moveon.org’s privacy violations
One of the great privacy features now activated by default in Mozilla’s Thunderbird email client (which I thoroughly recommend) is that it blocks loading of remote images in emails. This is a good thing. Why? Well, spammers, fraudsters, and unscrupulous companies mass emailing their customers just love to know for sure whether or not their emails have been read.
One way they can do this is using a tiny image know as a “web bug“. By quietly loading a one-pixel transparent image in the bottom of an email, via a specially crafted URL with a unique identifier, the sender of the email can, with no permission from the recipient, verify that the email has been read, that the email address is valid (this is really bad news if it’s spam, since valid email addresses are valuable and will be sold and spammed even more). It is also possible for the sender to track when the message was read, and where the recipient was at the time they read it, by recording the IP address of the computer the recipient was using at the time.
I’ve become quite accustomed to seeing the alert Thunderbird pops up to tell me that it has blocked remote images to protect my privacy. After all, quite a few companies legitimately add remote images with no tracking capability to emails – for example their logo. So, when clearing through a few unread messages from earlier in the week, I almost didn’t give this a second thought…
But for some reason I thought “that’s odd” and so I had a look at the html source of the message. To my surprise, this is what I found three lines from the bottom:
<img src="http://open.moveon.org/o.gif?id=9508-1945452-_97SI0eV1lc9R" HEIGHT="1" WIDTH="1">
That’s right, it’s a web bug. (I removed the end of the tracking code.)
The irony of moveon.org – which do some great work – campaigning to “stop AOL’s email tax“, and “save the internet” whilst at the same time using the exact same invasive methods of email tracking as spammers and fraudsters would be laughable, if it wasn’t so sad. Having worked on numerous campaigns and digital organising projects myself, I find the use of email tracking by a progressive campaign quite a despicable abuse of privacy.
If you’re reading this, Eli, I suggest you first of all apologise directly to the 3 million or so members whose trust you have violated, destroy any tracking data you are storing, and most importantly don’t do it again.
December 12th, 2006 at 08:56
bam! investigative reporter matthew carroll strikes again!
nice one..
March 21st, 2007 at 13:11
Why does it matter? I mean, they simply want to know how many people have read there newsletter. It helps them to able to communicate more effecively.
Perhaps it is personally identifyable, perhaps not. Either way I don’t see how it contridicts their work which you linked to.
June 16th, 2007 at 16:42
It matters because it is deliberately hidden, and takes place without people knowing about it. It matters because I didn’t consent to them knowing when, where, and from what IP address I read my email. If the sender of an email wants to know if I read their message, they should ask me, not try to spy on my email reading habits. moveon.org of all groups I receive mailings from should be well aware of the need to respect people’s privacy, so I hold them to the highest standards, and in this respect, they have failed to live up to my expectations quite disappointingly.