|
|
The hidden privacy hazards of HTML E-mail
Web Informant #192, 20 March 2000
If you have enjoyed receiving HTML-formatted e-mail messages, this news might come as something of a shock to you: hidden inside those fancy, fun-with-fonts and link-filled messages are some sly ways of keeping track of who you are and what you do with this information. Specifically, many mailing list companies can keep track of what links you click on inside the message, and sell this "clickstream" information to its clients.
For example, take a look at a recent e-mail I got from Netcentive's ClickRewards, a company that will give you frequent flyer miles for doing various activities. If you examine the message in a text editor to view the HTML, you can see many of the links are coded:
http://p02.com/t.d?LEBmCU1_=clickrewards/rewards/index.html
According to company representatives, this code just keeps track of three specific actions: whether you open the e-mail message or not, whether you click on this specific link, and if you want to unsubscribe. They aggregate this information and pass it along to their customers, so that no individual data is transmitted outside their organization. Interestingly, the p02.com domain referenced in the above link is owned by Post Communications, a customized mailing software company who recently got purchased by Netcentives.
Once I heard about this practice, I found many other examples in e-mail messages from numerous sources, including Nordstrom.com, Wine.com, Netscape's Netcenter, Reel.com, and even an Australian real estate company, www.property.com.au. This is a very widespread practice, and many mailing list management companies are making a good living with this kind of technology. Chances are that you have already received a similar coded message with some kind of database identifier check your own inbox for HTML e-mail, and examine some of the links in the message to see if they contain odd things such as a question mark or other coding.
In defense of this practice, there isn't much in terms of your own identity that is being captured here, other than whether or not you clicked on a particular link. But the issue is more of perception of privacy invasion, and the fact that none of these companies is clear about what information is collected and how it is used. Sure, there are privacy statements galore on their various Web sites, but they contain so much mumbo-jumbo that it is hard to understand exactly what they mean.
There are other ways to mess up your e-mail. A company called GoHip disguises a downloadable ActiveX control to modify your signature file inside a more innocuous download for a media player: the only way to remove this "browser enhancement" (their term) is to download yet another file to your machine. Excuse me? Leave my signature file alone, thank you very much! And Richard Smith has documented how to pair up cookies with HTML e-mail to extract your e-mail identity.
Ironically, all the Web sites mentioned here are certified by the TRUSTe logo in terms of consumer protection. This shows you how irrelevant this logo really is in terms of interpreting the finer points of privacy. But that is a point for another essay.
Not all e-mail messages with HTML links inside them are evildoers. Some are quite innocent, such as the links posted in the above paragraph there isn't any identifying information saying you are coming from Web Informant in these links, you can see quite plainly. Others who are pure as the driven snow include the wonderful Good Morning Silicon Valley (and other postings) from the San Jose Mercury News staff. They just contain the links you need to go directly from the information in the e-mail to the specific Web page that they are discussing. That is the way it is supposed to be, until the e-mail marketing community seized upon this method to do some of their dirty work.
You see, being in the e-mail newsletter business myself, it is hard to keep track of your subscribers. People change e-mail addresses quicker than they change their underwear sometimes. E-mail subscribers are also bad about notifying their list owners of the new address. Since the addresses go stale so easily, e-mail marketeers want some way to verify that real live humans are responding to their missives. Or precise ways to track down someone who wishes to unsubscribe (as the folks at Netcentives do). Given how much time I have spent unsubbing some of my own subscribers, I can certainly understand this last point.
Ironically, these Web Informant messages began their life (almost five years ago!) with me sending out HTML-formatted e-mail messages to my list. Back in those dark days, it was rare to see anyone sending out such messages, and indeed I ran into a few problems with the primitive e-mail clients that we all used then. Now, my HTML coding wasn't too fancy: I put just enough that most readers could just ignore the codes and read the text if their e-mail software didn't recognize the codes. But still, I got enough complaints and enough trouble that eventually I stopped the practice, about a year after I began sending around the newsletters. (And of course, I never included tracking codes in my HTML!)
So, let's say you are ultra paranoid and want to eliminate these sneaky HTML messages. (Of course, you probably will still get the coded links in a plain text message, but at least you'll be able to spot them more easily.) Good luck. Indeed, I was chagrined to learn exactly how hard this is when I tried to turn off the flow of some of these messages.
As a user, you don't have a lot of choices when it comes to unwind some of your HTML e-mail subscriptions. If you still want to be on these mailing lists, see if you can convert your subscription from HTML to plain text messages. Many of the sites make it impossible to do this for example, Nordstrom.com and wine.com both have only one method of sending out subscriptions, and it is the HTML method. With ClickRewards, you have to send them an e-mail request to turn off the HTML, even though on their Web site you can set up your account to receive special offers and do all sorts of other sophisticated things but not manage how these messages are sent to you. (To their credit, my request was satisfied quickly and with an apology along with a credit of some frequent flyer miles to my account. A nice touch.)
If you are an e-mail marketing company, here are a few suggestions. First, put the instructions in plain text at the top of the message on how to unsubscribe and how to convert your subscription from HTML to text. Also, have a clearly stated policy that indicates the kind of identifying information that is found in the HTML e-mail message on your Web site, as part of your privacy policy. Don't hide it or cover up the fact that if recipients click on the links, they are tying their IP address, e-mail address, or account to a particular action. Finally, you should make it obvious how to unsubscribe from the newsletter, including putting this information on your Web near the subscription information, as a link in each newsletter, and as plain text with the link included as well in both places.
Copyright © 1999, 2000 media.org.
Web Informant copyright 2000 by David Strom, Inc., reprinted by permission
Web Informant is ® registered trademark with the U.S. Patent and Trademark Office.
ISSN #1524-6353 registered with U.S. Library of Congress.
|
|