Privacy and consumer groups are asking that the U.S. Federal Trade Commission require software makers to close a security loophole in their browsers that enables people who read unsolicited e-mails to be tracked without their knowledge.
A letter and a detailed report of the security hole this week was sent to the FTC by organizations including the Electronic Privacy Information Center, Electronic Frontier Foundation and antispam group Junkbusters.
The problem affects people with e-mail readers formatted in HTML, which includes popular programs such as Outlook, Outlook Express, Netscape Messenger, Eudora and Hotmail, according to a report, written by security consultant Richard Smith.
Most people know that when they visit a Web site it creates a cookie or a unique serial number, which allows their surfing behavior to be traced. However, many people do not know that a cookie can be created when they read an unsolicited e-mail via a Web browser, Smith says.
A cookie is created when users read a message with graphics in it, such as a banner advertisement off the Web. These banner ad companies typically "hide" the recipient's e-mail address in the Web address of the graphic, so that their servers can later match the cookie to the recipient's e-mail address, Smith says.
This information is often sold to spammers, or senders of unsolicited commercial e-mails. "It's intolerable that e-mail can be used to silently zap a nametag onto you that might be scanned by a site you visit later.
It's like secretly bar coding people with invisible ink," Junkbusters President Jason Catlett says.
The problem could be solved if Microsoft and Netscape closed the security hole in their browsers, Smith says.
RELATED LINKS
