PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page

PRIVACY Forum Digest     Friday, 28 May 2004     Volume 13 : Issue 03

               ( )

            Moderated by Lauren Weinstein (         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                       ===== PRIVACY FORUM =====              

                 The PRIVACY Forum is supported in part by      
          the ACM (Association for Computing Machinery) Committee     
             on Computers and Public Policy, and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.

        Privacy and Security Risks in Rampell's E-Mail Surveillance Service 
        (Lauren Weinstein)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are via an automatic list server system;
for subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"".  Mailing list problems should be reported to

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributed and archived without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the list server system.  Please follow the instructions above
for getting the list server  "help" information, which includes details
regarding the "index" and "get" list server commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "";
full keyword searching of all PRIVACY Forum files is available via
WWW access.


     Quote for the day:

        "Villainy wears many masks, none so dangerous 
         as the mask of virtue."

                -- Ichabod Crane (Johnny Depp)
                   "Sleepy Hollow" (Paramount; 1999)


Date:    Thu, 27 May 2004 13:00:00 PDT
From:    Lauren Weinstein <>
Subject: Privacy and Security Risks in Rampell's E-Mail Surveillance Service

Greetings.  There's been a lot of publicity over the last few days about
Rampell Software's service.  There have been other software
tracking systems introduced before, but this one, by including features that
attempt to determine how long a message is kept open (as well as whether it
was received, who you forwarded it to, etc.) is worthy of particular disdain
and concern.

There's more than just basic privacy issues involved.  Many individuals,
businesses, and particularly government entities may have serious security
issues regarding capabilities that can expose information about when a
particular person has read a message, and perhaps potentially even if they
are still actually sitting there reading the message right now.  The
possible dangers are fairly obvious -- knowledge of the hours a person
works, when they tend to be in their office, etc. can be easily abused in
sensitive environments.

Some of these features not only depend upon invisible image "Web bugs" used
in a "conventionally invasive" manner, but also reportedly feed a slow
stream of data to your system during the entire interval you're reading a
message (that's how their "how long were you reading the message" function
apparently operates).

Luckily, there are several ways to protect yourself not only from Rampell
and their customers but also from other mail tracking services:

  - Use a text-based e-mail reader, not an html mail reader, for most mail.
    Do you really need to see all the fonts and associated frills in most
    e-mail?  What kind of mail is most likely to be full of such stuff?
    Spam of course!  When you need to display image or document attachments
    they can still be processed externally.  Text-based e-mail systems also
    can provide essentially complete protection against all virus, worm, and
    related attacks that use e-mail as their vectors.  I use a text-based
    e-mail system for 99.9% of all my mail quite successfully.  And I get a
    lot of e-mail.

  - Turn off image display in your html mail reader.  E-mail tracking
    systems that claim to work regardless of where mail is sent typically
    depend upon the recipient retrieving images (often invisible images)
    from central servers.  One way to stop that process is of course to read
    your e-mail offline, though that isn't practical for most of us.  But
    various html mail reading systems allow you to turn off image display
    (and typically retrieval as well) for e-mail messages (you can turn it
    back on when you really need it for particular items).  If you don't
    retrieve the images or Web bugs, e-mail tracking systems that need them
    won't work.  And of course, you should never allow javascript in e-mail
    messages to be processed, nor allow attachments to be executed.

  - Server blocking.  System administrators and others may choose
    to determine (from viewing e-mail raw source data) the names and/or
    IP numbers related to the servers used by Rampell or others to
    serve the tracking images.  If these servers are blocked at firewalls
    or other filters the tracking systems will be rendered impotent.

Until legislation and the legal system recognize the risks in such e-mail
tracking and provide appropriate restrictions and remedies, you need to
protect yourself.

Lauren Weinstein or or
Tel: +1 (818) 225-2800
Co-Founder, PFIR - People For Internet Responsibility -
Co-Founder, Fact Squad -
Co-Founder, URIICA - Union for Representative International Internet
                     Cooperation and Analysis -
Moderator, PRIVACY Forum -
Member, ACM Committee on Computers and Public Policy
Lauren's Blog:


End of PRIVACY Forum Digest 13.03

PRIVACY Forum Home Page

Vortex Technology Home Page

Radio, Television, and Press Contact Information

Copyright © 2005 Vortex Technology. All Rights Reserved.