28 posts in this topic

what? how?

You could send an email with an image that is uniquely named per email address. If Google loads it, the address exists and if it doesn't then the address doesn't exist. It depends on when/how Google loads the image. If they just load all images regardless of the account existing, then it wouldn't work. If they load images for accounts that exist only, then it would work brilliantly. If it only loads when they are viewed then it also works but not as well (depends on the owner of the address opening the email).

I'm not sure what the big deal about marketers knowing the IP/UA is to be honest. It's revealed when the user went to the site to perform whatever action they performed that got them on the marketing list in the first place. It is hardly sensitive information.

1 person likes this

Share this post


Link to post
Share on other sites

I'm not sure what the big deal about marketers knowing the IP/UA is to be honest. It's revealed when the user went to the site to perform whatever action they performed that got them on the marketing list in the first place. It is hardly sensitive information.

Spammers can use geolocation to customize mails and try passing them as more "legit".

Also you are providing info about what devices you own through the user string, which could be used both for more spam or targeted exploits.

It's not really sensitive, but there's no reason why they should get to know all that just because I watch (or not, if they use 1x1 px) some images delivered to my email address.

Then again rather than allowing all images I'd prefer a combination of the current system with whitelists and loading from the proxy cache for the images you select to be shown (which I'd guess you'd be getting if you opt out of this feature).

Share this post


Link to post
Share on other sites

Yeah, it's nothing sensitive (it's broadcast anyway), but a advertiser knowing you're in a certain city with a certain device allows them to give you more targeted ads (Like I'm now seeing a bunch of scam ads for Android virus scanners recently, or pop-up ads that throw me to the play store)

Another thing they could use is the device IPv6 address (if it has one), I'm seeing my Android tablet and phone fairly often fail to create privacy addresses, meaning any site that does IPv6 not only knows where I live, but exactly what type of device I'm using (Because by default, the IPv6 address uses the MAC address of the adapter, giving away manufacturer info)

Edit: Remember that for an advertiser, any bit of unique info allows for tracking, even something as simple as an IP/UA mix would allow for pretty good matching.

1 person likes this

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.