or other gmail accounts, but most of the time from commercial accounts.
You will see a yellow bar at the top of the m
Re: (Score:2)
.
Most people still use the email client that came with their machine, which equates to some form of Windows / outlook stuff, which shows images by default.
A few percent have switched to Thunderbird or other clients that do not load images by default. But its far from the norm.
Actually, I would guess that some significant fraction - 30% maybe - are business computers that use either Notes or Outlook, both of which block images by default.
The real WTF reaction to me is considering web bugs more than trivially nefarious. Every business that sends bulk email wants to collect metrics, and web bugs are one way to determine if someone actually opened the email. I think the only reason they are not utterly ubiquitous is the fact that so many email clients do block display of images.
Re: (Score:2)
Well, not all versions of Outlook block images by default. The older versions showed them all by default. Further the options provided for selective blocking usually include Show All Images, with no warning at all.
Its precisely the business hireling that selects show all, because they really don't give a rip.
Admittedly, the use of this is probably quite benign in most cases, intended to be used to pare down the mass marketing list, saving bandwidth, and customer aggravation.
However, it takes a fair amoun
Re: (Score:2)
Outlook 2003 and later certainly don't load images by default.
Re: (Score:2)
Most people still use the email client that came with their machine, which equates to some form of Windows / outlook stuff, which shows images by default.
Outlook, and Windows Mail/Windows Live Mail block images by default. Outlook has for years (decades)? Windows Mail/Windows Live Mail has as long as its existed. Your knowledge is severely out-of-date.
Re: (Score:2)
Your knowledge is severely out-of-date.
So is my outlook.
Re: (Score:1)
Re: (Score:2)
RoundCube [roundcube.net] does not display images by default. It is a modern web mail application used by hundreds of ISPs and thousands of end users.
Re: (Score:1)
Outlook skips loading them by default as well if you are even close to current.
Re: (Score:2)
Re: (Score:1)
As a programmer, the first thing I think of when I hear "bug" when related to computers is a flaw or defect... but I think in this case they mean a more traditional bug, like when you say someone's phone is "bugged." A tracking or listening device.
I've even heard some users refer to viruses/malware as "bugs" (like having a flu "bug")... confuses the hell right out of me as a programmer until I realize what they really meant.
Re: (Score:2)
Re: (Score:2)
It doens't load web bugs until you tell it to.
That's a standard feature on every mail client I've used for at least the past 5 years.
Email client remote image blocking (Score:3, Insightful)
Re: (Score:1)
yeah but most people click show images....
Re: (Score:1)
Re: (Score:2)
If the server serving the image is part of the analytic campaign,no you dont. However, most of the time, the analytics services are not provided in-house, but the big image is.
Re: (Score:2)
But even in that case, it wouldn't have to be a 1x1 image.
Any size image would do. The 1x1 bit is just to keep bandwidth down and allow the same image to be uses for every request, and to allow the insertion of the image to be done by the email engine without messing up the layout.
Re: (Score:2)
You can strip the "for one of the big images". You just need the Get request. CSS, images, whatever.
Re: (Score:1)
Why would you use an image to track an email campaign, when there are other filetypes that an HTML email client will load without asking?
I once wrote an email campaign system in ASP.NET. One of the fun things you can do with .NET is create IHttpHandlers that handle an incoming request for a given resource, but have server-side executable code associated with them (without having to change any file type associations!). So I created a handler that updated a database with tracking stats and retrieved a 1x1 ima
Re: (Score:2)
Turn off preview. (Score:4, Insightful)
Re: (Score:3)
Both Gmail and Hotmail have images turned off by default - Yahoo might as well I don't know. So any of the regular web clients are safe enough.
Yet another reason (Score:1)
Every Legit Email Marketer Has Always Done This (Score:1)
"Legit Email Marketer" (Score:3, Funny)
Re: (Score:1)
I threw up in my mouth at that oxymoron.
FTFY
Re:"Legit Email Marketer" (Score:4, Insightful)
There's a difference you know. I get promotional email from Amazon, quite often it actually alerts me to deals I'm interested in, so it serves it's purpose. If I change my mind I can switch it off. It's not spam, it is email-based marketing.
Fighting spam is hard enough without confusing what it actually is.
Re: (Score:2)
Looking for participants... (Score:1)
AT&T now stands for (Score:4, Funny)
Duh... (Score:2)
2003 called (Score:5, Insightful)
it wants its story back
this news is very old
i read email text only. i'm not paranoid, i just prefer it. the conversion to text sometimes results in some really fugly emails, and they are always emails from businesses, usually ads. and i'm talking about valid businesses i have some sort of demographic contact with with my lame public email address (as opposed to my personal public email address, that i actually attempt to protect and actually pay attention to): starbucks, cvs, best buy, verizon, etc
i pay attention to 1% of such emails, usually for half a second, when i scan this folder maybe once a month for any valid correspondence. but the image links always stand out since they usually burst the flow of text when converted to text. they are always something like 88daeef445bb23c1.jpg. never banner.jpg or greatoffer.jpg. it's always some unique code
yes, every time you view an html email (with automatic image download), you are spied on. this should be of no surprise to anyone half awake, since this is true for i would say a decade or more as the normal status quo
Re: (Score:2)
Everyone does this (Score:2)
Vertical response, mail chimp, etc.. all commercial email marketing companies include a tracker. Its really not all that much different than websites tracking you, knowing that you clicked on their page at such and such time, except this time you are looking at the page from your inbox.
Re: (Score:2)
You'll also note that every URL on one of these mails is a redirect that has the ability to track which user and which email it originated from.
They then use this info to generate click-through reports on what type of user did what with which email.
I'll add this is very old news.
Don't Load Images (Score:5, Insightful)
Every e-mail client I've used in recent times doesn't load images by default. I generally assume that I am being tracked if I choose to load the images.
Re: (Score:2)
I think the more appropriate question is what person believe they aren't being tracked when downloading images from some server?
Every Web transaction is tracked and when it loads images it downloads those images from a website which is tracking downloads. But the main question is who in their right mind doesn't realize that happens? I thought this was common knowledge. There is simply no way for a website not to know you are downloading images unless they turn off all tracking and that would make bug report
Re: (Score:1)
Anyone who isn't blocking them by now deserves what they get.
I was wondering when you'd show up.
Isn't this built into Salesforce.com (Score:1)
We do this (Score:1)
We send mass mails to people who have opted in. It's mostly just ads, with a little bit of genuinely-interesting "content" which is the ostensible purpose of the mail from the receiver's point of view. From our point of view, the purpose is to show the ads. The mails are HTML. I haven't looked too hard at 'em, because I don't personally read HTML mail, and also I'm not the guy who handles this particular part of our business. But I know it has at least one "web bug."
Currently, the purpose for the web bug
Re: (Score:2)
Do you care as much about the recipients reading the email, or do you care more if they act upon it? I'd go for the tracking URL if it's the latter.
As a recipient of such fine emails as yours, a web bug will never tell you if I got them or not as I long ago blocked linked image downloading. But if I'm interested in the content, I'll usually click on the tracking link rather than going to my browser and manually loading the related web page. If the email is useful to me, I don't mind rewarding the email s
Re: (Score:1)
Re: (Score:1)
Is that something like plausible ostensibility?
It's Done (Score:1)
The general population has lost much privacy and many freedoms. And the encroachment continues - accelerates even.
But the fault is ours. We gave it all away for the promise of cheap baubles, entertainment and security. So many click still on the "get rich quick" eMail scams. So many happily use credit/debit cards to buy every little thing. So many willingly surrender their privacy & dignity - all for the vacuous promise of security. And deity forbid one gets in the way of TV entertainment. Use
Re: (Score:3)
The Web/Internet is not private, it is Public. Treat it as if you are in your front yard and your neighbors can see and hear everything you do or say. This is what I tell everyone.
Inevitably they ask about email, which I say "it is like a post card", anyone anywhere along the chain can read it, and you'll never know.
Treat the internet like it is public, not private, and you'll be safe(r).If you want to be "private" on the iNet you best be encrypting and making sure that only the person you're communicating
Re: (Score:2, Insightful)
It's not Public, it's You Get Spied On Every Time You Connect.
There's a big difference between the classical model of Public and today's surveillance-driven Orwellian nightmare. In your front yard, your neighbors can see what you're doing ... if they happen to be looking in your direction while you're doing it.
On the web, everything you do is watched, tracked, and analyzed by a legion of machines bent on calculating ways to extract money from you ... or worse, whether men with guns ought to be sent to arre
Re: (Score:2)
Could this be used for nefarious purposes? (Score:2)
My elm application asks ... (Score:2)
... what is this web thing of which you speak?
Oh boo-hoo a tracking gif (Score:2)
I'd be surprised if any companies haven't been using tracking images as a matter of course for all their mailouts for the last 5 years.
Having spent 6 years working for web agencies I can tell you that marketing people love to see statistics on their mailouts, even if they do nothing more than get a rough estimate on number of views.
Re: (Score:2)
Exactly. Since when did this start being considered "underhanded"? If this is underhanded, then it is also underhanded to track any of the activity of any logged-in user on a website. Legitimate businesses use that tracking information to better serve their customers. Let's not get confused. Spam is wrong, but it's not necessarily wrong to use a method that is also used by spammers.
Nothing new here... (Score:1)
One solution: non-HTML-enabled mail readers (Score:2)
At least one solution is out there:
Don't use webmail or web-enabled mail clients like Outlook. Mutt and Alpine and similar mail clients that don't interpret HTML are immune to this particular form of jackassery.
You know that axiom about how security and convenience are inversely proportional? It's true. You have to set the slider where you choose to, and unless you're willing to write the perfect HTML-interpreting-except-for-web-bugs-which-are-differentiated-from-other-objects-somehow-but-is-still-Excha
Useful for market research (Score:1)
I worked with this for 6 months. Learned a lot of interesting stuff about how people react to variations of emails.
Short messages that are to the point works well, but so do some marketing tricks, such as scaring people, FUD.
Since the company was never satisfied, and wanted everything I did as their exclusive property, I used mainly multiple overlapping test groups with random sampling. I would have preferred advanced modelling, which I am really good at, but did not want to loose rights to do that. I later
Wreck their plans... (Score:2)
Not necessarily nefarious (Score:2)
I bought some train tickets from GNER, as they were then, and got signed up to their "newsletter". Since I'm hardly ever on that side of the country, I had no reason to even bother reading the thing. I never got round to unsubscribing from it, just deleted it unread.
A few months back, I got an email from their successor, along the lines of, "We noticed you haven't read the newsletter in quite a while. Click here to stay subscribed, otherwise it'll stop coming." I thought that was pretty good; I always assum
This is standard in all email marketing (not spam) (Score:3)
People who send email newsletters (not spam) that people have signed up to receive, want to have analytics data on who reads their messages. Perfectly normal, not dastardly companies that offer email marketing platforms like Constant Contact, MailChimp, CampaignMonitor, etc. all include such recipient tracking by default. Not only by noticing whether or not somebody downloads an image in an HTML email, but also by rewriting all URLs linked in the message so that individual clicks can be registered. These are all recorded uniquely to each subscriber so the sender can tell who is interested in what content. Anyone who is surprised about this is out of the loop. This kind of information is very useful for the nonprofit I work for to understand which of our opt-in subscribers are interested in what content and how we can make our emails more useful for their work.
http://www.mailchimp.com/features/reports [mailchimp.com]
Oh shove it (Score:2)
Hammers can apparently be found in many residences. Can they be used for nefarious purposes?
It's called split testing or multivariate testing and it's a perfectly legitimate marketing tool. If you don't trust a specific company, unsubscribe from its damn mailing list
Yes, it is now OK (Score:2)
I hate it too, but yes it is now considered socially-acceptable to harvest info from your readers via "bugged" images.
About a year ago I was talking to a local party official about this, after I discovered the local party was doing this with its email list. He's a nice guy, but everyone who works there including himself is a volunteer, and none of them are particularly computer-saavy.
I tried to explain to him that that kind of harvesting is a Bad Thing, but I don't think I had much success. Email is abo
Wake up and smell the coffee ! (Score:2)
Have a look at salesforce.com, they sell this as a service and they do it well !
Use a decent e-mail program. (Score:2)
I receive all my mails using RoundCube webmail these days. It warns that an HTML e-mail contains images, and will only display them if you want to. If an e-mail demands a read receipt, you are prompted whether or not you wish to send that.
The bottom line is that web bugs are not possible without the cooperation of dumb client software.
Some lame mail providers still use linked icons! (Score:2)
Receive an e-mail with smileys from a Hotmail user and your decent e-mail program will warn that the message contains images. If you choose not to display them, the e-mail is devoid of all emoticons.
Idiots.
Unresearched article... 90% of email newsletters (Score:2)
I manage a mailing list for a client - it's completely opt-in, either in the retail stores or via the website signup forms.
To keep current with what other companies are doing, I've signed up for dozens of email newsletters. I would say that at least 3/4 are using the equivalent of web bugs to track email open rates - it's not 100% accurate, but it's far better than nothing. It's a checkbox feature by EVERY major 3rd party email service provider.
Actually, I've also examine a lot of SPAM - they do NOT do w