Tag Archives: privacy

Who viewed your email?

A few months ago, a company called Streak announced a plug-in for Google Chrome. The plug-in makes it possible for gmail users to be notified once someone reads the emails they sent.

Sounds scary, right? It even works when emailing non-gmail users! You basically get a notification telling you “Someone viewed your email”. You won’t be able to tell who viewed it in case there were multiple receivers, but it does also show you the location from which your email was accessed, so it’s up to your guesses and stalking-skills to know who exactly viewed it.

But how does it work?

The trick is simple, the plug-in attaches an invisible 1×1 pixels image to every email you send. Most of the email clients will display the images in an email once you open it. When the receiver’s client tries to display the small image, it finds that the image is actually a link, so it requests the image by accessing the link, which (guess what?) sends the request to Streak’s servers.

Streak’s servers learn that someone accessed this particular image, they can tell that this was the image they attached to your email. They collect information about the location from which they received the image request, and by knowing that someone accessed this image, they conclude that someone accessed your email, and hence notify you.

How can it be countered?

So now that you understand how it works, you probably guessed that the plug-in can’t do its job unless the client accesses the images. You are right, and that’s the simple solution!

Just make sure your client doesn’t automatically display images. This way if you receive an email from someone using that plug-in, it won’t work because the image is not displayed, which means that the request to Streak’s servers was not made, which means that they couldn’t collect information about you.

The reactions to such a plug-in are really interesting. It’s pretty annoying to know that a server can be collecting information about you without your consent, but on second thought, this basically happens whenever you access any email with pictures! the only difference is that Streak announces that they will give that information to the email’s sender, unlike advertising companies for example, who will also gather this information but keep it to themselves.

I wonder if this is perceived differently than SMS delivery reports, it’s not exactly the same of course because delivery reports tell you when the SMS reaches the other device and not when it is “accessed”.

But does it really annoy you? Share your thoughts!