moveon.org’s privacy violations

One of the great privacy features now activated by default in Mozilla’s Thunderbird email client (which I thoroughly recommend) is that it blocks loading of remote images in emails. This is a good thing. Why? Well, spammers, fraudsters, and unscrupulous companies mass emailing their customers just love to know for sure whether or not their emails have been read.

One way they can do this is using a tiny image know as a “web bug“. By quietly loading a one-pixel transparent image in the bottom of an email, via a specially crafted URL with a unique identifier, the sender of the email can, with no permission from the recipient, verify that the email has been read, that the email address is valid (this is really bad news if it’s spam, since valid email addresses are valuable and will be sold and spammed even more). It is also possible for the sender to track when the message was read, and where the recipient was at the time they read it, by recording the IP address of the computer the recipient was using at the time.

I’ve become quite accustomed to seeing the alert Thunderbird pops up to tell me that it has blocked remote images to protect my privacy. After all, quite a few companies legitimately add remote images with no tracking capability to emails – for example their logo. So, when clearing through a few unread messages from earlier in the week, I almost didn’t give this a second thought…

Screenshot of the Thunderbird email client blocking a webbug tracking image in an email from moveon.org

But for some reason I thought “that’s odd” and so I had a look at the html source of the message. To my surprise, this is what I found three lines from the bottom:

<img src="http://open.moveon.org/o.gif?id=9508-1945452-_97SI0eV1lc9R" HEIGHT="1" WIDTH="1">

That’s right, it’s a web bug. (I removed the end of the tracking code.)

The irony of moveon.org – which do some great work – campaigning to “stop AOL’s email tax“, and “save the internet” whilst at the same time using the exact same invasive methods of email tracking as spammers and fraudsters would be laughable, if it wasn’t so sad. Having worked on numerous campaigns and digital organising projects myself, I find the use of email tracking by a progressive campaign quite a despicable abuse of privacy.

If you’re reading this, Eli, I suggest you first of all apologise directly to the 3 million or so members whose trust you have violated, destroy any tracking data you are storing, and most importantly don’t do it again.

3 Responses to “moveon.org’s privacy violations”

  1. Gravatar Image

    bam! investigative reporter matthew carroll strikes again! :) nice one..

  2. Gravatar Image

    Why does it matter? I mean, they simply want to know how many people have read there newsletter. It helps them to able to communicate more effecively.
    Perhaps it is personally identifyable, perhaps not. Either way I don’t see how it contridicts their work which you linked to.

  3. Gravatar Image

    It matters because it is deliberately hidden, and takes place without people knowing about it. It matters because I didn’t consent to them knowing when, where, and from what IP address I read my email. If the sender of an email wants to know if I read their message, they should ask me, not try to spy on my email reading habits. moveon.org of all groups I receive mailings from should be well aware of the need to respect people’s privacy, so I hold them to the highest standards, and in this respect, they have failed to live up to my expectations quite disappointingly.

Leave a Response



XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>



  • Search
  • Meta

  • Old Browser

    It seems you are using an old web browser (e.g. Internet Explorer 5 or below). This is a security risk to you, since Microsoft no longer releases updates for old versions of Internet Explorer. Also, note that this site is designed to modern internet standards, and the layout may appear strange or plain in older browsers. All the content is still accessible to you, but I strongly recommend you upgrade to a modern, safe, standards-complient browser, such as Firefox. For more information on getting the best experience surfing the web, see browsehappy.com.