Spy Pixels.
- Boustrophedon
- Stummy Beige
- Posts: 2948
- Joined: Mon Nov 11, 2019 3:58 pm
- Location: Lincolnshire Wolds
Spy Pixels.
Spy pixels in emails have become endemic
WTAF is a spy pixel? The idea that a single pixel can do anything is beyond my imagination. So can someone explain what this is all about?
WTAF is a spy pixel? The idea that a single pixel can do anything is beyond my imagination. So can someone explain what this is all about?
Perit hic laetatio.
- shpalman
- Princess POW
- Posts: 8428
- Joined: Mon Nov 11, 2019 12:53 pm
- Location: One step beyond
- Contact:
Re: Spy Pixels.
Tracking pixels are typically a .GIF or .PNG file that is as small as 1x1 pixels, which is inserted into the header, footer or body of an email.
If there's a link to an image in the body of an email which I send to you, then when the image is downloaded from my server, I know you've opened and looked at the email.
If there's a link to an image in the body of an email which I send to you, then when the image is downloaded from my server, I know you've opened and looked at the email.
having that swing is a necessary but not sufficient condition for it meaning a thing
@shpalman@mastodon.me.uk
@shpalman@mastodon.me.uk
- Boustrophedon
- Stummy Beige
- Posts: 2948
- Joined: Mon Nov 11, 2019 3:58 pm
- Location: Lincolnshire Wolds
Re: Spy Pixels.
So it's not the pixel at all, it's the embedded command requesting the pixel?shpalman wrote: ↑Wed Feb 17, 2021 11:36 amTracking pixels are typically a .GIF or .PNG file that is as small as 1x1 pixels, which is inserted into the header, footer or body of an email.
If there's a link to an image in the body of an email which I send to you, then when the image is downloaded from my server, I know you've opened and looked at the email.
Perit hic laetatio.
Re: Spy Pixels.
It is not an "embedded command" as such, just an embedded image given by a url, similar to the {img} tag on this forum. Most email programs will try to display the image, and to do that they will have to download the image from the url. If you look at a mail in your spam folder, it will probably show a message like "the images in this email have been disabled for your safety", which is partly for this reason. You can probably change your email program setting to not automatically download embedded images.Boustrophedon wrote: ↑Wed Feb 17, 2021 11:59 amSo it's not the pixel at all, it's the embedded command requesting the pixel?shpalman wrote: ↑Wed Feb 17, 2021 11:36 amTracking pixels are typically a .GIF or .PNG file that is as small as 1x1 pixels, which is inserted into the header, footer or body of an email.
If there's a link to an image in the body of an email which I send to you, then when the image is downloaded from my server, I know you've opened and looked at the email.
The url for these images generally look like
Code: Select all
http://someserver.com/image.gif?StringOfCharactersThatUniquelyIdentifiesTheRecipient
I could do the same thing by putting an {img} tag in a forum post so I could see how often it was seen. That does not uniquely identify people though because it's a public forum, but you can do that with personal email by putting in a unique identifier string that depends on the email address you send it to.
Jaap's Page: https://www.jaapsch.net/
- Little waster
- After Pie
- Posts: 2385
- Joined: Tue Nov 12, 2019 12:35 am
- Location: About 1 inch behind my eyes
Re: Spy Pixels.
I suppose even without the identifier, a smart spammer would bombard their mailing list with different variations of "hot bab3z", "loanly s1ngles!" "ch3ap v14gra", "check out these flavours of crisps - you won't believe no.7!" etc. with the spy pixel and then tally which ones get the most "opens" to better tailor their future spam.
This place is not a place of honor, no highly esteemed deed is commemorated here, nothing valued is here.
What is here was dangerous and repulsive to us.
This place is best shunned and left uninhabited.
What is here was dangerous and repulsive to us.
This place is best shunned and left uninhabited.
- shpalman
- Princess POW
- Posts: 8428
- Joined: Mon Nov 11, 2019 12:53 pm
- Location: One step beyond
- Contact:
Re: Spy Pixels.
Little waster wrote: ↑Wed Feb 17, 2021 3:15 pmI suppose even without the identifier, a smart spammer would bombard their mailing list with different variations of "hot bab3z", "loanly s1ngles!" "ch3ap v14gra", "check out these flavours of crisps - you won't believe no.7!" etc. with the spy pixel and then tally which ones get the most "opens" to better tailor their future spam.
the article in the OP which nobody seems to have read wrote:British Airways, TalkTalk, Vodafone, Sainsbury's, Tesco, HSBC, Marks & Spencer, Asos and Unilever are among UK brands Hey detected to be using them.
having that swing is a necessary but not sufficient condition for it meaning a thing
@shpalman@mastodon.me.uk
@shpalman@mastodon.me.uk
- Little waster
- After Pie
- Posts: 2385
- Joined: Tue Nov 12, 2019 12:35 am
- Location: About 1 inch behind my eyes
Re: Spy Pixels.
There will be an overlap between the needs of legit and spam emailers which are met by the use of spy pixels.shpalman wrote: ↑Wed Feb 17, 2021 3:31 pmLittle waster wrote: ↑Wed Feb 17, 2021 3:15 pmI suppose even without the identifier, a smart spammer would bombard their mailing list with different variations of "hot bab3z", "loanly s1ngles!" "ch3ap v14gra", "check out these flavours of crisps - you won't believe no.7!" etc. with the spy pixel and then tally which ones get the most "opens" to better tailor their future spam.the article in the OP which nobody seems to have read wrote:British Airways, TalkTalk, Vodafone, Sainsbury's, Tesco, HSBC, Marks & Spencer, Asos and Unilever are among UK brands Hey detected to be using them.
However legit companies and spammers will want different things out their mailshots, as legit companies have less concern about being simply deleted unread and less need to dodge ever-more sophisticated spam filters and increasingly suspicious readers. Also legit companies tend to have logos etc. in their mails as standard so the cloak-and-dagger of spy pixel isn't required whereas your typical "Nigerian prince" email will tend to appear text-only to look marginally more plausible.
As such a spy pixel is of more use to a spammer than Tescos.
This place is not a place of honor, no highly esteemed deed is commemorated here, nothing valued is here.
What is here was dangerous and repulsive to us.
This place is best shunned and left uninhabited.
What is here was dangerous and repulsive to us.
This place is best shunned and left uninhabited.
- Boustrophedon
- Stummy Beige
- Posts: 2948
- Joined: Mon Nov 11, 2019 3:58 pm
- Location: Lincolnshire Wolds
Re: Spy Pixels.
OK thanks, understand now. I can set Gmail to "not display pictures", but I can't really be bothered.
Perit hic laetatio.
Re: Spy Pixels.
Talk Talk say they do not share the data collected externally. That fills me with confidence. Not.
And remember that if you botch the exit, the carnival of reaction may be coming to a town near you.
Fintan O'Toole
Fintan O'Toole
Re: Spy Pixels.
IIRC, Gmail hosts copies of pictures on their own servers to defeat the spies. Or maybe that's an option. Or possibly I am remembering this wrong.Boustrophedon wrote: ↑Wed Feb 17, 2021 5:13 pmOK thanks, understand now. I can set Gmail to "not display pictures", but I can't really be bothered.
-
- After Pie
- Posts: 1621
- Joined: Mon Mar 16, 2020 4:02 am
Re: Spy Pixels.
They're usually called "web bugs" or suchlike: https://en.wikipedia.org/wiki/Web_beaconLittle waster wrote: ↑Wed Feb 17, 2021 4:56 pmThere will be an overlap between the needs of legit and spam emailers which are met by the use of spy pixels.
And there is no legitimate use of them. Furthermore, they only work because of broken software which, when asked to display a message, is willing to go and fetch something mentioned in the message.
Re: Spy Pixels.
That's what I was thinking.
And remember that if you botch the exit, the carnival of reaction may be coming to a town near you.
Fintan O'Toole
Fintan O'Toole
Re: Spy Pixels.
tbf, their f.cking useless CEO has left since that happened. Wonder what she went on to do next.
Re: Spy Pixels.
I always thought it ironic how she's failed by sharing data incorrectly and then by failing to share data when it needed to be.
I also thought that spy pixels were a thing about 15 years ago. The use of non-pictorial elements in the wiki article is something that I hadn't been aware of
Have you considered stupidity as an explanation
- Rich Scopie
- Snowbonk
- Posts: 574
- Joined: Mon Nov 11, 2019 1:21 pm
Re: Spy Pixels.
And the rest. Mid 1990s from what I remember.
It first was a rumour dismissed as a lie, but then came the evidence none could deny:
a double page spread in the Sunday Express — the Russians are running the DHSS!
a double page spread in the Sunday Express — the Russians are running the DHSS!
Re: Spy Pixels.
You may not agree that someone should be able to tell whether you’ve read their email, but it seems debatable whether that makes their desire to ‘illegitimate’. Anyway, you can choose not to let them know, by not automatically loading images, in all modern email software I’m aware of.
Anyway, email itself is irretrievably broken for lots of other reasons. If they couldn’t use web bugs they’d only come up with some other way of making it terrible.
Move-a… side, and let the mango through… let the mango through
Re: Spy Pixels.
nekomatic wrote: ↑Tue Feb 23, 2021 10:36 amYou may not agree that someone should be able to tell whether you’ve read their email, but it seems debatable whether that makes their desire to ‘illegitimate’. Anyway, you can choose not to let them know, by not automatically loading images, in all modern email software I’m aware of.
Anyway, email itself is irretrievably broken for lots of other reasons. If they couldn’t use web bugs they’d only come up with some other way of making it terrible.
It's very commonly used in email marketing as a way to know whether the recipient has read the email. In every case I'm aware of*, it is merely used as one measure among many to determine the success or otherwise of an email campaign. That is not to say that their use isn't problematic and I'm pretty sure that very many companies are failing to meet the requirements to inform people of their use. However, to say there is no legitimate use of them is a very sweeping and misleading statement, when many companies are using them for entirely legitimate reasons, albeit some of them failing to meet the legal information requirements.
*since I only know legitimate companies doing it for perfectly acceptable reasons, this is of course not in any way a representative sample of those who use it.
Re: Spy Pixels.
There is a (rarely used) protocol for emails to include a request for a read receipt. The recipient can choose whether to send the receipt. Spy pixels duplicate that capability while doing an end run around the recipient's ability to choose. I don't see that as legitimate, even if the companies doing it are legitimate companies and are doing it for business reasons that make sense to them as businesses.