SpyPig: another annoyance against your privacy
Posted by isilanes on January 27, 2008
I’ve read in a post in Genbeta [es], about a “service” for e-mail senders called SpyPig. It basically boils down to sending a notification to the sender of an e-mail, when the recipient opens it. This way, the recipient can not say that she hasn’t read it.
I will deal with two issues: moral and technological. Morally, I think this kind of things suck. I have received these e-mails asking for confirmation of having been read, and I never found appealing to answer. But at least you were asked politely. What these pigs SpyPigs do is provide a sneaky way of doing it without the recipient knowing. Would you consider someone doing it on you a friend? Not me.
Now, technologically, the system is more than simple, and anyone with access to a web server could do it. The idea is that the sender writes the e-mail in HTML mode, and inserts a picture (can be a blank image) hosted at some SpyPig server. When the recipient opens the HTML message, the image is loaded from the server, and the logs of the server will reflect when the image was loaded, and hence the e-mail opened. When this happens, the server notifies the sender.
The bottom line of this story is that HTML IS BAD for e-mails. My e-mail readers never allow displaying HTML messages, and show me the source HTML code instead (of course, I can allow HTML, but why would I?). So this SpyPig thing will never work for against me. And this SpyPig story is just one more reason not to allow displaying HTML in the messages you read. Of course, for the e-mails you send, consider sending them in plain text. Your recipients will be a bit happier.
For more tips on what NOT to do on web/e-mail issues, check the e-mail/web tips section in this blog.
This entry was posted on January 27, 2008 at 5:39 pm and is filed under Evil software. Tagged: e-mail, en, html, opinion, Software, spying. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
jamacuco said
That technique to spy whether your e-mails are read using a small image embedded in the HTML code of the e-mail is quite old, afaik. At least I know about it since some years ago. It is well described in the WikiPedia article for E-mail tracking. Nevertheless, I believe that those techniques are quite ineffective nowadays due to the fact that most modern e-mail clients no longer download images to protect your privacy. That feature was introduced just for this reason.
Super Coco said
Mmm. It looks that my wordpress.com profile has been taken, but the previous comment is from me, Super Coco
isilanes said
Thanks for your comment, Super Coco. I would be surprised if the technique were not old, given how easy it is to implement.
tarun1026 said
By the way I tested this stuff personally couple of times, sending email to myself with embedded images through spypig , I got no notification till date. Tried out 3 times.
Even if it works, one can disable it by choosing not to load images in the email. Its a useless tech if you ask me.
I have also covered it here.
http://www.techbanyan.com/archives/138
isilanes said
What you say is right, Tarun, but your conclusion is not. The tool (unfortunately) is useful (if it works, which according to you seems not to do. I haven’t tried), because there are so many Children of Windows out there, who by default load images and interpret HTML in their images, browse the internet with java fully enabled and so on…
Malware is made for the unconscious masses, and its victims are usually guilty of their own fate.
Brenda J. Colvin said
Talking about email tracking service, I preferd the free service from http://www.whoreadme.com/ . It helps me a lot when I communicates with my colleagues.