E-mail messages are important not only to the intended recipients, but also to a growing number of third-parties as well, especially marketers, solicitors, and distributors of "junk mail." Pixel Tags: Smart Cookies or Dumb Crumbs? If you think junk e-mail is worthless, you might want to think again. A Forrester Research estimate predicts that the e-mail marketing industry will generate some US$4.8 billion by 2003, and that by 2004, the average US household will get 9 pieces unwanted or unexpected e-mail solicitations a day. That's not the best part, though. Current advances in e-mail technology now allow for message senders to know when their messages are received, read, rejected, or forwarded to others, writes Amy Harmon, in an 11/22/00 New York Times article on software that can see if, or when, a message has been read by the intended recipient. You might be thinking, "oh boy, there goes my privacy again! It is difficult enough to know if my movements are being tracked when I visit a website, what with all of those 'cookies' floating around out there, no?" Depending upon the setup of a web browser, one can determine how cookies are accepted by a machine, if indeed they are accepted at all. Cookies, those unique personal identifier codes placed on your hard drive by certain servers upon visiting particular websites or pages, are something you have been probably been warned about by your co-workers. It is unfortunate that cookies are feared, because they do allow certain websites to be customized to meet specific user preferences and interests, or to remember an individual user's passwords and settings to allow for a more efficent and efective web visit. Experience, however, has taught many users that it is just too difficult to honestly to know who is using cookies for purpose. Moreover, a number of online media and e-commerce sites require that cookies be accepte in order to access high-end functions. Despite the fact that a number of cookies are relatively anonymous (that is, they reveal little personal information, save for the IP number of your machine, what other sites you have visited) and expire at some point, a number of marketing firms that utilize cookies to develop online consumer profiles through banner advertisements have undertaken a voluntary industry self-policing campaign, as of July 2000, to push for responsible online data collection use. If you want more background on the use of cookies, Webopedia has a good set of background information links. This only scratches the surface of what you might know about how your web viewing is tracked. What if your e-mail reading habits were tracked in a similar manner?There is a tracking method, used increasingly by a number of online services, called "pixel tags?" These are tiny "invisible" (sometimes embedded) graphics that are tucked away in HTML content distributed via e-mail that contain a set of instructions. When the HTML content is opened by Web or HTML-enabled e-mail clients, the pixel tag is instructed to contact a particular web server to receive a unique identifier code. This code is added to a special server log which records details of the machine and user receiving and opening the message. If the HTML content is forwarded to another HTML-enabled e-mail client, the pixel tag will perform similar functions, although it is limited in its ability to provide information on the referring machine. If you are worried about receiving pixel tags, you might want to check your e-mail client to see if you can disable the "read HTML" function. Eudora, Microsoft Outlook, and Pegasus Mail users have this ability. If you are currently (or thinking about) using pixel tags (or "web bugs" according to their detractors) it's one thing if you have a privacy policy posted on a website, and/or you have a statement attached to your e-mail message letting folks opt to receive or to reject notices or action alerts. It gets more difficult when you forward a message that might contain a pixel tag. Especially if you use a Hotmail account, or are sending mail using AOL version 6.0. These two services, in addition to a number of free Web-based e-mail services, do not allow users to disable HTML content views. Cookies by themselves might be a nuisance for some folks, and "pixel tags," by themselves, may not seem like a big deal if you are receiving content from a source you trust. But what if the two tools were combined, such that your e-mail reading habits were being tracked without your notice or tacit consent, simply by someone passing a message along to you? What if that message in question happened to come in the form of something as harmless as an electronic invitation to a really great holiday party? That's the quandary Harmon asserts users of the popular online event planning service called Evite must face. You might be familiar with the range of pack of online invitation and event planning services, and a number of us touted Evite as worthy of particular consideration. Well, guess what? It turns out they are utilizing "pixel tags" as well as cookies to develop a unique identifiers that can track e-mail reading habits. In fact, they even say so in their current privacy policy (located at the bottom of their home page, under "Policies"). This has raised the particular interest of the Michigan State Attorney General's office, which is pressuring Evite to outline its practics in this area more explicitly. As a side note, The office has actually posted a useful "Guide to Privacy Policies" to help website operators. So tracking tools are bad because they invade privacy, right? What if you are running, however, an e-mail campaign that consists of targeted action alerts, especially if it is conducted by a third-party vendor? You might want to know how many people actually took time to read your message or who discarded. That way, you would have a better idea of who to send your messages to. What if a number of your targets, even loyal supporters of your organization, were deleting or rejecting your messages at a particular time of day or responded to the third message they received from you during your campaign? You might have a better idea of the optimal time and approach that elicits a desired response. It's Not Just E-Mail... A February 2001 Privacy Foundation alert discusses ways that e-mail containing HTML codes can be tracked each time the original message is forwarded, such that even all comments attached to a forwarded version of the message can be monitored by an outside party. The advisory warns that this "e-mail wiretapping" can literally allow a "confidential" message to be compromised, another party to track a message as it moves internally within another, and can mine potentially valuable amounts of e-mail addresses as messages are forwarded. Now, being the decent upstanding social actors that we are, we won't share the exact details of how this all works here (okay, we won't because the Privacy Foundation spells it out in much better detail on their site), but here's the "short" version: The wiretapping occurs thanks to a feature in certain e-mail clients that can display HTML-coded content. JavaScript is a programming extension that adds functionality to a vast number of websites, and is embedded directly into HTML coding. There are particular JavaScript codes floating around out in cyberspace that can be included into HTML-content sent via e-mail. That text-- which might usually include all the listed e-mail address of who received and commented on the message-- is then to the web server that originated the message. This information can be forwarded if the JavaScript is told to send the text through a "hidden form" embedded in HTML code. The advantage to end-users is that hidden forms are easier to detect; just make sure that your e-mail client is configured to alert you when you are about to submit information, and you have a pretty good idea one is being used. The information sent to servers can also be done by "web bugs," which are like the "pixel tags" used by online services we described above. The affected e-mail clients at this point include Outlook 2000, Outlook Express, and Netscape 6 Mail Messenger, or any client which has JavaScript-functionality turned on by default. Interestingly, Eudora, AOL 6.0 turn off this feature by default; Hotmail and a number of Web-based e-mail services strip any JavaScript from incoming e-mail messages; and earlier Netscape versions do not support the all the features of JavaScript needed for this trick to work. Microsoft and Netscape, in response to the problem, advise users to not select JavaScript functionality in any e-mail message containing HTML capabilities. If you don't know how to this, the Privacy Foundation has instructions for Outlook 2000 and Express, as well as Netscape Messenger 6, within the advisory. There is a free security patch for Outlook users, which, in disabling the JavaScript, can also inadvertently disable features you might need. Keep in mind, though, that even with the JavaScript turned off, the "e-mail wiretap" is still active if the message is copied and placed into a new message, replied to, or forwarded to another user with a JavaScript-enabled e-mail client. Additionally, JavaScript itself is a tool used to provide functionality for a lot of websites, so you will probably still want to have your browser's JavaScript capabilities turned on. For more information, check out the commentary from the man who raised the flag first, Carl Voth, and the 2/5/01 New York Times article on the subject. And lest you think that this technology only applies to the e-mail clients above, we should probably call your attention to an earlier Privacy Foundation advisory from August 2000. This notice outlined how web bugs can be used in Microsoft's Word, Excel, and PowerPoint software, beginning with the 1997 versions of these software tools. The bugs in this context link to an image file located on a remote Web server. Every time a document in any of the aforementioned formats is opened, it forces the image to be accessed. In doing so, the server can record the IP address and host name of the computer that opens up the document. What makes it more troublesome is that not only with the host name will include either a legitimate organizational or ISP domain, but the web bugs can also read and write browser cookies for Internet Explorer users. With a little work, the data collected on a server through both web bugs and cookies can form a profile of users accessing a document, without their knowledge. Tracking and Securing E-mail There is a company, called Postel Services that allows users to send messages with pixel tags. Subscribers can send up to 30 messages a month for free (with the option of paying to send more), and by simply adding a text code to the end of the recipient's e-mail address, you can add a tracking feature to the message. The recipient, upon reading the message, triggers a little HTML tag that alerts you that the message has been received and opened. All this assumes that the e-mail clients on both ends (especially browser mail clients for Netscape or Internet Explorer) are HTML-enabled. The company just launched its service in May of this year, but is planning to offer secure and certified mail services. You might be asking at this point, "why should I trust a service that sticks pixel tags in e-mail I receive, with security, certifiable, trackable e-mail messages?" It's possible that a basic point might be overlooked: when one sends mission-critical, even confidential, information through traditional e-mail or Web-based mail services, at least some form of confirmation that someone on the other end has read it might be desired. Otherwise, what guarantee do you have that the message got through. That is the point, after all, behind certified mail services. When you send something, your fill out a form, obtain a receipt and wait for the mail or package to be delivered. Upon delivery, you receive confirmation of when the item got delivered and to whom. So what's the problem with doing the same thing online? Especially since you can do similar monitoring of package delivery tracking via delivery and shipping companies like FedEx and United Parcel Service (UPS). Well, it's a good point. The thing to keep in mind is that pretty much all e-mail that most users send goes through a finite set of "public" or "private" networks. You are never sure that it will reach it's destination, fully intact, easily read, in the same quality in which it was sent, and moreover, that it will be read, acted upon or responded to, in a timely fashion. (How often does this standard apply to traditional postal mail, though?). But you can at least know, with respect to postal mail, about the delivery fate, more or less, of your messages. Well, guess what? You can do the same thing with your e-mail, again depending upon the particular e-mail client you use. Pegasus Mail and Eudora, for example, allow for return receipts and confirmation notices to be delivered to senders when messages are opened. The caveat is that these tools usually only work if the e-mail clients on both ends are configured (or capable) of receiving those notices. There's Certifiedmail.com, which offers a web service, an e-mail client, and/or certified server configuration for users. The web service lets you set up an account, where you fill out the e-mail address for both the sender and recipient. You then get a unique identification number for the message you are in the process of sending, which will go in the subject line of a new mail message. Otherwise, the message ID number is automatically entered into a message header if you are using the built-in mail client for your Web browser. Basically a message goes through the system, and is encrypted once it reaches a secure server. It stays there in encrypted form until the recipient responds to an e-mail notice that a message is waiting. The recipient must register for a free password-protected "read only" account. When they retrieve a message, you get a confirmation notice that the message has been read. A higher-end secure messaging service provider is Tumbleweed. In addition to its hosted Web service, Tumbleweed has two parts: an Integrated Messaging Exchange, allowing an organization and its partners or constituents to send and receive secure trackable messages, and a Messaging Management System that provides security and tracking tools for an organization's internal e-mail. This is not budget-price stuff, given the range of features including encryption, content controls, virus and other security scanning tools, etc. Interestingly, the U.S. Department of Energy, General Services Administration, and Center for Drug Evaluation and Research (under the Food and Drug Administration) use Tumbleweed, along with entities like American Express, Chase Manhattan Bank, Pitney Bowes (maker of postage meters)…and both United Parcel Service (UPS) and the US Postal Service themselves (!) UPS also uses a system from NetDox. This is a start-up housed under the wings of accounting and consulting giant Deloitte and Touche which offers services similar to Certifiedmail.com. It requires the user and the recipient to download a special e-mail tool, through which messages are sent. The message is encrypted, however, when it is sent out, and then it goes through a secure server to the end recipient, who then uses the downloaded tool to decrypt the message. Each message ranges about US$4 to $7. Speaking of the postal service and secure e-mail, both Canada Post and the U.S. Postal Service actively offer secure trackable e-mail services? Why? Because, at least in the case of USPS, the General Accounting Office, in fact, in an October 1999 report to the U.S. House Subcommittee on the Postal Service predicted that traditional first-class mail will see a decline in use starting in 2003, thanks to email and electronic online payments-meaning a loss of $17 billion in revenues (and pressure on the postal system to survive). USPS has also starting selling over 2 million "electronic postmarks" to a company called PostX, that allows users to have a USPS brand date and time marker on their e-mail, which can be electronically encrypted to prevent someone from tampering with the message or document. Ryan Turner NPT Project OMB Watch Resources Forrester Research http://www.forrester.com 11/22/00 New York Times article on pixel tags by Amy Harmon http://www.nytimes.com/2000/11/22/technology/22NET.html [no spaces, free registration required] Network Advertising Industry self-policing campaign http://www.networkadvertising.org Webopedia http://webopedia.internet.com/TERM/c/cookie.html Eudora http://www.eudora.com Microsoft Outlook http://www.microsoft.com/office/outlook Pegasus Mail http://www.pegasus.usa.com/ Evite http://www.evite.com Michigan State Attorney General Guide to Privacy Policies http://www.ag.state.mi.us/AGWebSite/inet_info/priv_guide.htm [no spaces] Privacy Foundation http://www.privacyfoundation.org/advisories/advemailwiretap.html Free security patch for Microsoft Outlook http://office.microsoft.com/2000/downloaddetails/Out2ksec.htm Carl Voth commentary http://www.geocities.com/ResearchTriangle/Facility/8332/reaper-exploit-release.html [no spaces, free registration required] 2/5/01 New York Times article on MS Word web bugs http://www.nytimes.com/2001/02/05/technology/05JAVA.html Privacy Foundation August 2000 advisory on Office 97 bugs http://www.privacyfoundation.org/advisories/advWordBugs.html Postel Services http://www.postel.co.kr Certifiedmail.com http://www.certifiedmail.com Tumbleweed http://www.tumbleweed.com NetDox http://www.netdox.com General Accounting Office October 1999 report U.S. House Subcommittee on the Postal Service http://frwebgate.access.gpo.gov/ cgi-bin/useftp.cgi?IPaddress=162.140.64.21&filename= gg00002t.txt&directory=/diskb/wais/data/gao [no spaces]) PostX http://www.postx.com