You Can Tell Which Emails are Being Tracked.

Uploaded on 2015-03-26 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

trackmail.png

 

You may not have heard of companies like Yesware, Bananatag, and Streak, however they almost certainly know a good deal about you. Specifically, they know when you’ve opened an email sent by one of their clients, where you are, what sort of device you’re on, and whether you’ve clicked a link, all without your awareness or consent.
That sort of email tracking is more common than you might think. A Chrome extension called Ugly Mail shows you who is guilty of doing it to your inbox. Sonny Tulyaganov, Ugly Mail’s creator, says he was inspired to write the “tiny script” when a friend told him about Streak, an email-tracking service whose Chrome extension has upwards of 300,000 users. Tulyaganov was appalled.

The reason it was so easy to create is that the kind of tracking it monitors is itself a simple procedure. Marketers, or anyone who’s inspired to snoop, simply insert a transparent 1×1 image into an email. When that email is opened, the image pings the server it originated from with information like the time, your location, and the device you’re using. It’s a read receipt on steroids that you never signed up for.
Pixel tracking is a long-established practice, and there’s nothing remotely illegal or even particularly discouraged about it; Google even has a support page dedicated to guiding advertisers through the process. That doesn’t make it any less unsettling to see just how closely your inbox activity is being monitored.
Using Ugly Mail is as simple as the service is effective. Once you’ve installed it, the code identifies emails that include tracking pixels from any of the three services mentioned above. Those messages will appear in your inbox with an eye icon next to the subject heading, letting you know that once clicked, it will alert the sender. Tulyaganov also confirmed to WIRED that Ugly Mail also doesn’t store, save, or transmit any data from your Gmail account or computer; everything takes place on the user’s end.
Ugly Mail appears to work as advertised in our test, but it has its limitations. It’s only built for Gmail and is only available for Chrome, although Tulyaganov says that Firefox and Safari versions are in the works. And while it’s effective against Yesware, Bananatag, and Streak, those are just three pixel-tracking providers in a sea of sneaking marketers. 
Pixel tracking isn’t going away any time soon, and Ugly Mail is an imperfect way to prevent it. But it still offers a valuable glimpse at the marketing machinations we’re all exposed to every day, whether we’re aware of them or not.
Wired http://wrd.cm/199ve01

« Drones: The Looming Threat
China Reveals Its Cyberwar Secrets »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

France Cybersecurity

France Cybersecurity

France Cybersecurity represents the French cybersecurity industry to raise international awareness of French cybersecurity capabilities and solutions.

CTR Secure Services

CTR Secure Services

CTR Secure Services provides a broad range of security consulting services from asset protection to cyber security.

Irdeto

Irdeto

Irdeto is the world leader in digital platform security, protecting platforms and applications for media & entertainment, gaming, connected transport and IoT connected industries.

CyberArts

CyberArts

CyberArts is founded on the belief that every single organization deserves and requires the creme de la creme when there is a need for Cyber services.

Fraud.com

Fraud.com

Fraud.com ensures trust at every step of the customer's digital journey; this complete end-to-end protection delivers unified identity, authentication and fraud detection and prevention.

Dathena

Dathena

Dathena is a company developing data governance software based on machine learning algorithms.

Cybersecurity Collaboration Forum

Cybersecurity Collaboration Forum

The mission of the Cybersecurity Collaboration Forum is to foster information security communication and idea sharing across the C-Suite, enabling leaders to better protect their enterprises.

Adyta

Adyta

Adyta specializes in cybersecurity solutions adapted to the needs of sovereign institutions, business groups and other organizations that handle information and sensitive or classified data.

StrataCore

StrataCore

StrataCore is a single-source technology lifecycle advocate that works behind IT teams as a strategic partner to help them achieve peak enterprise outcomes.

SOC Prime

SOC Prime

SOC Prime is the only Threat Detection Marketplace where researchers monetize their content to help security teams defend against attacks easier, faster and more efficiently than ever.

Swish Data Corp.

Swish Data Corp.

Swish delivers when the problems are complex, requirements are difficult, and the mission is absolutely critical.

CyberUp

CyberUp

CyberUp is a nonprofit organization created to strengthen the cybersecurity workforce. We help employers reimagine how they grow and scale their cybersecurity workforce.

Lasso Security

Lasso Security

Lasso Security is a pioneer cybersecurity company ensuring comprehensive protection for businesses leveraging generative AI and other large language model technologies.

IS4IT Kritis

IS4IT Kritis

IS4IT is your partner for the successful planning, introduction and implementation of company-specific information security concepts.

Graphiant

Graphiant

Graphiant’s Data Assurance service gives businesses end-to-end control and visibility into how data travels throughout the entire business network.