Fun_People Archive
2 Mar
Beware "live" message content.


Content-Type: text/plain
Mime-Version: 1.0 (NeXT Mail 3.3 v118.2)
From: Peter Langston <psl>
Date: Mon,  2 Mar 98 14:11:34 -0800
To: Fun_People
Precedence: bulk
Subject: Beware "live" message content.

Forwarded-by: Nev Dull <nev@bostic.com>
Forwarded-by: glen mccready <glen@qnx.com>
Forwarded-by: Tom Spindler <dogcow@home.merit.edu>
Forwarded-by: Clifton Flynt <clif@cflynt.com>
Forwarded-by: Dave Farber <farber@cis.upenn.edu>
Forwarded-by: Cypherpunks Lite <cp-lite@comsec.com>
From: Anonymous <anon@anon.efga.org>

I just had my on-line pseudonym outed to my company's VP of marketing, with
potentially serious internecine political consequences.  It didn't even take
an AOL customer service rep to do the dirty deed.  Here's how it happened.

I have an account unconnected with work, for personal mail, on a machine
run by a friend in my wife's department at the local college.  From this
account, I speak my mind about my political views, my employer's spamming
of their rather loosely defined lists of "customers", etc.  I don't do that
from my work account because I don't want any confusion about whether I am
speaking for the company or not.

Evidently my mention of my displeasure with my company's spamming hit a
nerve with marketing.  They sent a message to my off-site address (along
with those of other critics about whom they wanted to know more).  It was
an HTML message with an embedded IMG tag.

Last night about midnight, I downloaded my off-site mail with Netscape.  (I
was still at work because our team is debugging some killer database
problems.)  When Netscape saw that IMG tag, it happily connected to
marketing's "customer" tracking server, and downloaded the keyed graphic.

My boss just let me see the log he got from the marketing VP, showing
clearly that my workstation read the message.  The log was attached to a
strident call for my head from the VP.  Luckily, my boss agrees with my
attitude, as do all of my co-workers on the engineering side of the house,
and thinks I was in the right to use an off-site account.  But the political
fallout could be interesting.

Beware "live" message content.  If you don't, you may end up having to get
your company's entire marketing force fired to protect yourself.

Use mail readers that don't automatically process HTML and connect to image
servers, accept cookies, or run javascripts.  You are being watched by
tricky defective, er, detective types.


prev [=] prev © 1998 Peter Langston []