Richard Engle's emails aren't just weird, they're creepy, in a privacy-invading way

| | Comments (2) | TrackBacks (0)

There's something creepy going on with email in the race to be Oklahoma's next Republican National Committeeman.

If you're a delegate to the 2012 Oklahoma Republican State Convention, you've been getting a barrage of emails from Richard Engle, candidate for Republican National Committeeman, announcing endorsements from a surprising mixture of people, including disgraced former Speaker Lance Cargill.

What's especially odd about these Engle emails is that they have no substantive text. If you have automatic loading of remote images turned off in your email program -- and you should, for your own Internet safety -- you won't see anything in these Engle emails but a blank space where the image would be and a link labeled, "Is this email not displaying correctly? View it in your browser."

Now, it's not unusual for a mailing list to include a remotely hosted image -- a logo perhaps, or a large photo. A link uses less disk space and bandwidth than embedding the image into the message. But good email etiquette and politeness to the blind demand that you put in an alternative text for the image -- e.g., the name of the company in text form as an alternative to the logo. Typically in these cases, the bulk of the message is plain text, readable even if you choose not to load the remote image.

In Soviet Russia, email reads you!But Richard Engle's emails are different. He's embedded the text of the message in a big image which is located on a remote server. The image is not attached to the email. You can't read it unless you allow remotely hosted images to load, or unless you click the "View it in your browser" link. Among other things, this means you can't cut and paste the text of the message, you can't make the text bigger, and you can't use text-to-voice software to read it to you aloud (more disadvantage for those with limited vision).

And when you load remote images or click the "view it in your browser" link, the server that hosts the endorsement image logs your Internet Protocol (IP address) with a URL that looks like gibberish but actually is a unique identifier tied to your email address. Engle will be able to know which of the endorsement messages you have looked at and which messages you've ignored. More importantly, he will have the IP address of the computer from which you opened his email, and it would be possible to match it with other internet activity.

For most residential users, your IP address, which changes from time to time, only reveals, for example, that you're a Cox or AT&T customer. This email-based data-gathering system makes it possible for someone to pinpoint that a given address is likely to be yours. With multiple emails, you might open some at home, some at work, some at your favorite coffeehouse. Engle would be able to tie your email address to each of these IP addresses and might have enough information to establish a pattern of internet usage. The internet server logs would also let him know what operating system you're running on each of those computers and what web browser or email client you're using.

As Yakov Smirnoff might say, "In Soviet Russia, email reads you!"

Engle could use this feature to build a database of thousands of Oklahoma Republican activists, matching name to email address to one or more IP addresses. Win or lose the RNC position, Engle would have an asset with economic and political value.

Why would someone want to do this? The person sending the email could use this setup to determine who is posting unfavorable anonymous comments on a message board or sending unfavorable anonymous emails. The mailer could sell the database to website owners, who might use it to track an activist's internet activity for commercial or political advantage.

With this database, one could set up a trap: send an email to the same list from a fake "From" address, advertising some illicit website. The database may be able to pinpoint which individuals clicked that nasty link, and suddenly, "You've got blackmail!"

This odd way of sending email has absolutely no advantages to those receiving the email, but it could be very advantageous to the sender.

Is it possible that Engle is doing this innocently? Sure. But this is such an unnatural way to send an email, I have to believe it was done deliberately by someone (perhaps Engle, perhaps someone else). You have to take some time and care to arrange a huge block of text in an image file, rather than just typing the message into an email. That turtle didn't get on that fencepost all by itself.

For the rest of us: Set your email client not to load remote images automatically. Look at carefully at any link in an email before you click it. If there's a lot of incomprehensible code at the end of a URL, it's likely that the sender's email system can track your click to your email address to your IP address and report that information to the sender.

MORE:

How Thunderbird (Mozilla's email program) protects your privacy by not automatically loading remote images

About.com: How Reading an Email Can Compromise Your Privacy: How this privacy attack works and what countermeasures can be used.

0 TrackBacks

Listed below are links to blogs that reference this entry: Richard Engle's emails aren't just weird, they're creepy, in a privacy-invading way.

TrackBack URL for this entry: http://www.batesline.com/cgi-bin/mt/mt-tb.cgi/6447

2 Comments

anon said:

Good info, Michael.

When I notice weirdness like this, I will sometimes use the Tor Browser to "investigate" the remote content.

One can also use the Tor network with Thunderbird to safely and anonymously download remote images if needed.

Same goes if one is posting comments in a forum. Just be sure and click the "use a new identity" each time first.

Nathan Keltner said:

For what its worth, this is incredibly common. It's plausible that Engle doesn't even know this is going on, and this is all happening at the marketing/email company he's hired.

All of the same information is collected when I visited this site. When I tried to post this comment, I was asked to login with facebook, twitter, etc, forever linking your blog to my facebook account, etc, or just my email if I choose not to draw that link for facebook and batesline.

It's incredibly difficult to keep this type of information private on the internet. You're correct that this is a Bad Thing, but Engle's email campaigns don't sound out of the norm.

About this Entry

This page contains a single entry by Michael Bates published on May 12, 2012 12:06 AM.

Steve Fair for Republican National Committeeman was the previous entry in this blog.

A report from the Oklahoma Republican Convention is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Contact

Feeds

Subscribe to feed Subscribe to this blog's feed:
Atom
RSS
[What is this?]