Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

I never signed up for this! Privacy implications of email tracking

I never signed up for this! Privacy implications of email tracking AbstractWe show that the simple act of viewing emails contains privacy pitfalls for the unwary. We assembled a corpus of commercial mailing-list emails, and find a network of hundreds of third parties that track email recipients via methods such as embedded pixels. About 30% of emails leak the recipient’s email address to one or more of these third parties when they are viewed. In the majority of cases, these leaks are intentional on the part of email senders, and further leaks occur if the recipient clicks links in emails. Mail servers and clients may employ a variety of defenses, but we analyze 16 servers and clients and find that they are far from comprehensive. We propose, prototype, and evaluate a new defense, namely stripping tracking tags from emails based on enhanced versions of existing web tracking protection lists. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Proceedings on Privacy Enhancing Technologies de Gruyter

I never signed up for this! Privacy implications of email tracking

Download PDF
18 pages

Loading next page...
 
/lp/de-gruyter/i-never-signed-up-for-this-privacy-implications-of-email-tracking-QpFkGPHE6Y
Publisher
de Gruyter
Copyright
© 2018 Steven Englehardt et al., published by De Gruyter Open
ISSN
2299-0984
eISSN
2299-0984
DOI
10.1515/popets-2018-0006
Publisher site
See Article on Publisher Site

Abstract

AbstractWe show that the simple act of viewing emails contains privacy pitfalls for the unwary. We assembled a corpus of commercial mailing-list emails, and find a network of hundreds of third parties that track email recipients via methods such as embedded pixels. About 30% of emails leak the recipient’s email address to one or more of these third parties when they are viewed. In the majority of cases, these leaks are intentional on the part of email senders, and further leaks occur if the recipient clicks links in emails. Mail servers and clients may employ a variety of defenses, but we analyze 16 servers and clients and find that they are far from comprehensive. We propose, prototype, and evaluate a new defense, namely stripping tracking tags from emails based on enhanced versions of existing web tracking protection lists.

Journal

Proceedings on Privacy Enhancing Technologiesde Gruyter

Published: Jan 1, 2018

References

  • How unique is your web browser on pages
    Peter Eckersley
  • Exposing the invisible web : An analysis of third - party http requests on million websites of
    Timothy Libert
  • Claudia The leaking battery A privacy analysis of the HTML Battery Status API Technical report
    Lukasz Olejnik
  • Understanding emerging threats to online advertising InProceedings of the ACM Conference on Computation
    Ceren Budak
  • Christina Cross device tracking disclosures InProceedings of the
    Justin Brookman
  • Email Tracking for other clients https bananatag com email tracking accessed
    Bananatag
  • Julia Why online tracking is getting creepier
    Angwin
  • Pixel perfect Fingerprinting canvas in HTML
    Keaton Mowery
  • Email Tracking for https www contactmonkey com email tracking Online accessed
    ContactMonkey
  • tracking million - site measurement analysis Conference on Communications
    Steven Englehardt
  • On the leakage of personally identifiable information via online social networks InProceedings of the nd ACM workshop on Online social networks pages
    Balachander Krishnamurthy
  • Giovanni monster Exploring the ecosystem of web - based device fingerprinting InSecurity and privacy symposium on pages
    Nick Nikiforakis
  • Forms HTML https www org TR html forms html accessed
  • and Matthias Wachs TLS in the wild : An internetwide analysis of tls - based protocols for electronic communication In nd Annual Network and Distributed System San California
    Ralph Holz
  • uBlock Origin - An efficient blocker for Chromium and Firefox Fast and lean https github com gorhill uBlock accessed
  • https easylist to accessed
    EasyList
  • Forms HTML https www org TR html forms html accessed
  • Understanding emerging threats to online advertising InProceedings of the ACM Conference on Computation
    Ceren Budak
  • Are you sure you want to contact us ? quantifying the leakage of pii via website contact forms Proceedings on Privacy
    Oleksii Starov
  • Mozilla Support Remote Content in Messages https support mozilla org en US kb remote content in messages Online accessed
  • Macbeth Modi Tracking the trackers InProceedings of the th International Conference on pages Conferences Steering Committee
    Zhonghao Yu
  • https easylist to accessed
    EasyList
  • scikit learn Similarity Score http scikit learn org stable modules generated sklearn metrics jaccard similarity score html Online accessed
    Jaccard
  • Konstantin Privacy leakage vs protection measures the growing disconnect InProceedings of the Web
    Balachander Krishnamurthy
  • Exposing the invisible web : An analysis of third - party http requests on million websites of
    Timothy Libert
  • and Chris Jay Hoofnagle Flash cookies and privacy spring intelligent information privacy management volume pages
    Ashkan Soltani
  • Yahoo Help Block images in your incoming Yahoo Mail emails https help yahoo com kb html Online accessed
  • Start Email Tracking Today https www hubspot com products sales email tracking Online accessed
    HubSpot
  • Help Choose whether to show images https support google com mail answer accessed
    Gmail
  • https github com shivamagarwal iitb BlockListParser Online accessed
    BlockListParser
  • Cookies that give you away : The surveillance implications of web tracking InProceedings of the th Conference on
    Steven Englehardt
  • Serge Fingerprinting web users through font metrics InInternational Conference on and
    David Fifield
  • Giovanni monster Exploring the ecosystem of web - based device fingerprinting InSecurity and privacy symposium on pages
    Nick Nikiforakis
  • Lumen grained visibility and control of mobile traffic in user - space
    Narseo Vallina
  • Yahoo Help Block images in your incoming Yahoo Mail emails https help yahoo com kb html Online accessed
  • Claudia The web never forgets : Persistent tracking mechanisms in the wild of pages
    Gunes Acar
  • Jonathan Third party web tracking Policy technology In on Privacy
    Mayer
  • How unique is your web browser on pages
    Peter Eckersley
  • Serge Fingerprinting web users through font metrics InInternational Conference on and
    David Fifield
  • Recon Revealing and controlling pii leaks in mobile network traffic InProceedings of the th Annual International Conference on Mobile Systems Applications and Services pages
    Jingjing Ren
  • Franziska Detecting and defending against third - party tracking on the web InProceedings of the th USENIX conference on Networked Systems Design and Implementation pages Association
    Roesner
  • Cookies that give you away : The surveillance implications of web tracking InProceedings of the th Conference on
    Steven Englehardt
  • BeautifulSoup https www crummy com software BeautifulSoup accessed
  • Beauty and the beast : Diverting modern web browsers to build unique browser fingerprints In th on Privacy
    Pierre Laperdrix
  • Macbeth Modi Tracking the trackers InProceedings of the th International Conference on pages Conferences Steering Committee
    Zhonghao Yu
  • Christina Cross device tracking disclosures InProceedings of the
    Justin Brookman
  • Adam Anna Kornfeld Tadayoshi and Franziska Internet jones and the raiders of the lost trackers : An archaeological study of web tracking from to In th
    Lerner
  • scikit learn Similarity Score http scikit learn org stable modules generated sklearn metrics jaccard similarity score html Online accessed
    Jaccard
  • tracking million - site measurement analysis Conference on Communications
    Steven Englehardt
  • Mozilla Support Remote Content in Messages https support mozilla org en US kb remote content in messages Online accessed
  • Plus Surf the web without annoying ads https adblockplus org accessed
    Adblock
  • On the leakage of personally identifiable information via online social networks InProceedings of the nd ACM workshop on Online social networks pages
    Balachander Krishnamurthy
  • Plus Surf the web without annoying ads https adblockplus org accessed
    Adblock
  • Start Email Tracking Today https www hubspot com products sales email tracking Online accessed
    HubSpot
  • Email Tracking for https www contactmonkey com email tracking Online accessed
    ContactMonkey
  • Claudia The leaking battery A privacy analysis of the HTML Battery Status API Technical report
    Lukasz Olejnik
  • and Matthias Wachs TLS in the wild : An internetwide analysis of tls - based protocols for electronic communication In nd Annual Network and Distributed System San California
    Ralph Holz
  • Help Choose whether to show images https support google com mail answer accessed
    Gmail
  • Georg Block me if you can large - scale study of tracker - blocking tools InProceedings of the nd European on Privacy EuroS
    Merzdovnik
  • Lumen grained visibility and control of mobile traffic in user - space
    Narseo Vallina
  • Neither snow nor rain nor mitm An empirical analysis of email delivery security InProceedings of the Conference on Internet Measurement Conference pages
    Zakir Durumeric
  • Konstantin Privacy leakage vs protection measures the growing disconnect InProceedings of the Web
    Balachander Krishnamurthy
  • Claudia The web never forgets : Persistent tracking mechanisms in the wild of pages
    Gunes Acar
  • Beauty and the beast : Diverting modern web browsers to build unique browser fingerprints In th on Privacy
    Pierre Laperdrix
  • BeautifulSoup https www crummy com software BeautifulSoup accessed
  • and Chris Jay Hoofnagle Flash cookies and privacy spring intelligent information privacy management volume pages
    Ashkan Soltani
  • Neither snow nor rain nor mitm An empirical analysis of email delivery security InProceedings of the Conference on Internet Measurement Conference pages
    Zakir Durumeric
  • Extended tracking powers : Measuring the privacy diffusion enabled by browser extensions InProceedings of the th International Conference on pages
    Oleksii Starov
  • uBlock Origin - An efficient blocker for Chromium and Firefox Fast and lean https github com gorhill uBlock accessed
  • Extended tracking powers : Measuring the privacy diffusion enabled by browser extensions InProceedings of the th International Conference on pages
    Oleksii Starov
  • Email Tracking for other clients https bananatag com email tracking accessed
    Bananatag
  • Adam Anna Kornfeld Tadayoshi and Franziska Internet jones and the raiders of the lost trackers : An archaeological study of web tracking from to In th
    Lerner
  • Georg Block me if you can large - scale study of tracker - blocking tools InProceedings of the nd European on Privacy EuroS
    Merzdovnik
  • https github com shivamagarwal iitb BlockListParser Online accessed
    BlockListParser
  • Pixel perfect Fingerprinting canvas in HTML
    Keaton Mowery
  • Julia Why online tracking is getting creepier
    Angwin
  • Recon Revealing and controlling pii leaks in mobile network traffic InProceedings of the th Annual International Conference on Mobile Systems Applications and Services pages
    Jingjing Ren
  • Franziska Detecting and defending against third - party tracking on the web InProceedings of the th USENIX conference on Networked Systems Design and Implementation pages Association
    Roesner
  • Are you sure you want to contact us ? quantifying the leakage of pii via website contact forms Proceedings on Privacy
    Oleksii Starov
  • Jonathan Third party web tracking Policy technology In on Privacy
    Mayer