PC World Article, 'Track That Email', Really FROSTS

[rkr1958]

http://www.pcworld.com/news/article/0,aid,117018,00.asp

DidTheyReadIt embeds a Web bug, traditionally used by e-mail marketers, into outbound messages. Web bugs are imperceptible image files that, when activated with the opening of the e-mail message in which they reside, request information from a server to verify an e-mail message is opened and for how long. People receiving e-mail messages that use DidTheyReadIt have no idea the e-mail is being tracked.

DidTheyReadIt goes a step further than standard e-mail return receipts. Its Web bugs can also detect the IP address unique to the e-mail recipient's computer, allowing DidTheyReadIt to make an educated guess as to where the e-mail recipient is located.

In my informal tests, DidTheyReadIt accurately guessed my correspondents' locations and how long e-mail messages were viewed.

This really FROSTS me ... If I read the article correctly then I can't even read email in the privacy of my own home without the worry that some is tracking this.

Would the tracker work if the target PC was running Firewall Software, such as ZoneAlarm Pro? How in the heck do you prevent someone for doing this?

[Roundabout]

How in the heck do you prevent someone for doing this?

Different ways to stop this (web bugs have been around a while now) - take a look at this web page: http://www.adsubtract.com/advisor/feat_bugs.html or do a Google search for "block web bugs".

[thecoalman]

Would the tracker work if the target PC was running Firewall Software, such as ZoneAlarm Pro?

Nope because you allow OE to access the internet. Your not sending information but receiveing it. But if the image file name is particular to your e-mail theyll know you opened it since the image has to be downloaded from the server.That's actually quite ingenious. They could even have a single file for all e-mails and by looking at the server logs can see how many e-mails were opened.

Yoo can check the box in OE under tools>options>read that says "read all e-mail in plain text". That should disable the HTML but I wouldn't worry about it. The only thing they know is that you opened it or at worst that your e-mail address is valid. Really low risk as far as security is coincerned. Best thing to do is not open any e-mail from anyone you don't know and disable the preview pane.

Edit: Sorry I'm assuming your using OE, it's the same for other e-mail aps. Some can disable them, look up your particular e-mail client to see what you can do.

[themichael]

If you use a proxy, then all they get is the address of the proxy. Logging IP addresses for security or tracking is pointless. You can also put a the main IP/web address of the tracking company in your host file (Windows users) and have it point to 127.0.0.1, you open email and they don't know.

Example: While at work one day the only corporate server that had an open connection to the net was in Europe. I was in the US. They also blocked web addresses of certain ad servers because of pr0n ads.