One of the great privacy features now activated by default in Mozilla’s Thunderbird email client (which I thoroughly recommend) is that it blocks loading of remote images in emails. This is a good thing. Why? Well, spammers, fraudsters, and unscrupulous companies mass emailing their customers just love to know for sure whether or not their emails have been read.
One way they can do this is using a tiny image know as a “web bug“. By quietly loading a one-pixel transparent image in the bottom of an email, via a specially crafted URL with a unique identifier, the sender of the email can, with no permission from the recipient, verify that the email has been read, that the email address is valid (this is really bad news if it’s spam, since valid email addresses are valuable and will be sold and spammed even more). It is also possible for the sender to track when the message was read, and where the recipient was at the time they read it, by recording the IP address of the computer the recipient was using at the time.
I’ve become quite accustomed to seeing the alert Thunderbird pops up to tell me that it has blocked remote images to protect my privacy. After all, quite a few companies legitimately add remote images with no tracking capability to emails – for example their logo. So, when clearing through a few unread messages from earlier in the week, I almost didn’t give this a second thought…
But for some reason I thought “that’s odd” and so I had a look at the html source of the message. To my surprise, this is what I found three lines from the bottom:
<img src="http://open.moveon.org/o.gif?id=9508-1945452-_97SI0eV1lc9R" HEIGHT="1" WIDTH="1">
That’s right, it’s a web bug. (I removed the end of the tracking code.)
The irony of moveon.org – which do some great work – campaigning to “stop AOL’s email tax“, and “save the internet” whilst at the same time using the exact same invasive methods of email tracking as spammers and fraudsters would be laughable, if it wasn’t so sad. Having worked on numerous campaigns and digital organising projects myself, I find the use of email tracking by a progressive campaign quite a despicable abuse of privacy.
If you’re reading this, Eli, I suggest you first of all apologise directly to the 3 million or so members whose trust you have violated, destroy any tracking data you are storing, and most importantly don’t do it again.