Valued Contributor

Image/Pixel/Web-Beacon Tracking by Spectrum

I am noticing intense usage of image/pixel/web-beacon tracking through service emails lately, sometimes through non-secure domains and/or third-parties. My list of senders includes financial institutions, credit bureaus, airlines, online travel agents, mobile service providers and Spectrum.

I regularly receive my payment confirmed emails infested with tracking images that are sending unknown data to Spectrum server every time I open those emails. I consider the use of tracking pixels image in essential service emails as unwanted, deliberately hidden to collect data, and unauthorized invasion in to my privacy. Spectrum is also a better judge here as to where exactly it originates from, and clearly it made its way into my non-Spectrum em ail in a non-Webmail and non-browser dependent fashion, unlike cookies, without any prior disclaimer, which is becoming an industry standard for them after GDPR and CCPA. This being automatic opt-in, invisible, lacking disclaimer of prior authorization, with no option to opt-out is not an acceptable situation in any sense.

I am aware of

1. total image blocking from my email

2. using pixel blocking add-on in the browser,

3. use of mail client with pixel tracking blocking capability.

But an easier solution could have been the senders stopping this hideous practice, to get my trust back. After 6 weeks of denial, attempt to reach me over phone which I asked to keep private, or asking me to call, semi-admission, complete indecision and inaction from the Spectrum support team, I am here again to have a discussion and a few suggestions/comments. Thank you.

10 REPLIES 10
Sharer

Re: Image/pixel/web-beacon tracking

This is a peer to peer forum. Contact Spectrum by phone or social media directly.
Valued Contributor

Re: Image/pixel/web-beacon tracking

"This is a peer to peer forum."

In theory, yes. But highly moderated. And the best way to reach out to my peers IMHO, as the issue is affecting everybody.

 

"Contact Spectrum by phone or social media directly."

Tried phone, email, snail mail and this forum.  And I do not use social media.

Thank you.

Valued Contributor

Re: Image/pixel/web-beacon tracking

I was just told that the emails alerts after credential changes in the Spectrum online account contain tracking tools as well. I personally opted out from the promotional emails, so would appreciate any input.
Valued Contributor

Re: Image/pixel/web-beacon tracking

Dear Fellow Spectrum-ers,

Here are a few things to consider about tracking through images/pixels/web-beacons:

  • Secretive unlike ads, analytics or spams; no disclaimer unlike cookies
  • Cannot be easily be blocked by browser/CookieManager/AdBlocker/SpamKiller
  • Data storage: where, how long, shared with whom, can I have a copy?
  • Possibility of interception, eavesdropping and man-in-the-middle attack
  • Considered as pre-hacking tool to probe network infrastructure
  • Presence in essential service emails (I do not pay my phone, internet and TV bills to be tracked)
  • Users do not seem to have ability to object to tracking or review/remove data
  • “In its current prevailing form, we expect email tracking to be categorically prohibited under the GDPR without express user consent.” ~https://www.gdpreu.org/
  • Similar states laws already effective/under review in many US states
  • Potentially gives away information about:
    o OS, desktop/mobile device
    o Browser or mail client
    o IP address
    o Time
    o Activities on the websites during a session
    o Screen resolution
    o Personal Identifier - campaign/account/device

Best Regards,

 

Dear Spectrum,

Any thought, discussion or measure to eliminate tracking through essential service emails?

Thank you in advance,

Valued Contributor

Re: Image/pixel/web-beacon tracking

Hello again,

When you change your bill delivery preference (paper/paperless), you get a confirmation email with a tracker (at the bottom of the screenshot, in yellow) that phones home to hxxp://click.sc.spectrumemails.com/wf/open?upn=xxxxxxxxx

 

Spectrum-Paperless-Screenshot-2020-01-23-213312.jpeg

Valued Contributor

Re: Image/pixel/web-beacon tracking

As I, and presumably everybody else, continue to get web beacons through automated essential emails from Spectrum and hear nothing but silence, I would like to point out that the pixel tracking sub-domain is not encrypted, unlike most of the other trackers I came across, and thus the communication is prone to eavesdropping without deep packet inspection and direct man-in-the-middle attack. Together with default Spectrum email settings allowing image autoload and HTML view of the email content, this sounds like an ideal combo exposing our online presence to hacks by our own ISP, who is presumably providing us with a secure internet.

Valued Contributor

Re: Image/pixel/web-beacon tracking

Here is an article describing tracking pixels as pre-hacking tools: https://www.bleepingcomputer.com/news/security/email-tracking-pixels-used-for-pre-hack-info-gatherin...

Safe emailing!

Valued Contributor

Re: Image/pixel/web-beacon tracking

Here is a part of the conversation, with the person who was banned for posting about web beacons:

Spectrum: "We do not track customer behavior outside of our portal (website) or webmail platform. Should an email message originate from a platform that inserts beacons/third party trackers, it may reside on our email platform and contain a beacon/third party tracker, but that beacon would not be inserted by Spectrum. This information was given to us by our product teams."

OP: "So, 1. Do we conclude that Spectrum does use web beacon in Webmail? 2. I do not agree with the rest of your statement. I do not use Webmail, and my non-Spectrum email receives tracking tools regularly that my mail client needs to detect, block and display."

 2 is still true.

Highlighted
Valued Contributor

Re: Email Security: Spam, Phishing and Hoaxes

Suggestions for Spectrum/Mods:

1. Doesn't injecting web beacons count as breach of email security? If so, Spectrum needs to  stop tracking customers by removing these from service emails.

2. A major security issue originates from image auto-loading and reading emails in HTML. Spectrum needs to  stop keeping its email system vulnerable by default. Please change these settings in Spectrum mail.

3. Mods need to stop removing posts for no apparent reasons. If desired, make threads like this sticky to begin with, so that they are closed for further comments. Post containing 1 & 2 above was removed from an originally non-sticky, open and unlocked post, which was locked afterward.