Feedback on Ducky and defeating DidTheyReadIt

After our recent discussion about DidTheyReadIt, Jim Michael wrote: "As an e-mail administrator for a midsize government organization, a service like DidTheyReadIt.com is not a welcome idea. At first I thought of several ways of preventing our proxy server from allowing access ..."

A few weeks ago we mentioned that the headers of JPEG images created by Adobe's Photoshop image editor contain three tags - JFIF, Adobe and Ducky - indicating the file is in JPEG File Interchange Format and produced by an Adobe program called Ducky.

We asked if anyone knew why Ducky should be the program's ID. Reader Bill Verzal suggested we go to a certain page on Adobe's Web site for some details.

This page tells us the reason for this eccentricity is that developers have a rubber ducky obsession. If you have Photoshop, check out the page and try the Easter eggs - it is obvious that those coders were clinically obsessed.

Un petit divertissement (as the French would have it) - Bill's signature reads: "There are only 10 types of people in the world: Those who understand binary, and those who don't . . ."

After our recent discussion about DidTheyReadIt, Jim Michael wrote: "As an e-mail administrator for a midsize government organization, a service like DidTheyReadIt.com is not a welcome idea. At first I thought of several ways of preventing our proxy server from allowing access to didtheyreadit.com (all browsers here must go through a proxy to reach the Web, and thus the HTML messages while being rendered are also subject to the proxy's rules), but I could see some holes in that approach. Then a colleague said 'why not simply put didtheyreadit.com in your DNS, pointing at a bogus address?' Brilliant! If the image can't be resolved to the server holding it, tracking doesn't work and life is good again."

Chris Miller came up with a similar solution: "I went about gathering the information on DidTheyReadIt through SMTP tracking (and mail body properties) instead of capturing it through Winsock. As one of Lotus' largest application service providers, DidTheyReadIt is a concern because this type of tracking is not acceptable. As you know, with Notes you can work offline and not have the perweb.nsf database pull the image file, but this was still not acceptable. So we stopped connections from rampellsoft.com servers entirely through reverse DNS look-ups and blocklists. It has worked well so far. I consider you knowing when I read my e-mail just like finding out when I got your voice mail and how many times I listened to it. I can see the conversation now, 'Yes, Mom, yes, I did get it. Yes, I listened to it twice for 48 seconds.'"

Lyman Chapin pointed out that "Gearhead's description of how DidTheyReadIt works neglected to mention that mail recipients can easily defeat the system by selecting 'Block loading of remote images in mail messages' (or equivalent in other mail clients; I use Mozilla/Thunderbird on a MacOS X system) in e-mail client preferences. Not everyone, of course, thinks that DidTheyReadIt amounts to spyware, so not everyone will be interested in knowing how to block it."

With Outlook this setting can be found under Tools | Options | Security | Change Automatic Download Settings, where you can specify that pictures or other content should not be automatically downloaded in HTML mail. There are also options to permit automatic downloads for messages from addresses listed in Safe Senders and Safe Recipients or from Web sites included in the Trusted Zone.

An oddity in the same section is the option, "Warn me before downloading content when editing, forwarding or replying to e-mail." We have this checked but it appears not to work. Does anyone have any idea what is going on here? Is this just a run-of-the-mill bug? Or is it one of those features that requires you to sacrifice a chicken before it works?

Our last feedback comes from reader Rick Matthews, who also pointed out the Mozilla option and added, "Some major vendors seem clueless to the large number of users they miss by insisting on loading images from remote servers. Buy.com regularly sends e-mail ads with no useful content other than that in remote images. They offer no alternative for customers wanting their ads. There is no option for non-HTML e-mail, and there is not even an option to click through for a version of the ad on their Web site. At one time, I bought regularly from buy.com, but I have not made a single purchase since they started this practice. What are they thinking?"

An interesting point. We doubt that a professional marketing organization would blindly use a technique without knowing if it was effective. Makes you wonder if they are using some variation on the remote image-loading technique to measure online user behavior.

Suspicions to gearhead@gibbs.com.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT