Reputation: 1961
Why does conversion tracking use pixels and why do images potentially expose information about you?
First, why (historically) was conversion tracking implemented by html pixel tracking versus using other small and able-to-be-made-nearly-invisible html elements which could provide the same information? Curious why html images were used as opposed to other methods.
Second, many email clients, e.g. Outlook and Gmail don't display images in html emails by default as a means to "protect your identity". Why do images provide greater exposure of information than the other markup elements in the page? They all show up in some server's web log as a GET from some IP address with some possible query string parms, so I'm not sure why images represent additional risk.
Upvotes: 3
Views: 900
Answers (2)
Reputation: 449485
versus using other small and able-to-be-made-nearly-invisible html elements which could provide the same information?
Name one! I can't think of one except images, at least not in good old HTML 4, which still is the standard for rich E-Mail until this day. External style sheets would be a possibility nowadays, but don't get loaded in E-Mails. Background images could be disabled. iframes came later.
They all show up in some server's web log as a GET from some IP address with some possible query string parms, so I'm not sure why images represent additional risk.
When an image resource is embedded into an E-Mail, the time when that image is loaded is the time when the user reads the E-Mail. Plus, the IP the image is pulled from is the IP the recipient is logged on to the Internet with at that moment. A badly patched Windows installation might be enough to facilitate an attack with this.
From the request, it is also maybe possible to determine the recipient's operating system, whether they're behind a Firewall / router, which Internet provider they're with, where roughly they are located.... All already very, very sensitive information.
Upvotes: 3
Reputation: 28268
When you load an image from a site, you make a request to that sites http server. The request contains header information which is pretty extensive.
Images were there from the first HTML spec, which explains their common usage. <iframe>, <object>, <script> and all the other embeddable elements came in later editions and were not always supported or enabled in the browser.
Displaying images in HTML Emails can be seen as a "security risk" as confirmation for spammers that somebody actually reads their spam mails.
Upvotes: 1
Related Questions
- What does data:image/png;base64 mean?
- pixel.gif, why do people use it?
- Facebook Conversion Pixel code: BODY vs HEAD
- What is the purpose behind the personalized security image often used on banking websites?
- How does invisible pixel conversion tracking work?
- Why are email senders placing tracking images at the end of the content?
- Is hiding an image tracking pixel going to cause issues (with http requests not going through)?
- magento tracking pixel
- 1 pixel Gif as a new measure tool? o_O BLANK_IMAGE_URL what is it for?
- Can somebody illustrate what is "Pixel Tracking" in php?