CAN STRANGERS REALLY SPY ON ME THROUGH EMAIL?
Invisible pixels used to track email activity are now an "endemic" issue that breaches our privacy.
Analyzing a request from the BBC was discovered that roughly two-thirds of emails sent to its users' private email accounts contained what is known as a "spy pixel." Spy pixels, also known as tracking pixels or web beacons, are invisible, tiny image files including PNGs and GIFs that are inserted in the content body of an email. They may appear as clear, white, or another color to merge with the content and remain unseen by a recipient and are often as small as 1x1 pixels. The recipient of an email does not need to directly engage with the pixel in any way for it to track certain activities. Instead, when an email is opened, the tracking pixel is automatically downloaded and this lets a server, owned by a marketer, know that the email has been read. Servers may also record the number of times an email is opened, the IP address linked to a user's location, and device usage. Similar pixels are also widely used on web domains to track visitors. Tracking pixels have been around for some time but are not well-known. For marketers, pixels can be an invaluable method to measure engagement levels, estimate the success of marketing campaigns, and potentially to send follow-ups and more personalized notes when a message has been read, but not responded to.
However, according to Hey co-founder David Heinemeier Hansson, they also represent a "grotesque invasion of privacy." Hansson told the publication that on average, the company processes one million emails and over 600,000 pixel tracker attempts are blocked every day. If you bring these levels up to the millions and millions of emails processed by services such as Gmail or Outlook, the suggestion that pixel tracker usage is "endemic" may be realistic.
ZDnet. 2021. Tracker pixels in emails are now an ‘endemic’ privacy concern. Available from:
AUTHORITIES CAN READ ANY EMAIL OVER 180 DAYS OLD
The revelation that the National Security Agency can monitor your every move online shouldn't come as a total shock. A 1986 law lets the Feds read emails that have been stored on a server for at least six months. The Electronic Communications Privacy Act was enacted long before everybody had email, but the government says the law lets it access 180-day old email without a warrant.
The relevant text of the law: A governmental entity may require the disclosure by a provider of electronic communications services of the contents of a wire or electronic communication that has been in electronic storage in an electronic communications system for more than one hundred and eighty days by the means available under subsection (b) of this section.
In May, the ACLU got its hands on the government's justification for using this law to gather six-month-old emails. Here's the justification from the 2012 Version of FBI Domestic Investigations and Operations Guide, which the ACLU got through a FOIA request: In enacting the ECPA, Congress concluded that customers may not retain a “reasonable expectation of privacy” in information sent to network providers. . . [I]f the contents of an unopened message are kept beyond six months or stored on behalf of the customer after the e-mail has been received or opened, it should be treated the same as a business record in the hands of a third party, such as an accountant or attorney. In that case, the government may subpoena the records from the third party without running afoul of either the Fourth or Fifth Amendment.
The Fourth Amendment protects Americans from unreasonable searches and often requires police to get search warrants before encroaching on your privacy. Americans should be appalled that the government can snoop into their old emails without such a warrant.
Business Insider. 2013. No One Is Talking About The Insane Law That Lets Authorities Read Any Email Over 180 Days Old. Available from:
Secure Messaging In 2021:
Email Threats: Why Are Emails Not Secure or Private?
People tend to believe email messages are private and can only be viewed by the person they’re communicating with.
Think back to your school days. Imagine you want to send a note to a friend across the classroom. You write the note on a piece of paper, then fold it in half. You hand it to the girl next to you. She looks at the note and copies it, then passes it to the boy next to her. He looks at the note but doesn’t copy it, then passes it on. The next kid passes it on without looking. It passes through 3 more kids, some looking at it, some copying it, until it reaches your friend. This process is similar to what happens with an unencrypted email.
When you send an email, it goes from your device to your email service provider’s servers. Your service provider stores the email for some time (after it’s sent), and sends a copy through multiple servers owned by different organizations in different locations around the country or world. Eventually, it arrives at the email service provider of the person you emailed. Any server along the way could make a copy of the email, which they may keep even after both sender and recipient have deleted the email. Some email service providers will encrypt your email when it’s on their servers, using encryption at rest. But, again, in many cases, an email travels through multiple email service providers, and they may not all encrypt email at rest. Even those that do encrypt email at rest can often still read the email themselves. This allows them to provide services such as spam filtering, malware scanning, and indexing (so you can search your email). But it also means they can collect data which can be used for targeted advertising, or which could be accessed by a rogue employee or a hacker who breaks in.
During the times that an email is unencrypted, whether while traveling (in transit) or in storage (at rest), it can be read and potentially changed by the companies that run the email infrastructure, hackers, or governments.
Defending Digital. 2021. Secure Messaging In 2021: Everything You Need To Know Available from:
If you want to stick with email but use it more securely, you need to find a way to end-to-end encrypt your email. As soon as it is possible, start using altermail – email service based on blockchain technology.