You Can Tell Which Emails are Being Tracked.

Uploaded on 2015-03-26 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

trackmail.png

 

You may not have heard of companies like Yesware, Bananatag, and Streak, however they almost certainly know a good deal about you. Specifically, they know when you’ve opened an email sent by one of their clients, where you are, what sort of device you’re on, and whether you’ve clicked a link, all without your awareness or consent.
That sort of email tracking is more common than you might think. A Chrome extension called Ugly Mail shows you who is guilty of doing it to your inbox. Sonny Tulyaganov, Ugly Mail’s creator, says he was inspired to write the “tiny script” when a friend told him about Streak, an email-tracking service whose Chrome extension has upwards of 300,000 users. Tulyaganov was appalled.

The reason it was so easy to create is that the kind of tracking it monitors is itself a simple procedure. Marketers, or anyone who’s inspired to snoop, simply insert a transparent 1×1 image into an email. When that email is opened, the image pings the server it originated from with information like the time, your location, and the device you’re using. It’s a read receipt on steroids that you never signed up for.
Pixel tracking is a long-established practice, and there’s nothing remotely illegal or even particularly discouraged about it; Google even has a support page dedicated to guiding advertisers through the process. That doesn’t make it any less unsettling to see just how closely your inbox activity is being monitored.
Using Ugly Mail is as simple as the service is effective. Once you’ve installed it, the code identifies emails that include tracking pixels from any of the three services mentioned above. Those messages will appear in your inbox with an eye icon next to the subject heading, letting you know that once clicked, it will alert the sender. Tulyaganov also confirmed to WIRED that Ugly Mail also doesn’t store, save, or transmit any data from your Gmail account or computer; everything takes place on the user’s end.
Ugly Mail appears to work as advertised in our test, but it has its limitations. It’s only built for Gmail and is only available for Chrome, although Tulyaganov says that Firefox and Safari versions are in the works. And while it’s effective against Yesware, Bananatag, and Streak, those are just three pixel-tracking providers in a sea of sneaking marketers. 
Pixel tracking isn’t going away any time soon, and Ugly Mail is an imperfect way to prevent it. But it still offers a valuable glimpse at the marketing machinations we’re all exposed to every day, whether we’re aware of them or not.
Wired http://wrd.cm/199ve01

« Drones: The Looming Threat
China Reveals Its Cyberwar Secrets »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Code Dx

Code Dx

Code Dx is a software application vulnerability correlation and management system.

Schneider Electric

Schneider Electric

Schneider Electric develops connected technologies and solutions to manage energy and process in ways that are safe, reliable and sustainable.

Remediant

Remediant

Remediant is the leader in Precision Privileged Access Management. We protect organizations from ransomware and data theft via stolen credentials and lateral movement.

OGiTiX

OGiTiX

OGiTiX Software AG is a German software manufacturer specializing in Identity and Access Management.

Tech Mahindra

Tech Mahindra

Tech Mahindra is a global leader in IT solutions, BPO, business consulting services & digital technologies.

Build38

Build38

Build38 provides the highest levels of security for mobile applications.

Global Accelerator Network (GAN)

Global Accelerator Network (GAN)

Global Accelerator Network are a highly curated community of independent Accelerators, Partners and Investors.

GBT Technologies

GBT Technologies

GBT Technologies is a technology company focused on chip design and software to enable IoT, global mesh networks, and for applications relating to artificial intelligence.

HarfangLab

HarfangLab

HarfangLab develops a hunting software to boost detection and neutralization of cyberattacks against companies endpoints.

Salem Cyber

Salem Cyber

Salem Cyber builds Artificial Intelligence (AI) solutions that work collaboratively with people to address scalability challenges in cybersecurity operations.

Tenable

Tenable

Organizations around the world rely on Tenable to help them understand and reduce cybersecurity risk across their attack surface—in the cloud or on-premises, from IT to OT and beyond.

WillJam Ventures

WillJam Ventures

WillJam Ventures are a private equity firm focused on investing in world-class cybersecurity companies that will become the next generation of leaders in protecting the world’s digital assets.

US Cyber Games

US Cyber Games

US Cyber Games is committed to inform and inspire the broader community on ways to develop tomorrow’s cybersecurity workforce.

Evolve Business Group

Evolve Business Group

Evolve is an independently-owned managed network solutions provider, creating bespoke packages for customers globally since 2005.

Aberrant

Aberrant

A radically new approach to managing information security. Aberrant is the single pane of glass through which a security program can be viewed.

CoinCover

CoinCover

Blockchain technology is changing everything. However, it brings its own set of unique risks. Coincover ensures everyone is protected, enabling them to innovate freely, without constraints.