hwg-techniques archives Jan 2003 new search results previous next

Re: Yahoo (How beaconing works)

by "Octavian Rasnita" <orasnita(at)home.ro>

 Date:  Tue, 28 Jan 2003 19:27:30 +0200
 To:  "Justin H." <justinh(at)whidbey.net>,
"HWG Techniques" <hwg-techniques(at)hwg.org>
 References:  westworlds whidbey
  todo: View Thread, Original 
But this only if you know the email addresses of those persons.
If you don't know them, you can't do this. Right?

Teddy,
Teddy's Center: http://teddy.fcc.ro/
Email: orasnita(at)home.ro

----- Original Message -----
From: "Justin H." <justinh(at)whidbey.net>
To: "HWG Techniques" <hwg-techniques(at)hwg.org>
Sent: Tuesday, January 28, 2003 6:46 PM
Subject: Re: Yahoo (How beaconing works)


On the calendar, in the box marked 1/28/2003 6:37 AM ^ Davies, Elizabeth
H. scratched:
>>>What I don't know if it is possible to find out the email address of the
>>>person who reads the message.
>>>I won't send a message private but to a mailing list.
>
> To my knowledge, NO (and thank god-dess). In order to do that you would
need to  go into their computer and extract personal information. There is
no honest way to do this... if you could get their email address, you could
get anything else. I would put that at severe invasion of privacy (at a
minimum). All you can grab are the environmental variables such as OS,
Browser/mailreader that opened, IP address, etc.... Given that more and more
IP addresses are dynamic, this is no longer a consistent or reliable method
of identifying a computer.
>
> The only thing you could possibly do is set a cookie that might identify a
person if they open something a second time... given that you know who they
are the FIRST time because they opted IN to your mailing list. And this is
limited if a person turns off cookies or has some solid spyware software to
protect them.
>
> Regardless of what good it might do you for your mailing list, it would
spell disaster for security overall... BUT if you find a way, let me know...
I need to block it ASAP.
>
> Elizabeth Davies
> Web Designer
>

It'll work if the image/script is put into an email.  There are
automated emailers that will create an email for each person on the list
and the script that loads the image will send the email address as part
of the GET request (i.e.,
http://yourserver/1pixelgif.cgi?un=email(at)address.here).

Normally you won't see this except in spam messages.  It's why I have
images turned off in email.

Justin H.

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA