Ryan Hamel <ryan@rkhtech.org> wrote:
For you to say, "my privacy has been sold", is simply not true.
I agree with you somewhat about tracking links. They only spy on a person when that person tries to follow them. I do find it much less useful to read mailing lists that include references to external resources that I decline to access, because I don't want to follow bugged links. But the "web bugs" that I mentioned as a second default-on Mailchimp tracking technology ARE specifically designed to be triggered any time a recipient reads a message in an HTML-based web browser. Back when postal mail was the default, senders had no idea whether the recipient opened, read, or forwarded a letter, versus tossing it into the fireplace as kindling. Society carried forward that expectation when postal mail was gradually replaced by electronic mail. Ordinary email senders don't know if you have read their message (unless they get social clues from your subsequent actions, just as with paper mail). Tracking was never part of the Internet email protocols; it was glued-on by abusing HTML email features and making unique URLs sent to each recipient, whose corresponding web server logs when they are accessed. These email tracking technologies deliberately violate the social expectation that reading a letter is a private act. They produce detailed records of the private, in-home or at-work activities of every recipient. They do all this covertly; you will not find a MailChimp mailing list message plainly telling you, "If you want to safeguard your privacy as an email reader, do not open these messages, because we have filled them with spyware." That would produce too many unsubscribes and too much outrage. Instead, a recipient has to be technically sophisticated to even notice that it's happening. (Many bulk email senders also don't know that their emails have spyware quietly inserted into them as they are distributed. I have engaged on this topic with many nonprofit CEOs and marketing executives, who really had no idea.) Those detailed email-reading and link-clicking records are not just accessible to the sender. There's an agency problem. They are kept and stored and sold by the intermediary (MailChimp), both individually and in bulk. They are accessible to any government that wants to ask, without a warrant, without probable cause, in bulk or individually, since they are "third-party" records about you, like your banking records or license-plate-reader records. They are accessible to private investigators via data brokers. They are accessible to any business that offers a sufficiently attractive deal to MailChimp -- places like Google or Facebook who make billions of dollars a year from tracking people to manipulate them with advertising. And wouldn't you like to know just which emails your competitors' engineers and executives are reading, and when, and where, and how many times, and whether they forwarded the messages? (I've often wanted the Google Detective Agency, that I could merely pay to tell me what my wife or my competitor or that rude guy who insulted me is searching for on Google, what web pages they are looking at, what emails they are reading or sending, and exactly where they are navigating in their car or on their bike or on transit. Google has all this information; why won't they sell it to me? They definitely sell it to the government, so why not to me? It's amazing to me that people treat Google like Santa Claus giving them free gifts, when it's really like an NSA.gov that is unencumbered by laws or oversight. MailChimp isn't as bad as Google. Its scope is smaller, but its defaults are deliberately bad, and it's created quite a honeypot of trillions of records about billions of people. The point is that besides being a gross violation of the personal privacy of the home and office, this data also has real commercial value. I suggest that as a technically aware organization, NANOG.org should not be creating detailed spy dossiers on its members who read emails, and then letting its subcontractor MailChimp sell or trade that info out into the world. John Gilmore