SpyPig: another annoyance against your privacy
I’ve read in a post in Genbeta [es], about a “service” for e-mail senders called SpyPig. It basically boils down to sending a notification to the sender of an e-mail, when the recipient opens it. This way, the recipient can not say that she hasn’t read it.
I will deal with two issues: moral and technological. Morally, I think this kind of things suck. I have received these e-mails asking for confirmation of having been read, and I never found appealing to answer. But at least you were asked politely. What these pigs SpyPigs do is provide a sneaky way of doing it without the recipient knowing. Would you consider someone doing it on you a friend? Not me.
Now, technologically, the system is more than simple, and anyone with access to a web server could do it. The idea is that the sender writes the e-mail in HTML mode, and inserts a picture (can be a blank image) hosted at some SpyPig server. When the recipient opens the HTML message, the image is loaded from the server, and the logs of the server will reflect when the image was loaded, and hence the e-mail opened. When this happens, the server notifies the sender.
The bottom line of this story is that HTML IS BAD for e-mails. My e-mail readers never allow displaying HTML messages, and show me the source HTML code instead (of course, I can allow HTML, but why would I?). So this SpyPig thing will never work for against me. And this SpyPig story is just one more reason not to allow displaying HTML in the messages you read. Of course, for the e-mails you send, consider sending them in plain text. Your recipients will be a bit happier.
For more tips on what NOT to do on web/e-mail issues, check the e-mail/web tips section in this blog.
jamacuco said,
January 27, 2008 @ 19:16 pm
That technique to spy whether your e-mails are read using a small image embedded in the HTML code of the e-mail is quite old, afaik. At least I know about it since some years ago. It is well described in the WikiPedia article for E-mail tracking. Nevertheless, I believe that those techniques are quite ineffective nowadays due to the fact that most modern e-mail clients no longer download images to protect your privacy. That feature was introduced just for this reason.
Super Coco said,
January 27, 2008 @ 19:20 pm
Mmm. It looks that my wordpress.com profile has been taken, but the previous comment is from me, Super Coco :-)
isilanes said,
January 27, 2008 @ 19:27 pm
Thanks for your comment, Super Coco. I would be surprised if the technique were not old, given how easy it is to implement.
tarun1026 said,
February 12, 2008 @ 5:17 am
By the way I tested this stuff personally couple of times, sending email to myself with embedded images through spypig , I got no notification till date. Tried out 3 times.
Even if it works, one can disable it by choosing not to load images in the email. Its a useless tech if you ask me.
I have also covered it here.
http://www.techbanyan.com/archives/138
isilanes said,
February 12, 2008 @ 8:57 am
What you say is right, Tarun, but your conclusion is not. The tool (unfortunately) is useful (if it works, which according to you seems not to do. I haven’t tried), because there are so many Children of Windows out there, who by default load images and interpret HTML in their images, browse the internet with java fully enabled and so on…
Malware is made for the unconscious masses, and its victims are usually guilty of their own fate.