What if each time you open an email, the sender can see where you are? What if they know when exactly you open your email? While email tracking has been around forever, a new Gmail extension actually makes the technology very easy for anyone to use. Here’s what you can do to stay safe.
Email tracking / stalking
For every email you get, the sender could track when and where you read it. A new third-party extension for Gmail called Streak makes such tracking easily available to anyone. Streak is available on the Google Chrome Store here. While it’s primarily intended for email marketers who need to know if the recipients of their marketing emails actually open them, it can be used by anyone. Even more importantly, Streak is able to record the location of the recipient for the sender.
Email tracking is hardly new
Email tracking has actually been around for more than a decade. It has been particularly popular with spammers, who use it to find out if an email address is alive and if their emails have managed to get past various spam filters. Streak, then, isn’t the game changer that many news reports have been calling it. What it does, though, is to make this technology accessible to everyone. In that way, it does make a difference.
What do you do if you don’t want to be tracked?
Like other email trackers, Streak works by default. If the sender of an email has Streak, your email account won’t ask you for permission before phoning home. Information about whether you’ve read your email is automatically passed to the sender without your participation. Luckily, though, you have the power to make a few simple changes and opt out.
Email tracking uses simple technology
Emails aren’t able to actually run executable code. Whatever technique a particular email tracking method needs to use, it has to be simple and passive. This makes tracking relatively easy to disrupt. If you shut down your email account’s ability to answer tracking requests, no one can track it.
When a sender wants to track you, they have two choices — they can either include a read receipt with the email or place an embedded beacon in it in the form of an image. Read receipts are placed in email headers. When your email account sees this header, it recognizes it as a request for tracking information and asks you for permission to send such information to the sender. Since most people wouldn’t ever give permission, this technique isn’t much of a threat.
An embedded beacon image is slightly more serious. Embedded images aren’t attachments — rather, they are links for images placed in the body of emails. These links could be for images of the sender’s trademark at the top of the message or an icon. When you open an email with such a link, your email account needs to go where the link leads to get the image. Like any visit to a link, the server supplying the data is able to determine the location in the world that the request comes from and record the time that it is made. This is all the information the sender needs — whether you have read your email, and if you have, what time you did so and where.
The embedded image method is surprisingly simple to disable
All email services come with the ability to disable automatic image loading. It is usually turned off by default for messages in the spam folder. You can turn it off for your inbox too. Once you do it, those embedded images don’t load and the server doesn’t know when you open your email. How exactly to turn it off depends on what email service you use.
On Gmail, for instance, you go to Settings, the General tab and then the Images category before you select the Ask before displaying external images choice. Whatever email client you use, you need to look up its help document for the procedure to follow.
You can rat yourself out, too
When you use an email client like Microsoft Outlook rather than webmail, all emails that you send out carry your IP address — it’s one great way to let the receiver know where you are. On most webmail (barring Yahoo Mail), though, your IP address isn’t shared. You’re safer.