Didtheyreadit’s Response To Privacy Issues Part II

More on Alastair Rumpell’s response to my privacy concerns about his new email monitoring service, didtheyreadit.  (Here’s the first one.)

I wondered how the email addresses harvested by Rampell would be used (These would include all emails sent from and to recipients via the service since as far as I can understand it didtheyreadit, unlike MSGTAG, would work via tagging the email address, not the email itself. This would involve collecting the email address of sender and recipient). Alastair’s response: “We don’t harvest any e-mail addresses—I wasn’t sure to which e-mail addresses you are referring. We can send you e-mails to the account you register with, but we also allow you to opt-out at any time. We do not send any commercial e-mail or e-mail for any other companies to our customer list.” That’s not quite the complete denial I was looking for, but perhaps I wasn’t specific enough in my original post.

Another question I raised: How will Rampell prevent this service being used by spammers and other mass-mail marketers? Alastair’s response:
“We limit you to 750 messages per month. Very few individuals will ever exceed this number…whereas all mass-mail marketers would.” Fair enough.

Although Alastair takes pains to address my general privacy concerns, however, I’m not sure I can agree with his arguments. He candidly writes, “I had a discussion with somebody last week who was offended and repulsed by the idea of our service; the reason why is because a criminal could use our service to tell if somebody was at home. (Although she recognized that a telephone call could be used for the same purpose).” I can agree with that: Privacy is a long tunnel that can suck you in if you’re not careful — where everything is a threat — but while I don’t think didtheyreadit and MSGTAG represent threats to one’s physical safety, there are still some serious issues out there.

Alastair, for example says in response to my question “Why is the service invisible by default?” (In other words, why is there no default notice in the email informing the recipient the email they are reading is being tracked). Alastair’s response: “I believe it is what the market demands.” He later goes on: “We are planning on doing a free version (like msgtag) that automatically places the disclosure there, as it is a form of marketing. In
our initial tests, though, people who were trying the service were very concerned about having it disclosed to the recipients that the messages were being tracked.” I think that pretty much defines the problem. If someone sends a message to someone but doesn’t want them to know they know their message is being monitored, you’ve pretty much got yourself trapped in a privacy quagmire. If I do something to know something about you, but I don’t want you to know I am doing something to know something about you, then I would submit that as a default definition of snooping, or invasion of privacy.

What’s more, what kind of user would want to monitor their sent emails so invisibly? It’s hard to imagine they’re sending something to Aunt June or their son Bobcat. Given the other elements of didtheyreadit — monitoring exactly when, how long, where and how many times an email has been read — I’d say a consumer who demands the service be invisible may not be the kind of customer you’d be proud of having. What’s more, Alastair’s response to the issue of informing the recipient the email is being tracked is a rather strange one, in my view: Including a message informing the recipient might deter customers. “Even if it is an option,” he writes, ”it will confuse a good deal of people who might avoid using our service as a result.” I can hardly agree with that. Including an option to address a serious privacy issue is only likely to deter folk who aren’t great respecters of privacy.

I had some other issues with Alastair’s company, not least because it sells products that inhabit a grey privacy area. They include a keyboard logger called Spector, and ViewRemote (“record everything that happens on your computer and watch it from any other computer in the world!”). Alastair’s response: “I realize that some of our other products are often considered invasions of privacy. However, we take great pains to make sure that the products (ViewRemote and Spector) are only used by authorized people. For example, you cannot install ViewRemote or Spector without entering your computer’s administrative password—so it can’t be installed without your permission. Installing Spector or ViewRemote on somebody else’s computer is not only a gross violation of privacy—but it’s also illegal. I feel that this is immoral and unethical, and thus we do not support it. But “spying” on your own computer, for lack of a better word, is sometimes necessary. Our products have been used to catch an employee stealing, identifying a pedophile, etc.”

I’m sure there are legitimate uses of such programs. But it leaves an uncomfortable taste that the company whose main products are what I would call stealth software is now selling a service that invisibly and remotely monitors the fate of emails. Alastair, who says his academic background is on the other side of privacy, via cryptography research, is at least discussing the issues, which is a good sign. But I am not sure I agree with him when he concludes that ”I believe that DidTheyReadIt is relatively harmless. Yes, you can use it to catch somebody in a lie…but there are a wealth of legitimate purposes that give the sender more information (such as if the message was even received) without necessarily infringing upon the privacy of the recipient.”

My response: Yes, in the midst of spam’s deluge there’s definitely a legitimate market here for checking whether your email got to where it was supposed to go safely. But it shouldn’t be necessary to go beyond that, to check about aspects of its fate that should really be the private property of the recipient: How long the message was read, where it was opened, whether it was forwarded to others. Furthermore, didtheyreadit (and MSGTAG) need to address the issue of allowing the recipient to easily and definitively opt out of having the emails they receive tagged by such services; if possible, before the first email they receive from either service. If such companies don’t address these issues before they get successful, they may find themselves caught up the full glare of privacy advocates, and end up destroying what is in essence a useful and benign service.

Thanks For Reading My Email for 13 Minutes In Wisconsin

Just when I started agonizing about the privacy aspects of MessageTag, a company has come along with a service that makes the mail-receipt monitoring service look like chicken-feed.

MessageTag allows users to see whether and when their emails have been read by recipients. It does this by inserting what privacy advocates called a web-bug into the email — a unique link, basically, that checks back to the MessageTag servers and matches it with the original email. The sender will then be notified as to when the email was opened.

I have to confess I find it an excellent service, and I use it, along with a message at the bottom of each email informing the recipient I’m doing it and offering not to if it offends them. Few ask me to remove them, an indication they either don’t object or they don’t read all the way through my emails. But despite finding it a huge timesaver — knowing whether an email’s landed safely, and whether to expect a reply any time soon makes life a lot easier — I still worry it’s too intrusive. Is it fair to make the process one the recipient must not first approve? MessageTag, to their credit, have acknowledged these concerns and have built in some safeguards, including limiting the service to individual emails. But is it enough?

As I was juggling all this, word comes by of a new service that can tell you not only if and when your email has been opened, but approximately where the reader is located and how long they read the email for. If they open it again, or forward the message, you’ll also be informed (it’s not clear whether the original sender is informed as to who the email is forwarded to). What’s more, DidTheyReadIt is invisible, meaning, in their own words, “every e-mail that you send is invisibly tracked so that the recipients will never know you’re using didtheyreadit”.

Privacy aside, for the moment, you can imagine the social fallout from this. “Jean only read my email for two minutes, and she read it in Utah when she said she was in Seattle. The cheatin’, lyin’ skunk!” Or “Brian has read my email 14 times and he still hasn’t replied! Is he trying to break up with me?” Or “That love note I sent Sandra in personnel has been forwarded to 64 people! I’m the laughing stock of the office!” (OK, there are probably easier ways to find out if you’re the laughing stock of the office. But you get the idea.)

The company behind the service is a Florida-based company called Rampell Software, whose other products include keyboard loggers such as Spector, ”the most advanced computer monitoring application” for Macs (“Spector locally (and secretly) records everything you do on your computer”). Then there’s ViewRemote (“record everything that happens on your computer and watch it from any other computer in the world!”). Clearly Rampell has some experience in the field of stealth software. I can see warning flags being raised all over the place already, and the company’s privacy policy, as it stands, is not comprehensive or specific enough to be reassuring. Perhaps it will be before the official launch.

DidTheyReadIt works slightly differently to MessageTag. Once you’ve signed up and installed the software, you add an extra didtheyreadit.com to any email you send out that you want to track. So joe@sixpack.com becomes joe@sixpack.com.didtheyreadit.com. There’s not enough information on the website to say more than that. Indeed, there’s a lot that’s not on the website, and which I think we need to know before assessing DidTheyReadIt. Such as:

  • How can the user alert recipients to the fact he’s using the service and what it entails?
  • How will the email addresses harvested by Rampell be used?
  • Why is the service invisible by default?
  • How will Rampell prevent this service being used by spammers and other mass-mail marketers?

The service will be officially launched later this month. The basic version of DidTheyReadIt is free, but is limited to 5 messages. Subscriptions cost $10 a month, $40 a half-year or $50 for the whole year.

I’d be interested in hearing from folk (lwire at jeremywagstaff.com) about whether they think there’s a line here that could allow services like MessageTag to thrive without sacrificing privacy — such as allowing users to choose whether they acknowledge receiving an email, without requiring much effort on their part, perhaps– or whether DidTheyReadIt just throws into sharp relief that this sort of thing is unacceptable to most folk and should be stopped. I’ll also forward this to Rampell to see if they have any comments.

The Perils Of AutoResponse

Be careful what you put in your email auto response when you head off on holiday/maternity leave/business trip. Anyone can read it.

One of the the things that came out of Daniel McNamara’s travails at Code Fish was that, by having phishers put his name in the from field of one of their attacks he got swamped by bounce-back emails that didn’t reach their destination. This is part of the Internet email system where a server will return anything it can’t pass on.

But among those bounce-backs are emails from legitimate addresses where the recipients have automated some sort of response, usually stored on the server, that will send a message back to the sender, informing them they’re out of the office. It’s these emails that are a problem.

I haven’t heard it happening yet, but I’m sure it will. Daniel says a lot of those autoresponses contained a lot of surprising personal information that would be very handy to someone somewhere. Who to call, where that person will be, when they’ll be back. Daniel says some of the messages are surprisingly informative, ranging from the person’s full-name and workplace, through details of injuries incurred that are keeping the person in question at home, to companies using the autoresponse to notify senders that the person in question no longer works there, or, in some cases, has been “fired for misconduct”.

In these days of targetted phishing this is an invitation to social engineering of a high order. All a phisher would need to do is flood a company with emails, either guessing the email addresses, using a dictionary attack (where practically every word in the dictionary and English language is used) or else grabbing names from the company directory online. If a dozen people have autoresponds on, the information gained could easily facilitate a socially engineered attack on the company as a whole.

My advice: Assume that sleazy folk can read your autorespond messages and ask yourself whether you want to share that kind of information with them. Then either rewrite the autorespond message, or better still, don’t use one at all.

Mail: MSGTAG Replies

Good software always seems to be controversial. That’s not to say there’s not two sides to the debate: Those who think Plaxo is a scam to get you to give up your private data aren’t exactly right, but they may not be exactly wrong, either: time will tell whether it becomes a great service or an intrusive nag. Similarly, another product I’ve taken to, MSGTAG, has its critics, who say allowing folk to check whether their emails have been opened is an unacceptable invasion of privacy, not least because most folk who receive such ‘tagged’ emails don’t know their email program has just sent a message home advising the sender they’ve just opened an email. (See a recent email from an outraged user.) All this is true, but it doesn’t undermine the idea that in principle, it’s a great idea. We would all be a lot more productive — not to mention safe — if we knew the emails we were sending out to friends, colleagues, customer service departments, actually reached their intended recipient.

Anyway, for those of you who are interested in hearing MSGTAG’s side of the debate, here’s their recent response to the letter I mentioned above. Original complaints in purple. I’ve cut it back a bit.

The sender has no real right to know when and if I read his email, where will this go next…tracking how often the email is open, tracking to whom I on forward the email…the possibilities are endless and tantamount to spying and invasion of privacy.

The MSGTAG read receipt process is not designed to be invasive. We feel that it is more than reasonable for a person to know if and when their mail has been read by the intended recipients. There are many situations where this benefits both the sender and the recipient. If an email hasn’t been read before a critical time, a sender can know to contact the recipient to give them the information by another means.

Our view on the subject of mail notification is that at the moment email is an unbalanced exchange. The recipient gets to read the email, but the sender doesn’t get to know if they have. If you send something via a courier service, for example, if you refuse to sign for it, you can’t open it. If you do sign for it, the sender knows straight away.

With MSGTAG we are trying to make it as fair as possible. There are some services that offer to give out all sorts of information about the recipient, such as how long the email was viewed for, how many times, who it was forwarded to, etc. Though we know how to implement this type of functionality, we have chosen a different path of fixing what we see as a broken process, without making the cure worse than the disease by adding privacy-invading features. The negative “possibilities are endless” for all sorts of technologies: we ask that we are judged by what we do, not by what can be done.

MSGTAG tells the sender only the time a message was first opened. It does not provide the sender with the IP address or geographical location of their recipients, nor does it embed tags into attachments to track forwarding or printing behaviour.

However, I do appreciate that not all Internet users wish to receive MSGTAG tagged emails. We respect the business decisions of companies such as yours that wish to implement firewall or proxy technology to prevent MSGTAG tags from being triggered. Furthermore, we have implemented a system within MSGTAG Status that allows users to disable tagging for certain recipients who have asked not to be tagged.

MSGTAG also collects the recipient’s email address, email ID, IP address and email headers without the recipient’s authorisation or knowledge.

It is true that we collect the recipient’s email address and the email ID – this is provided to us by the sender of the email. As I pointed out in the previous paragraph, we don’t collect the recipient’s IP address and we don’t have access to the header information except for:

The subject line – this is used in the notification email so that users know which e-mail has been read, without it they would only know that one of their emails has been read, but they wouldn’t know which one.

The message ID generated by the sender’s e-mail client – this is a unique code attached to all emails by most email clients so that the clients can reliably tell e-mails apart. We use it for the same purpose.

The address the e-mail was sent to – we use this for the same reason as the subject line – so the user knows which e-mail the notification is about.

We also record when the tag was added, and when it was triggered so that we can tell the users when it was triggered, and what the elapsed time was. That is all that we collect from the email.

I agree that what we do with the small amount of information we collect is a serious privacy issue. That is why we have a privacy policy publicly posted on our site. There are several prominent links to it, including within the application itself. I refer to the following relevant section of our Privacy Policy:

“MSGTAG facility
The Software uses the MSGTAG service to determine whether an e-mail that has been tagged by the Software has been received by the intended recipient. In order to achieve this, MSGTAG must store the subject, message ID, message recipient, date sent, and MSGTAG account name of the sender for each e-mail tagged by the Software. If tagging is disabled in the application, MSGTAG does not store this information. MSGTAG will not sell, share or rent this information to any other parties.”

At present, there is only one person in our organisation who has access to the email addresses used in MSGTAG – a System Administrator. As General Manager of MSGTAG, I do not have access. Tech support staff must ask the system administrator for this information on a case by case basis, in order to address specific problems raised by our customers.

We publicly state what happens to email addresses collected. They are only valuable to spammers. They are not valuable to us, because we abide by our Privacy Policy, and cannot exploit them. It would be commercial suicide for us to misuse the email addresses stored on our servers. The integrity of our brand is more valuable than a list of email addresses. Besides, we hate spam with a passion.

“This is in direct contravention to the privacy act and the rules governing the collection of personally identifiable information.”

We also feel that MSGTAG’s email tracking service is not only an invasion of our privacy but is also an infringement of the “Information Access” and “Computer Equipment Access” laws as their service provides “back-flow” traffic, without the recipient’s knowledge or consent, directly from their computer software and hardware.”

We are unaware of any infringement as per your suggestions. Fisher Young Group takes its obligations and allegations of this nature extremely seriously. If you can provide us with more information about the specific areas of law that are at dispute, we will investigate your concerns thoroughly.

Matthew Miller

Interesting stuff. Let us know how you feel.

Mail: Strong Objections to MessageTag

Robyn Winter comments on my recent column about MessageTag:

I noticed, from checking on MSGTAG’s website that you recently did an article on MSGTAG’s email tracking service.

I recently received several email in which the sender utilised MSGTAG’s email tracking service. I was completely unaware that there was even any type of “read receipt” tracking until I had printed out the email and noticed the MSGTAG’s icon. This was because the icon and accompanying message was below the sender’s signature details.

Apart from the fact that our company has a policy NOT to allow read receipts, personally, I strongly object to MSGTAG’S email tracking service, as I have absolute right to control what does or does not leave my mailbox and computer.

The sender has no real right to know when and if I read his email, where will this go next…tracking how often the email is open, tracking to whom I on forward the email…the possibilities are endless and tantamount to spying and invasion of privacy.

MSGTAG also collects the recipients email address, email ID, IP address and email headers without the recipients authorisation or knowledge. This is in direct contravention to the privacy act and the rules governing the collection of personally identifiable information. We also feel that MSGTAG’s email tracking service is not only an invasion of our privacy but is also an infringement of the “Information Access” and “Computer Equipment Access” laws as their service provides “back-flow” traffic, without the recipient’s knowledge or consent, directly from their computer software and hardware.

Because of this activity, which for all intents and purposes (although stated to the contrary on the MSGTAG web site), the email tracking is a form of common spyware and we have therefore banned the use of MSGTAG services through our firewall and proxy services.

We will be taking every opportunity to make users aware of the infringement this product inherently has on privacy. We have contacted MSGTAG regarding their software and have not received any response to date, which to our mind, reflects on their business practices and ethic, as does their product.

Robyn Winter

I’ve passed this email along to MSGTAG for a response. Personally, while I can see some folk might have issues with this kind of tracking, I have been using it myself for some time and have very little negative feedback. Furthermore, after long discussions with them, I am willing to believe that:
– the folks at MSGTAG are not using the information they gather for traditional spyware purposes
– they have put safeguards in place to prevent it being used for spam purposes and
– it amounts to no more than a registered post service facility.

I’m ready to be convinced otherwise. Anyone else have any strong views? Write me.