PJ Vogt is on Twitter here. If you'd like to subscribe to TLDR's short weekly podcast, please go here.
A Stranger Can Find Out Where You Are By Getting You To Open An Email
Monday, February 10, 2014 - 03:20 PM
This afternoon, I stumbled across this free Gmail plug-in called Streak. If you send someone an email, Streak will tell you if they opened it, when they opened it, and, most creepily, where they were when they opened it.
How is this possible? Streak doesn't say on their website, but typically email tracking services work in a similar way. They embed a tiny image into the email you've sent. Images in emails aren't actually "in" the emails themselves - they have to be hosted on an external server. When you open the email and your computer asks the external server for the image, your computer pings that server with a request that includes your IP address. Trackers then use that IP address to locate you.
IP addresses aren't specific enough to lock onto your exact address, but they can get pretty close. I sent Alex, my colleague, an email, and Streak was able to get me within about five minutes of our workplace.
It's not hard to imagine a situation where this could be badly abused. People who've been stalked, threatened, or harassed, for instance, should be able to open an email without unwittingly giving away their location.
So what can you do if you don't want to be tracked? Well, you can start by not allowing images to autoload in your email client. Also, in my (very rudimentary) tests I found that Gmail, for whatever reason, offered better protection than my office's Exchange email client. (With Gmail, I only found out when Alex had opened up my email. It was the Exchange client that gave away his neighborhood.)