[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Off Topic (Was Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

From: Tim Cross
Subject: Off Topic (Was Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?)
Date: Mon, 21 May 2018 08:24:37 +1000

On 21 May 2018 at 03:33, Uwe Brauer <address@hidden> wrote:
>>> "Richard" == Richard Stallman <address@hidden> writes:

> Slightly off topic, there is software which warns you about tracked
> emails or even tries to block them. However that blocking then causes
> the tracking software to consider it as opened, although it was not
> really opened :-D [1] and which really defeats the whole idea of
> tracking, but this is another topic.

If that occurs, the 'read reciepts' must be being handled by the server and not the client. or the anti-tracking software is just rubbish. There are essentially 4 techniques I've seen used to track when an email message has been opened

1. Old style image - usually a small transparent png with a unique name. Remote server tracks requests for the image. As each image URL has a unique name, the system is able to map that to a specific message and from there to the recipient. Easy to defeat and can generate lots of false positives (for example, anti-virus software which opens messages and retrieves embedded objects to check them for malicious content etc, messages that are shraed/forwarded etc. 

2. Embedded _javascript_. Increasingly a problem, especially for browser based email clients. Software like 'ghostery' can help reduce the threat, but _javascript_ is becoming an increasingly more pervasive virus (still frustrates me that Adobe PDFs support embedded _javascript_!). 

3. Mail Server Support. Some mail server, like Exchange, support a read receipt extension. Most effective when all servers in the mail transport are Exchange, but other servers are also starting to support such an extension. Probably the hardest one to protect against because the 'tracking' occurs in server land and individuals lack control at this level. Most do offer to turn this feature off on a per client basis, but you have to trust the server honours that request. With exchange, the server knows a lot about your activity due to the way Outlook and exchange communicate. Even if you don't use outlook and just use imap/pop, the server will likely mark a message as being opened once you download it (pop) or open it (imap). About the only thing you can do is forward all your message to a server which is not Exchange.

4. Timed/Limited message servers. There are a few email services which offer the ability for the sender to delete their message after a specified period of time. I don't think these services are very popular, but I have received messages from such services (which I refuse to read). Essentially, you don't actually receive the message - instead, you receive a link to a message and you need to open the remote link in order to read the message. The marketing hype with these services is that you can supposedly delete the message you sent so that it no longer exists - complete rubbish of course as anyone can copy and paste the message (or use some other more sophisticated method to capture it). I hate this one because it plays on people who don't understand technology and gives them a false sense of control rather than reinforcing the reality that once you send/post something, it is out there and you no longer have control over it - almost as stupid as those pointless email footers threatening legal action if you distribute a message sent to you.  I'm often tempted to put something like

"To all senders - I consider any message sent to me to be my property. I will use, discard, share or publish the contents of such messages as I see fit. 


Tim Cross

reply via email to

[Prev in Thread] Current Thread [Next in Thread]