Jump to content

Welcome to Beyond Windows 9 - Portal to the Future
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!


Photo

How emails can be used to track your location and how to stop it


  • Please log in to reply
6 replies to this topic

#1
Tetley

Tetley

    Hero Member

  • Global Moderator
  • 10,240 posts

How emails can be used to track your location and how to stop it

 

A new, free Google Chrome browser extension called Streak lets email senders using Google accounts see when recipients open email.

And, oh my, it also lets senders see who, exactly, opened the email, and where the recipient is located.

The extension, part of a customer relationship management (CRM) system that includes tools for sales, support and hiring, places email recipients on a map, with big red dots indicating their locations. It also gives users real-time location updates.

 

we-know-where-you-live.png?w=640

Streak is a bit creepy. But it's not, of course, "changing the email game", as has been somewhat breathlessly claimed.

Streak may well be in the business of giving marketers the ability to eyeball our whereabouts and our email-opening schedules, but it certainly didn't invent email tracking - not by a long shot.

Email tracking is already used by individuals, email marketers, spammers and phishers to understand where people are, validate email addresses, verify that emails are actually read by recipients, find out if they were forwarded and discover if a given email has made it past spam filters.

The bad news is that if you're thinking that you can just avoid installing Streak if you don't want marketers, creeps, phishers and spammers to see when and where you opened your email, so sorry to tell you, but that's just an irrational thought coming from la-la land.

You know that place, right? It's the place where opt-in is the norm.

In the place where we all actually live, recipients don't have to install anything for email tracking to work and nor will they know if their locations and email openings are being tracked.

It's easy as pie - just sit back, open email as usual, and the email trackers will churn their wheels, no recipient involvement required.

Thankfully it's not all bad news.

Because email is actually quite simple, there are only a very small number of techniques that systems like Streak can use to track you - and they're easy for you to disrupt.

Emails are fundamentally inert (in the vernacular they are not executable) so they can't make your computer run code.

For an email to pull off something like tracking it needs considerable cooperation from your email client and, since you control your email client, that puts you in the driving seat.

Somebody who wants to track you can do two things; they can either send an email with a read receipt, or they can send an email with an embedded image (sometimes referred to as a bug or beacon).

Read receipt requests are included in an email's meta data (its headers). Because the meta data is passive it amounts to no more than a plea to your email software to please ask for a read receipt.

Different email clients don't agree on what a read receipt header should look like so there's no guarantee your read receipt will even be recognised as one.

If it is recognised then, overwhelmingly, email clients will prompt users and ask if they want to let the sender know that they've read the email. It's not a great technique for email marketeers trying to keep your tracking secret.

You are much more likely to be tracked by embedded images.

A tracking email has to be written in HTML. This allows it to reference an image on a remote server owned by the sender (this part isn't underhand, it's just how HTML works).

When the email is opened, the email software loads the image from the remote server by sending it an HTTP request.

A spammer or marketeer sending a mass mailing can choose to give each email an image with a unique URL so they can tell which recipients have opened their emails.

Like all HTTP requests, the one sent by your email software will contain your IP address. Because IP addresses are allocated geographically, that's tantamount to providing location data accurate to what city you're in.

The HTTP request will also contain a user-agent header which provides a brief description of your browser and operating system.

So, from one embedded image systems like Streak can determine:

Who opened their email
What time the email was opened
Where it was opened
What sort of device it was opened on

The answer to protecting yourself from this kind of tracking is straightforward - don't load the images.

You can do this by forcing all your email to render as plain text or by allowing it to render HTML without images.

Most email clients are well disposed to help you with this and will actually do the latter by default, giving you the option to download the images if you decide you want them.

The most notable exception to this is Gmail which loads remote content automatically unless you take back control of your images.

For your part you need only understand that loading images in emails means "tell the sender you've just opened their email and you'd like them to send you the rest of the message".

So, if you don't trust marketers and stalkers with your location and email-reading schedule, it's time to take back remote content loading.

Below are instructions on how to switch off image loading in seven of the most popular email clients:
iOS Mail

Click the Settings icon
Click Mail, Contacts, and Calendars
Toggle Load Remote Images to off.

Outlook (Desktop)

Click the Tools menu
Click Trust Center
Click Automatic Download
Check Don't download pictures automatically in HTML e-mail messages or RSS items.

Outlook.com

Click on the Settings icon (cog)
Click More Email settings
Click Filters and Reporting under Junk Email
Select Block attachments, pictures, and links for anyone not in my safe senders list.

Apples Mail

Click Mail
Click Preferences
Click Viewing
Uncheck Display remote images in HTML messages.

Yahoo Mail

Click the Settings icon
Click Settings
Click Security
Locate Show images in email
Select Never by Default.

Gmail

Click the Settings icon
Stay in the General tab
Scroll down to the Images section
Choose Ask before displaying external images
Click Save Changes.

Android Gmail app

Tap the menu button
Tap Settings
Tap on your email address
Scroll to the bottom of the screen
Tap Images
Select Ask before showing.

Although this article is mostly about how emails you receive can leak information about you, it's worth understanding that emails you send can too.

When you send an email, each server your message passes through will stamp the email with its IP address. The first IP address in that list is normally yours - the one that can be used to locate what city you're in.

The only way we can think of to avoid this is to use a webmail service (and you have to use its web interface).

In our quick and dirty testing I found that Gmail, FastMail and Outlook will all keep your IP address secret but Yahoo, the perennial late comers to the security and privacy party, won't.

 

Original Source 

http://nakedsecurity.sophos.com/2014/02/27/how-emails-can-be-used-to-track-your-location-and-how-to-stop-it/

  • Neige, leezaal, chenzen666 and 16 others like this

5ULDs17.png


#2
cognizione

cognizione

    T.A.A.B # 2

  • Administrators
  • 7,433 posts

Tetley thanks for the post     :)
 
 
What is Streak?
Last Updated: Jan 13, 2012 03:54PM PST


Streak is a Google Chrome Extension that adds extra tools to Gmail letting you manage relationships directly within your inbox.

Managing relationships is done by grouping email conversations into Boxes and placing those Boxes into Pipelines. Streak's primary use is for Sales and Customer Support but is flexible enough to be useful for everything from a personal To-Do list to Project Management.

 
 
Streak is currently free while in Beta and there will always be a free plan.
In the future, Streak will offer paid premium features, stay tuned.


http://www.streak.com/


  • dave, Tetley and Maxed like this

tGX16tl.png




"Live as if you were to die tomorrow. Learn as if you were to live forever."


#3
Maxed

Maxed

    SENIOR ADMINISTRATOR

  • Administrators
  • 8,799 posts

Excellent post Tetley!! :headbang: ;)


  • dave, Tetley and doffen like this

MaxedSig.png


#4
neuronton

neuronton

    BW9 STAFF

  • The Specialists
  • 205 posts

Tetley thanks for the post     :)
 
 
What is Streak?
Last Updated: Jan 13, 2012 03:54PM PST


Streak is a Google Chrome Extension that adds extra tools to Gmail letting you manage relationships directly within your inbox.

Managing relationships is done by grouping email conversations into Boxes and placing those Boxes into Pipelines. Streak's primary use is for Sales and Customer Support but is flexible enough to be useful for everything from a personal To-Do list to Project Management.

 
 
Streak is currently free while in Beta and there will always be a free plan.
In the future, Streak will offer paid premium features, stay tuned.


http://www.streak.com/

Cool suggestion, always nice to get informed heads together and see what we bring!  Just an FYI, i played it with some web tactics and got streak to ring this up:

"We're Sorry Streak currently supports Google Chrome and Safari. Sign up to get notified when it is:"  So, sounds like the beta rings true on that but doesn't seem to have intentions on rolling back.   8)


  • Tetley likes this

2mx1wz9.png


#5
cognizione

cognizione

    T.A.A.B # 2

  • Administrators
  • 7,433 posts

Cool suggestion, always nice to get informed heads together and see what we bring!  Just an FYI, i played it with some web tactics and got streak to ring this up:

"We're Sorry Streak currently supports Google Chrome and Safari. Sign up to get notified when it is:"  So, sounds like the beta rings true on that but doesn't seem to have intentions on rolling back.   8)

 

Yep read their blog and their unlimited email tracking in Gmail.

But seems things have slowed there.      ;)

 
  • dave, Tetley and neuronton like this

tGX16tl.png




"Live as if you were to die tomorrow. Learn as if you were to live forever."


#6
Casey Stellar

Casey Stellar

    Sr Member

  • BW9 Donator +
  • 883 posts

F$$k that.


Posted Image


#7
dhjohns

dhjohns

    SR. Member

  • BW9 Donator +
  • 6,168 posts

I only open emails that I am sure of.  It is easy to click a check box, and hit mark as spam.  As for images, I do like images in my email.  I use gmail exclusively.


2vcxocp.png



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users