Re: Yahoo (How beaconing works)

by "Octavian Rasnita" <orasnita(at)home.ro>

 Date:  Tue, 28 Jan 2003 14:38:29 +0200
 To:  "Davies,
Elizabeth H." <EHDavies(at)West.com>,
<hwg-techniques(at)hwg.org>
 References:  westworlds
  todo: View Thread, Original
Hi and thank you.

I've finally succeeded to do the same thing.
I've tried the same thing from an SSI but with no results.

What I don't know if it is possible to find out the email address of the
person who reads the message.
I won't send a message private but to a mailing list.

Cheers.



Teddy,
Teddy's Center: http://teddy.fcc.ro/
Email: orasnita(at)home.ro

----- Original Message -----
From: "Davies, Elizabeth H." <EHDavies(at)west.com>
To: "Octavian Rasnita" <orasnita(at)home.ro>; <hwg-techniques(at)hwg.org>
Sent: Monday, January 27, 2003 4:42 PM
Subject: Yahoo (How beaconing works)


>>I've read the following on another list.
>>Does anyone how it technically works?

Yes... Somewhere in the HTML there is an image that is attached to a
tracking script. Sometimes it will be inside a script, so the image tag
doesn't call up a "gif" or "jpg" but rather calls a "cgi"... This cgi serves
up the actual image which may be transparent or might be a real image on the
page (not uncommon for banner ads). The CGI also collects information that
you give it when you log in (username, page ID, the cookie crumb trail of
places visited). If it's not a website where you logged into or in an email,
it can only collect your environmental variables (they probably don't know
who you are), and can also set a cookie on your system that will identify
that your computer visited this site on a particular date/time, so if you go
back, they can check. Again, in this case they won't know exactly who you
are, just that this computer user has an interest in this type of page.

Cookies can be controlled through your security settings, but turning off
cookies completely can be a real pain if you browse alot. Most websites set
some sort of cookie even if it's just to track your navigation path through
their site to allow them to optimize and analyze navigation methodology.

In an email, typically the beacon will capture your email address, the email
campaign identifier, and any database list identification if you are on a
mailing list. This allows companies to track if the email is any good or
what their "open" rates are... if you "click through" this is also captured.
This is common practice. Sometimes these will also set cookies on your
computer. This can be a good thing as far as making it easier for you to
navigate around sites that you belong to and wish to work in. It can be a
very bad thing in that it can pass information to places you NEVER opted
into.

How to stop it. Opt out in Yahoo and anyplace that allows you to opt out. If
you have the ability, accept ONLY text email. Pure ugly old text... not even
RTF (because that can be pixeled). Even email that appears to be text can be
"beaconed" or "pixeled"... If you have Outlook set to do a preview, the
email is opened and the beacon lit. So, if you can't control whether you get
HTML or text email, then NEVER preview. Look at the titles and delete
whatever spam you need to... before you do any previewing.

There are also some good spyware programs out there that can eat the cookies
or throw them into a sanitized cookie jar.

Elizabeth Davies
Web Designer

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA