tl;dr: We built this site on a really tight time constraint, and had to use Blue State Digital to process emails and store personal data, hence the tracking codes.
I helped build stopwatching.us as part of the coalition of organizations and individuals in support, and thought I'd give a quick bit of insight into why the tracking stuff is in there.
When we came up with the idea for the site last Friday, we quickly realized that one of the trickiest parts to manage would be the privacy policies of the different organizations involved. There's over 80 different partners, and about 6 different core organizations involved. Mozilla and EFF in particular have really stringent legal conditions and privacy policies for any sites they promote, and we needed to make sure we abided by them.
On Mozilla's end we needed to have some way of collecting and storing emails and personal information that would get through their legal department quickly. Since they've used Blue State Digital in the past and screened both their technology and privacy policy, that was deemed the fastest way to make things work.
BSD includes things like the email tracking code automatically, and as far as I know there's not an easy way to strip that stuff out. Hence the tracking stuff in the emails.
I am very glad that Mozilla takes privacy so seriously. I am glad it was a conscious decision. Also: I noticed the tracking codes in the email using Mozilla Thunderbird.
By the way: the email I got was probably sent to Mozilla supporters, not to StopWatching.us signatories (although it seems they use the same From address).
However, in the light of this privacy crisis, I think Mozilla should take time and think some more of what could be done.
It doesn't look good anymore that the fastest solution was to choose a technology provider that uses recipient tracking. It is bad that BSD privacy policies probably don't stand a chance against a government request with a gag order. I can only hope that the privacy policy treats US and non-US citizens alike. I can also hope that the screening checked that BSD systems don't store too much data about the recipients.
Thank you. Mozilla is a force for good. Mozilla have done nothing to show they are not worthy of our trust and you demonstrate that we have no reason to question it still.
Email itself is 100% insecure. You should assume that 100% of your email is available to the intelligence community. (There's a reason Petraeus never sent any email to his mistress. According to William Binney, the NSA keeps copies of all emails sent to or received in the US.) So, they already know this email was sent to you.
Stopwatching.us is going to present your signature to Congress anyway. If you're paranoid about the US government, it doesn't make sense to sign the petition.
The only additional data they can receive from this innocent tracking code is that you read the letter (if you decided to display images) and that you clicked on a link (if you in-fact did).
The intelligence community could conceivably do a lot of terrible things with everyone's phone records, everyone's Facebook data, everyone's Google searches... but if you want to remove measurement completely from the web, that's a bridge too far.
Where you see "innocent tracking code" some people see "exploiting a hole in the way a piece of technology works to obtain information about people that they don't expect you to be able to obtain, and never gave you permission to collect"
1.) Whether an email was opened
2.) When it was opened
3.) What IP was in use when it was opened
Is not public.
The fact that the sender of an email can exploit a loop hole in the technology so that they can gather that information, and the fact that it is commonly exploited to do so, does not make it ok.
I would agree with your Sherlock Holmes analogy, but only if being "naturally more observant" falls within the category of climbing through somebodys bedroom window, hiding under their bed and observing what they're doing without them knowing you're there.
Unless you're using tracking mechanisms such as the discussed in the post, the only information the sender has is that the destination SMTP server acknowledged the delivery.
After that, you know nothing. The mail could be deleted straight away and never delivered to a mailbox.
I think it's a valid point, specially when this is part of a campaign for privacy. Is it that important for Mozilla to collect that information?
I think most news sources simplified: what he did was write draft emails, then they would use the same account and read the drafts then delete them -- leaving no email.
And he was reportedly caught because an investigation into Paula Broadwell's email address, as the sender of threatening messages received by Jill Kelly, led back to David Petraeus.
As far as I understand, the argument is that, by not actually reading emails or listening to phone calls, but merely observing who communicated with whom, they're abiding by the law but getting quite a lot of information anyway. I don't know what you can do about phone calls, but for emails, email clients could simply send a stream of emails at random intervals to everyone in our address books. If you encrypt the email it's easy to set an ignore flag. Thus actual communications would be masked.
Mozilla is effectively the only player in the browser space that I still feel I can trust not to have commercial motives to hoover up data about me. That's why I've switched to Firefox since the NSA scandal started.
I think they could do worse, strategically, than take a strong, consistent stance throughout their product(s) and communications, to make Mozilla the browser and email client of choice for those who don't want to leave a huge slimy trail of cookies and web bugs for anyone who's interested to track.
Worth noting this is not saying that either Safari or Chrome are worse browsers in general, or that they have security holes to feed the NSA machine - but any piece of data that a US company has about you is a piece of data that could be passed to the NSA under a FISA order, or even a future law change a decade away from now.
The fewer of those pieces of data you create, the better, imho.
Mozilla are the only ones without a hidden modus operandi. They make a web browser and have become the organization to trust because their mission is make the web a better place. Google want to sell ads and do everything in their power to bombard its users about whom they so desperately needs to know everything. Apple and Microsoft are busy creating lock-in. I don't actually understand how any one knowing about these and knowing what a force for good Mozilla strives to be could possibly use anything but Mozilla products. We are implicitly telling these companies that we accept their behavior. The same attitudes about deomcracy, "how can my single voice mean anything", applies just as much to corporations and using their products and sending money to them. It's a plague and we can work against. You just have to (at least in the context of this thread) spend a few seconds to go back to the browser with your interests at heart and quit destroying the web for the rest of us.
Very good analysis! also mozilla can be more safer?! yes indeed..
but he got a good point too.. there's a bad behaviour and culture of trying to watch of what you are doing on your behalf, without notice.
What we let them(anyone outside) note about us.. should be our decision..
.. you click a button, you sign a contract.. data should not "escape" from us.. this is a bad behaviour, and its contagious.. US companies are full of it.. its not just a government issue.. companies have been doing this for years.. with different purposes than government..
This is just the beginning of the unveilling of a bad behavioral pattern that must stop, period.
Nobody is giving a #$% about our privacy and our rights, because they are being served of you and me in a silver plate and this make them more powerful and rich.. even if they are "the good guys".. everybody must stop..
My purpose with this post is not to expose Mozilla, but to show how deep many of us are in this business. I admit I am guilty of similar practices myself.
I think we should use this privacy crisis to stop and rethink what are we gathering about our users, how are we doing it, can we really guarantee their privacy in our countries and on technological platforms we use.
If you really care about your users, think before gathering any of their data. It may end up somewhere you or they do not want.
You should point that out in your article. You should also point out the fact that you are using multiple 3rd party services that are far more questionable then what Mozilla uses on your page, allowing them to track your readers.
> I admit I am guilty of similar practices myself.
That's all well and good, but the article doesn't reflect that in the least.
I think so. At least I would like to have added "please" at the end.
I am sorry. My only excuse is that my two kids were running around disturbing my ability to focus.
BTW: I am a big fan and a user of what you do. I think Firefox OS is one of the technologies that will help us reclaim some of our freedoms and privacy back.
Or why do you even need to track? I have disabled tracking in my web server and I am not really feeling missing out on the user statistics on my puny blog.
There's also the possibility of saving the data for a shorter time period if you really need it, like to detect attacks and such.
Only the HTML version of the newsletter uses tracking links. If you want "tracking-free" e-mails from Mozilla, sign-up for the plain text version. See https://bugzilla.mozilla.org/show_bug.cgi?id=772788 for details. :)
Where do we draw the line as companies in terms of user data collection? Should we stop tracking our users entirely?
Government eavesdropping aside, I see the internet as just another form of communication. Anytime you talk to someone, you are entrusting them with whatever you are communicating to them. If you knew a friend doesn't keep secrets well, you probably wouldn't tell them any secrets. When Mozilla sends you that email with the tracking links, you are entrusting them with that data, and are hoping that the data leads to a better relationship between them and you or offers some mutual benefit.
What is different in internet communication is that it is hard for a user to determine what company is trustworthy and when that trust has been violated. Most users also simply don't care when that trust has been violated - no one should like that their user data at some level is sold to advertisers by Facebook, but that won't stop them from using it (I myself am guilty of this).
Should tech companies not collect user data in the fear that a 3rd party may one day steal that data? Or should they not collect user data for some other reason?
Mozilla observing the effectiveness of their campaign is not the same as building a complete profile on you. This is quite different from using a phone with Android or iOS or using Chrome whose primary goals are such. Be safe out there, use Mozilla products and have a little faith. Mozilla is the only mainstream force for good in its area.
Is Mozilla really "watching" you? Or perfecting their UI design flow? Considering they are one of the groups who created StopWatching.us I would imagine it's the latter.
That tracking image is just trying to see how many people opened the email. And yes, they can tell you opened the email. So what?
The tracking of links is simply trying to gauge popularity for each link in the context of what the email was about.
The reason they're watching you click things in the email you willingly signed up to receive, is because they want to keep you as a subscriber and not anger you by sending pointless emails that you never interact with.
You're wanting to do away with the whole concept of analytics.
Though I've often pondered over the implications, I'm not convinced that not gathering analytics is the solution here. This is not too far from the debate about AK-47 - would it be better if the gun had never been invented? How about nuclear power?
The point is that analytics are the way of the future, the differentiation lies in the purpose for which you leverage them.
But as systems become more aware about the profiles of their visitors - it will become easier to ascertain who the specific individual is that is accessing your site. In some cases, this is already a possibility.
Now imagine a marketplace where Google, Facebook (or somebody that can connect an authenticated user to a digital "fingerprint" of their machine based on browser metrics, installed fonts, ip address, etc.) can answer the "who" question for partner sites willing to buy that information. Visitor-identification as a service.
Is this not exactly what Facebook, Google, and Twitter do with their tracking cookies? They figure out what you are interested in based on analytics regarding the sites you visit (obtained through multiple different methods), then sell that data to advertisers.
They sell access to those people. They don't provide specific identity information about those individuals. The Facebook example I posted shows how somebody was able to specify granular-enough parameters to focus on one individuals, but this type of targeting wouldn't work for everyone. I can imagine a day when this type of targeting is offered more-proactively.
No. Tech companies generally do not sell your data. They use your data internally to figure out what ad categories to show you. Advertisers can specify that they want their ads shown to people with certain interests. At no point does data about what you do on Facebook leave Facebook's control.
Having a email-specific link is not aggregate data; that can potentially be used to identify the user. Aggregate data would be a campaign-specific link that doesn't identify the user, such that a click from any person looks equal.
In double checking, at least it appears that they don't do this for some of their mailing lists; the mozillians.org stuff appears to have unmolested links.
I think that's dependent on what is stored. Sure the link enables them to capture a whole lot of data, but if an agreed standard of 'tracking data' was all that was stored. I think that would be an improvement.
EDIT: Similar to how we capture credit cards. Often the provider could capture and store everything, and publish it online if it liked. But generally (due to law, and standards) they are either passed off to a payment provider or stored with a certain level of security.
I don't think it is necessary in this case for Mozilla to even be in possession of transiently-non-aggregate data, though. If they want to analyze click-through rates or whatever, they can have URLs that are constant across users and not lose any data. For credit cards, the payment processor must have the unique card information, so collection is warranted in that case, even if they are never stored.
That is: since I have no insight into what happens to the data once it reaches their servers (outsourced to an external analytics platform), I object to them collecting it unnecessarily in the first place. Storage does not come into play, since while I trust Mozilla I don't trust the third-party, no matter how much Mozilla claims to have vetted them.
I wonder if I was the only amused by the OP's use of Quantcast for tracking on that page, as well as allowing other 3rd parties like WordPress, Twitter, and IntenseDebate to track users as well.
The point is well and good, but those in glass houses should be careful when throwing stones.
Part of the problem is that it so many of the tools available have tracking embedded in them. The mozilla guy who posted about how this came to be hit on it - they used a service for email that tracked by default and made it difficult, if not impossible, to disable the tracking.
This situation is the inevitable result of an industry that is built on advertising dollars. All of the tools are designed with that in mind and they crowd out tools that don't support that business model.
I have cut out Google Analytics include from my blog code after I wrote the post. Now I see that I will have to switch off IntenseDebate comments as well.
You are overreacting, not to mention reaching the wrong conclusions from these NSA reports. The problem isn't measurement, that is a cornerstone of engineering (and of everything else really), the problem is government overreach.
The problem is opt-out instead of opt-in. If measurement and tracking are so benign, tell people you're doing it and allow them to agree or disagree, on an opt-in basis. Otherwise, it's not benign.
I helped build stopwatching.us as part of the coalition of organizations and individuals in support, and thought I'd give a quick bit of insight into why the tracking stuff is in there.
When we came up with the idea for the site last Friday, we quickly realized that one of the trickiest parts to manage would be the privacy policies of the different organizations involved. There's over 80 different partners, and about 6 different core organizations involved. Mozilla and EFF in particular have really stringent legal conditions and privacy policies for any sites they promote, and we needed to make sure we abided by them.
On Mozilla's end we needed to have some way of collecting and storing emails and personal information that would get through their legal department quickly. Since they've used Blue State Digital in the past and screened both their technology and privacy policy, that was deemed the fastest way to make things work.
BSD includes things like the email tracking code automatically, and as far as I know there's not an easy way to strip that stuff out. Hence the tracking stuff in the emails.