[Previous entry: "Email problems"] [Main Index] [Next entry: "CERT says don't use Internet Explorer"]

08/01/2004 Archived Entry: "more on email snooping"

Back in May I reported on DidTheyReadIt, and their use of "web bugs" in HTML-formatted email to let senders know where and when you read your email. Now another company, ReadNotify, has gotten into the business of invading your privacy. These guys use a different trick, the HTML "IFRAME" element, but it works basically the same way.

According to Scott Grannerman's SecurityFocus article, ReadNotify offers

The good news: if you've followed my advice, and read your email as ASCII text, you're safe. As an alternative, Grannerman recommends KMail as an email program that can block this nonsense. From his description it sounds like KMail is smart and flexible in how it handles HTML email. But both Mozilla and Eudora provide the blunter-but-equally-effective option of disabling HTML entirely. If you must read HTML-formatted email, and you're running Linux, KMail might be worth a look.

Microsoft Outlook, as you might expect, doesn't allow this option and is vulnerable to this privacy invasion. And I strongly suspect that web-based email accounts like Yahoo and Hotmail are also vulnerable. You can't even block this by disabling images in your browser. If you must use web-based email, and you need to block this snooping, I think your only hope is to install an older web browser that doesn't support the IFRAME element. That probably means something like Netscape 3, which is pretty useless for the majority of web pages. (You might also try Proxy Auto Configuration to block access to ReadNotify's server, but I think that might also block you from reading the bugged email. Not necessarily a bad thing -- do you want to accept email from people who would do this to you?)

If anyone can suggest web broswers that can block the IFRAME element, please let me know. And if someone wants to sign up for the free trial of ReadNotify's service, and send me an email through them, I'd be very interested to dissect it.

Update: I've just checked and the Opera 7 web browser allows you to disable IFRAMEs. Go to File/Preferences/Page Style and turn off "Enable inline frames". Kudos again to the folks at Opera Software.


Powered By Greymatter