The UK Government are not the only people who want to track your emails, and to try to determine who your other emails contacts are.
Email tracking is one of the snooping technologies which we try to keep an eye on, whether it is at the Communications Traffic Data logfile level, or through the use of tricks like web bug images in HTML emails, or URLS hidden in word documents or .pdf files or in active content like Flash animations or video clips etc.
An example of this sort of abuse was the use made of the Australian based ReadNotify service, which Hewlett-Packard used to try to smoke out which corporate insider whistleblowers various journalists had been in contact with.
We were therefore interested in this short piece in today's Guardian:
Obama online team hired to help fight BNP
* Matthew Taylor
* The Guardian, Monday 26 January 2009The firm behind President Barack Obama's online election campaign have been signed up to help anti-racists take on the British National party in the European parliament elections in June.
Blue State Digital (BSD), which used the latest internet technology to mobilise millions of people behind Obama, has been employed to help create a grassroots network across the UK as part of the campaign to stop the BNP leader, Nick Griffin, becoming the far-right party's first MEP.
The firm began work last week and has already signed up thousands of supporters and donors. As part of the first stage of its campaign BSD and an anti-fascist magazine, Searchlight, has sent thousands of emails asking each recipients to forward it to five friends and make a small donation. The software means campaigners can then track who opens the emails, where they are sent and what happens when they arrive at the other end - tailoring future emails to groups and individuals
[...]
If all the tracking is done through explicit, up front, web links on the Blue State Digital web servers, then that may be acceptable, but that may rather be overselling the efficacy of their software's tracking capabilities to their campaign organisation clients.
The description in the Guardian article, together with Blue State Digital's Email Tools web page, implies at least the use of the standard but optional internet email Content Disposition header / Read Receipt, which many email recipients never see, or never manually reply to.
Are they also making use of ReadNotify style tricks, to also try to sneakily track and identify the email and IP address and other web browser details etc. of the friends and contacts of the people to whom the BSD software has been used to send a targeted mailshot to ?
Such secondary recipients of the emails are those who the NGO campaigners employing the Blue State Digital software do not yet know about, but who they hope to grow the grassroots activist base and get money from, regardless of whether most of the recipients of such email marketing are interested or offended by such marketing spam. Most of these secondary email recipients will not have opted in, and given their prior, informed consent for their IP address and other details to be tracked by BSD, even before they have actually decided to reply to the email or to trash it.
Political campaigns, wherever they are on the political spectrum, should not be using the same sort of tricks as email spammers and those who try to sneakily hunt down anonymous whistleblower sources and contacts, since this will betray the Sensitive Personal Data of their supporters, to some of their political enemies.
Since the Blue State Digital server infrastructure is based in the USA, with lax Data Protection and large scale snooping on foreigners (and on US citizens) by US Government agencies, who else gets to read the Communications Traffic Data of any particular group of political activists or campaign supporters who have been targeted this way ?
Blue Sky Digital were touting their "grassroots" campaign online expertise and tools, to various campaign groups and pressure groups recently.
We might perhaps support some of the aims of this campaign, but not if it uses sneaky email tracking, which contravenes the fundamental data protection principle of prior, informed consent, and which probably also contravenes the Direct Marketing industry codes of practice and European Union wide laws.
We did try to get a public comment about this on the Hope not Hate blog entry, but to no avail, so we must assume the worst.
Please forward one of Blue State Digital's tracking emails to us for analysis.
Is their any way that the public can tell if an email is being tracked with similar technology? I got caught once, clicked a link in an email, 10 mins later got a call from the people who sent it as I "clicked their link" and were trying to shrill me their services. Needless to say I wasn't best pleased. I now exercise much more caution, but a way to be able to make sure you are not being tracked would be good.
@ piratebrido - you have to read the raw source code of the email message, before it gets your email client or web browser to do anything like pull down an image from a website or send a Return Receipt.
You might have to forgo the joys of media enabled web page emails, in favour of changing the settings on your email client to display messages in plain text format, and not to display images, and to turn off the preview pane.
Even that might still be vulnerable to various embedded object tricks if it is Microsoft Outlook or, Outlook Express you are using.
You should also make sure that the Read Receipt setting is set to off or at least set to explicitly ask you if you wish to send a Read Receipt.
By no means all email server systems allow Read Receipts or Content Disposition header replies (e.g. "This Message was Displayed on the User's screen at...") so anyone claiming to track all, or even most, emails this way is lying.
If you are using a web based email, which you are not paying a premium for so as not to have banner adverts displayed, then you will need to install an advert filtering plugin for your browser, and/or block IP addresses in your local hosts file and block sites and domain names in your browser privacy settings.
If you use Firefox with the NoScript plugin, many of the sneaky javascript / java / flash / shockwave / ActiveX etc. privacy tracking and / or spyware or virus installation attacks will be prevented from happening automatically (you can always manually invoke these, by accident or design later ).
A judicious use of Tor (but not necessarily through every exit node) can also help to confuse spammers / trackers.
None of this is foolproof, so you should really have multiple email addresses or multiple email aliases (available in say, a Hushmail premium account) which are only used for filling in specific online forms once, but which forward to your main email account, so that you can see who has betrayed your details to spammers or direct marketers. You can then set up email filtering rules based on those unique email addresses so that such spam or marketing gets automatically trashed or stored in a separate folder. for later perusal.
None of the above will help much if evil advertising (e.g. Phorm) or Government snooping schemes (e.g. Interception Modernisation Programme) using Deep Packet Inspection are allowed to be inflicted on the core infrastructure of your Internet Service provider.
Peerguardian 2.0 is an ip filter. Time to inform the database of the new ip range to block. sorted.
"Sugarplum". Linux only I think. A totally evil program Which renders a spammers inbox totally bogged up and unusable.
Whats the betting its public money that is being illegally spent of this piece of blatant fascism? George Orwell was so right.
I've read plenty of the "hope not hate" and the UAF crowd. They are a pretty nasty bunch of hate mongers.
Thank you for this piece. For me, its time to vote for the BNP at the first possible opportunity.
Apologies for a couple of references to "Blue Sky" instead of "Blue State", which crept in to previous versions of this blog post.
my email got access the other week, when i passed the ip to ma mate it turns out it came from blue state digital...
i smell a spook,,,