• fmstrat
    link
    fedilink
    English
    25
    edit-2
    2 months ago

    Haven’t read details, but the classic way is to have a system visit: site.com/badimage.gif?data=abcd

    Note: That s is also how things like email open rates are tracked, and how marketers grab info using JavaScript to craft image URLs.

    • @jaybone
      link
      English
      182 months ago

      This is why every single email client for the past 2+ decades blocks external images? This didn’t occur to the AI geniuses?

      • Eager Eagle
        link
        English
        112 months ago

        IME they usually proxy and/or prefetch images for caching instead of blocking them. Only spam content is blocked by default.

        • fmstrat
          link
          fedilink
          English
          62 months ago

          This wouldn’t help, would it? How would you prefetch and cache:

          site.com/base64u-to-niceware-word-array/image.gif

          ? It would look like a normal image URL in any article, but actually represent data.

          Note: “niceware” is a way to convert binary or text data into a set of words like “cow-heart-running-something-etc”.

          • @[email protected]
            link
            fedilink
            English
            42 months ago

            If it’s prefetched, it doesn’t matter that you reveal that it’s been “opened,” as that doesn’t reveal anything about the recipient’s behavior, other than that the email was processed by the email server.

            • Prison Mike
              link
              fedilink
              English
              32 months ago

              Personally speaking, I’ve never been a fan of this method because to the hosting web server it was still fetched. That might confirm that an email address exists or (mistakenly) confirm that the user did in fact follow the link (or load the resource).

              I have ad and tracking blocked like crazy (using DNS) so I can’t follow most links in emails anyway. External assets aren’t loaded either, but this method basically circumvents that (which I hate).

              • Eager Eagle
                link
                English
                2
                edit-2
                2 months ago

                an email for a receiver that doesn’t exist, more often than not, goes back to the sender after e.g. 72h. That’s by design.

            • fmstrat
              link
              fedilink
              English
              22 months ago

              If by prefetch you mean the server grabs the images ahead of time vs the client, this does not happen, at least on amy major modern platform that I know of. They will cache once a client has opened, but unique URLs per recipient are how they track the open rates.

            • fmstrat
              link
              fedilink
              English
              12 months ago

              But the path changes with every new data element. It’s never the same, so every “prefetch” is a whole new image in the system’s eyes.

              • @[email protected]
                link
                fedilink
                English
                22 months ago

                Even with a unique link, if the behavior is that as soon as the email server receives it, it’s prefetched, what does that reveal about the user?

                  • @[email protected]
                    link
                    fedilink
                    English
                    12 months ago

                    Cool, all of your images are getting fetched by the server as it receives and processes the emails. You have 100% open rate on all emails to that domain within 3 minutes of send.

                    What do you know about the user and their behavior? Nothing. The prefetch is not tied to their actions, therefore you cannot learn anything about their actions.