A Rant, inspired by my aggregator, on privacy.
Ernie mentions DidTheyReadIt (an e-mail service that purports to allow senders to know when a message is read without the recipient’s knowledge) as a possible tool for enabling on-line service of process.
From the FAQs:
Q: Can I use DidTheyREADIt at work?
A: Yes, unless your office uses Microsoft Exchange.
heheh So, really, the answer is No for a significant number of organizations. Most (not all) law firms, especially, tend to rely on Exchange.
But even more amusing, to me, is the claim to "invisibly" track whether or not a message is read. The technology uses the same concepts used by spammers to confirm the validity of an e-mail address; a web component is embedded in the message, and when the message is opens, the component pings the host server to download itself, thus registering that the message was read. If your recipient uses Outlook 2003 with the default settings, he or she will know that something is up with the message because it will open with a notification that "To help protect your privacy, Outlook prevented automatic download of some pictures in this message." Boom; the invisibility is gone, and the recipient knows that something is going on.
Your workaround here, of course, is naivety in the general user population. Most users will not be aware that downloading those "pictures" can confirm that the message was read (whether the confirmation goes to a spam center or to a process server). Replying to or forwarding the message, even in Outlook 2003, will notify DidTheyREADIt the message was read even if the pictures were not downloaded at origin. A savvy user would delete the component first, removing it from the message forever--but you can imagine how rarely that would happen.
The extent to which this sort of technology bugs me cannot be adequately articulated; no one needs to know what I read or when. Even the Post Office cannot confirm to a sender that the recipient actually read the contents of a registered letter. The company's comparison of its service to CallerID is particularly misguided (Think of it like caller ID. Caller ID works most of the time and will show you who is calling you, but every now and then you get a "Private Call" or "Unavailable" number); the comparison would be better applied to a service that confirmed the true sender of a message before I opened it.
Okay. End rant.
Comments
A *really* savvy user would write an add-in for Outlook that would parse incoming messages for the DidTheyReadIt code, and strip it out entirely before it lands in the Inbox. Presumably DidTheyReadIt could circumvent this by changing the code on a regular basis, but making the effort would cut into their profits, and it should be possible to make such an algorithm relatively general...
Posted by: Jason Lefkowitz | June 9, 2004 04:54 PM
Well, yes. An even savvy-er (savvier??) user (although perhaps we've moved into the realm of developers here) would incorporate this sort of screening and stripping into a content- or spam-filtering software solution at the enterprise level.
Posted by: Jen | June 9, 2004 10:20 PM
I'm not worried. Here's why:
First there are users (like me) that have mail readers (mutt, Evolution, or Thunderbird) that come out-of-the-box with sane security settings.
Second is the fact that it would be super easy for a developer to create a filter that would remove the images or otherwise mangle the message in such a way as to maintain the readers privacy -- either in Outlook or at the server.
Third and finally, and especially if you're using Outlook as your mail reader, you can defeat this with a filtering proxy server like Privoxy (or probably even something like squid). Everybody's heard of libraries installing filtering software? Well this is similar, except it would filter out ads and "spy" websites like didtheyreadit. You can install Privoxy (http://privoxy.org/) on your PC and it will magically block about 90% of the ads that come up on a daily basis. All you need to do is change a setting in Firebird (or IE if you insist on using it) to use it as a proxy.
For a 1,2,3 recipe on how to set this kind of thing up, send me an email and I'll blog a detailed post...
Posted by: Brian St. Pierre | June 10, 2004 01:20 PM
If you are concerned with this problem, Wizard-Industries has a didtheyreadit.com blocker.
Its a small one time run utility that blocks these bugs. - wizard-industries, email spy blocker
Posted by: Greg A | June 16, 2004 09:53 AM