I don’t understand this sort of “right to track” that so many organizations seem to have. I don’t care if modern technology gives them a way to do it, I have a right to block or otherwise avoid loading whatever I want. Somehow 20 years ago businesses managed to judge how effective their communications/ads were without tracking; let them go back to that.
The article is quite specific in why Mozilla wants to track emails - email being sent to dead email accounts causes greylisting/blacklisting problems for them; they want to be able to unsubscribe inactive accounts, and the only way to determine account inactivity is through some sort of feedback mechanism.
"Somehow 20 years ago businesses managed to judge how effective their communications/ads were without tracking; let them go back to that.
reply"
I definitewly agree that the fix to a lot of the tracking/privacy issue are on the client end. But, the value on the other end is not the same regardless of tracking.
20 years ago (even 10-15) online ad markets were tiny, even relative to the number of users. It just wasn't possible to translate users into dollars in the way it is today. It's not a 20% difference, it's a large multiple. The Google & FB machines are powered by highly trackable advertising. FB ads were worthless before they made a big jump in trackability a few years ago. The "feedback loop" is the difference.
20 years ago, advertising was powering mostly entertainment, some news and such. Today, it's also powering driverless car research, OSs, VR...
Indirectly, a lot of the startup boom is funded by trackable ads. Trackable ads translate "really popular, lots of DAUs" into "potential unicorn" on the backs of many envelopes which later get filled with cash. Feedback loops make this possible.
I'm not argueing against privacy. I actually agree with you. Clients (email clients, browsers..) should enforce privacy, serving users not advertisiers.
I'm just being realistic about the scale of the issue. Online, advertising is tracking. Advertising-tracking is at the heart of consumer technology's income & investment stream. If tracking goes away tomorrow,it takes a bunch of stuff with it.
20 years ago they made X amount of money, now they want to make more 2017 levels of money. Also society changed and people respond differently to old communication tricks.
I hear you – but think of tracking as a form of payment for consuming the product / service / content. You are not paying them – their advertisers are, and ads are more valuable the more tracking and attribution they come with. Data is money, and by blocking their access to data you are affecting their monetization strategy. I'm not saying it's right, I'm saying that's how the business model is set up because that's what consumers demand – paid browsers and media sites are niche or nonexistent.
The 'right to track' here is because Mozilla is getting blacklisted for sending to now-nonexistent addresses, and when they're blacklisted, it's hard to get off the blacklist.
As an example, one company I work for is on the blacklist RFC-Clueless, which blacklists you for not following the RFC and having the required default mailboxes (webmaster@, abuse@, etc). We use gmail, and it was a screw-up in their system - something I got them to fix about 2.5 years ago. Despite multiple requests to get off the RFC-Clueless list (their request link being obfuscated), they've done nothing about it. It's particularly galling that a blacklist that blocks you for 'being a bad netizen' is themselves an atrocious netizen.
So, if a client has an IT dept that subscribes to RFC-Clueless, there's simply no way we can send them email - it's very difficult for our sales staff to convince their contacts to start that conversation with their own IT, especially in the initial stages of the trial.
So I can understand that Mozilla might want to keep themselves off mailing blacklists, especially when they're sending mail to now-dead addresses that have previously asked for mail to be sent.
Even if there was a "right to track", then it would be the user who grants it.
Because it originates with the user, the user could refuse to grant it or revoke it.
The question for Mozilla is who are they accountable to?
These are not open source volunteers.
Mozilla can claim it is not a "for-profit" but its contributors are well-compensated, with salaries comparable to people working at the for-profit companies releasing web browsers. (Google Chrome was started by former Mozilla developers.)
"We are proudly non-profit, non-corporate and non-compromised."
Question: How much of this comes from donations and how much comes (indirectly) from sale of advertising (by "partners")?
They get about half of their total revenue ($12,429,238) from licensing royalties ($6,466,566) according to the 2015 filing.
Question: Are there really any incentives to serve users in ways that the companies releasing web browsers do not? Users want the tracking to stop. Would Mozilla have disincentives to help users in this regard?
There is no "corruption" being implied by the above. It is legal to pay high salaries and not pay taxes.
> I don’t care if modern technology gives them a way to do it, I have a right to block or otherwise avoid loading whatever I want.
Nobody has any rights whatsoever in this context, neither morally nor legally. It's all the law of the jungle, with the interested users perpetually a step ahead of advertisers, and the average user a step behind.
> Somehow 20 years ago businesses managed to judge how effective their communications/ads were without tracking; let them go back to that.
Well, they really didn't. And now that they've seen how much money they're wasting, it is no longer possible to feign ignorance.
But more important is the fact that the user's interests are not the total opposite of these publishers. Mpst companies publishing serious journalism on the internet, for example, barely break even. Any money they earn is directly invested in the product. Now you can obviously tell them to fuck off and they can't really stop you. But that's a collective action problem, like global warming or littering: if everyone follows your lead, everyone (including you) will suffer.
Many of the advertising practices of the last decade obviously went too far. But they were created not by collective greed, but panic. I wish we'd come up with a compromise that respects both users and creators.
I don't understand the problem: mozilla is basically saying "we need to track you, otherwise gmail/yahoo/hotmail thinks we are sending spam".
But if that's the case, isn't the problem the to aggressive spam filtering of gmail/yahoo/hotmail? _Or_ mozilla is really sending spam. But knowing them I don't think that's the case.
So the real problem here is that everyone is using gmail/yahoo/hotmail, and those providers have broken spam filters. They should fix them.
SMTP has a perfectly good verification mechanism. You send a VRFY request with an email address, and the server tells you if the address is valid. The trouble is that many mail servers don't handle VRFY requests, because spammers used them to explore the space of destination email addresses.
There's also "Disposition-Notification-To", which sends back a message when an email is read. Most real mail clients tell the user this is being done, and allow the user to decide whether they want to send back a receipt. Does Gmail support that at all?
This. SMTP is broken because EmailSPs have found people to be spammy - using verify and messages with zero content to find addresses of people not opted in.
Added additional ways to track for 'are we sure it is a user' is just another way that bypasses privacy to be able to send more email.
Solution? Get real leads, not just honeypots. Make your unsubscribe so easy. Keep customers active with promotions and products.
"One metric that some sites evidently use is email sent to accounts that are known to be inactive, which is seen as a sign of a spammy originator. This, seemingly, is where Mozilla has run into trouble. One way to avoid this problem is to track which recipients are actually reading their email; any recipient who doesn't look at any messages for a period of time can then be unsubscribed."
Shouldn't the sites bounce those emails in a way Mozilla can detect and therefore use to prune?
I seem to increasingly get unsubscribed from mailing lists because of not opening them, which is very frustrating.
Sometimes it's because I'm reading but not triggering their tracking mechanisms. Other times it's because I'm subscribed to lists that I only occasionally read, but want to have available for reference.
Either way: if I've actively subscribed to a list, I have some reason for doing so. I don't want to be unsubscribed!
I'd be happy to add my email address to some whitelist of 'assume I'm reading anything I'm subscribed to', if only it were possible.
Otherwise, maybe I need to forward mails to some service that will open them all in a browser, and trigger all the tracking pixels.
Sounds like they're talking about perfectly valid email addresses that just aren't being checked anymore. I'm sure most people have like half a dozen of those.
The real problem here isn't text-only email, or even Mozilla being concerned about not being able to track who is opening messages sent to its mailing lists. The real problem is that certain large webmail providers are making a hostile takeover bid for the fundamental infrastructure that email represents. The likes of Google have decided that their own interpretation of how email should work is more important than things like following standards and delivering properly formatted and correctly sent messages.
Been a while since this was fixed now, but I once discovered a method to track views of even plain text emails when the user was using Thunderbird - https://www.grepular.com/DNS_Prefetch_Exposure_on_Thunderbir... - thanks to the DNS lookups caused by URL pre-fetching. Same issue worked with various webmail implementations at GMail, Hotmail, Roundcube, IMP, and probably more. You can test your client for this particular flaw and many more at a website I built - https://www.emailprivacytester.com
Mozilla seem to be falling into the same trap as the internet in general, albeit a good long while later. Just a little bit of tracking here, how is that harmful? Just a little bit of tracking there, too. It's really not a problem. Telemetry this browser feature, Google Analytics that addon page. And like the frog in the pan of water, eventually we're all cooked.
"Don't be evil" is deprecated, Mozilla Manifesto #4 will be too, soon enough.
Those are both anonymized, though. That doesn't make it okay, necessarily, but that's a pretty clear line, so I don't think this is a frog in boiling water situation.
They also willing to have conversations with users about privacy in the open [0] [1], and both telemetry and Google Analytics can be turned off. (The latter is already turned off if you've enabled Do Not Track.)
Finally, Mozilla apparently spent a year working on a contract with Google before they even enabled Google Analytics [2], so it wasn't a matter of slapping Google Analytics on a page because they thought one page couldn't possibly hurt.
That being said, I'm skeptical of their use of Google Analytics, so I'm not trying to defend that. I do think it's unfair to imply Mozilla is carelessly following the rest of the web, though.
This leads me to believe that Mozilla may have recently been caught up in the same spamhaus spam-trap debacle as many others and was backlisted. They decided to send a permission pass email because if an open or click hasn't recently been recorded, there isn't really any other way for them to know which emails in their list are no longer active.
This also confirms my belief that one or more of the big email ISP's (yahoo, gmail, etc.) may have sold a crap load of their inactive email accounts to spamhaus recently. Doesn't matter if these once active emails did opt in to your list in the past, you will still get backlisted now that they are in the spamhaus spam-trap database.
I don't understand why the email providers don't simply shut down the inactive accounts. This would then result in a hard bounce to the sender allowing them to remove the emails from their list.
I think the whole "non profit" angle of Mozilla is suspect. When so much of their revenue is tied to search engines[0], they're really more of subsidiary than a charity.
That, and having the marketing person insist that they need message tracking to prevent being blacklisted is shady as hell. Mozilla has plenty of smart people who already know several other ways to skin that cat.
I see this a lot on HN, but how does that work in practice? nearly all common graphical email clients compose in HTML mode by default. Most signatures that I see contain at least one clickable link.
Do you just delete all emails from people who dare to use Gmail? Or Apple Mail? Or Outlook? Are they all horrible, horrible people not worth corresponding with?
It's funny how the entire privacy nightmare was finally avoided by a simple link to click once a year. This itself shows that such involuntary tracking has no useful purpose which cannot be achieved in a simpler manner that preserves privacy.
Who are the organisations keeping these lists of 'inactive' accounts and doing it in such a sloppy way that receiving text mail counts as not existing? I sure as hell haven't told them whether or not I use any of my email addresses. Isn't the solution to correct them, not to go along with them?
Surely Mozilla has enough clout to at least get a message to them rather than just throwing in the towel?
The problem is that they are Mozilla's competitor (Google - Gmail). It's not named explicitly but the dots are pretty damn obvious to connect, I think.
> not that there was really any need for more evidence that the email system is broken
Broken? Where? Is there a reliable open standard alternative to passing messages to one another with attachments, encryption, self-hosting, and local archiving as actual options on the table? And no, IMs are not an alternative for anything longer than a few lines.
Email is only "broken" if you don't use it properly.
Email is only "broken" if you don't use it properly.
Email is plenty broken today even if you do use it properly. In my various business interests, we frequently see mails bounced or silently dropped even though we were sending a legitimate message from one specific person in our business to one specific client or customer contact.
We get rejections because a big mail service provider like Google has deemed certain types of attachments unacceptable.
We get rejections because someone screwed up a blacklist and caught a server at a service provider we use in the net.
Sometimes we get rejections saying our content is unacceptable or whatever words they're using for that this week, when we are literally just sending a standard form tax receipt that we are legally required to provide to our customer!
If you aren't sending from a well-established system or with whatever extra levels of sender verification these services have deemed necessary these days, you're pretty much automatically going into someone's junk folder regardless of the importance, urgency or legitimacy of your message. I had literally never had a problem with legitimate business mail going into a recipient's junk folder until relatively recently, but in the last few years I've seen whole deals blown because a crucial meeting was happening abroad and information that we sent to a client in good time to meet their own prospects wasn't received and turned up in their junk folder that they hadn't thought to check (and this is with long-term clients we have exchanged literally thousands of messages with previously).
Email is broken, and the likes of Google have broken it, and we can and should lay the blame squarely at their feet.
I recently switched back to Mutt after 10 years of Outlook and OWA. It took a few months of constant tweaking, but loving it now. I can still load html email in a browser with one key if I need to.
with good documentation along with an active github repository and apparently welcoming community. i think there's even a Twitter account for "keeping up with the times."
I always explain tracking pixels to non-technical users and show them how to turn off image loading if they wish to. Every single one has chosen to do so. It's way past time for email clients to have this as the default for html emails.
Also have them opt-in when they sign-up to your newsletter, aka double-opt-in. Don't worry about those that don't opt-in as it's unlikely they'll read your newsletter anyway.
There should be email client's who only open images if they are attached.
I don't think any email client should try to load anything inside the html automatically if not attached.
and even than attachment images should be confirmed.
You don't need html email for that... you just need a trackable link. If someone hasn't actually come back to your site for years due to the mail you're sending out... should you really be sending them mail?
How did we reach a point where a technical write up is forced into a column 6 inches wide on my 32 inch monitor?
Why does practically every code snippet exceed this 6 inch width, requiring a scroll bar?
Why is there a 50-50 chance that this scroll bar will be so tall that it actually hides the code snippet, and the fastest way to read the bits of information which are the point of the entire write up is to pop open developer tools by inspecting the element and read the code directly from the html?
[+] [-] makecheck|8 years ago|reply
[+] [-] askvictor|8 years ago|reply
[+] [-] tinus_hn|8 years ago|reply
They’ll live.
[+] [-] netcan|8 years ago|reply
I definitewly agree that the fix to a lot of the tracking/privacy issue are on the client end. But, the value on the other end is not the same regardless of tracking.
20 years ago (even 10-15) online ad markets were tiny, even relative to the number of users. It just wasn't possible to translate users into dollars in the way it is today. It's not a 20% difference, it's a large multiple. The Google & FB machines are powered by highly trackable advertising. FB ads were worthless before they made a big jump in trackability a few years ago. The "feedback loop" is the difference.
20 years ago, advertising was powering mostly entertainment, some news and such. Today, it's also powering driverless car research, OSs, VR...
Indirectly, a lot of the startup boom is funded by trackable ads. Trackable ads translate "really popular, lots of DAUs" into "potential unicorn" on the backs of many envelopes which later get filled with cash. Feedback loops make this possible.
I'm not argueing against privacy. I actually agree with you. Clients (email clients, browsers..) should enforce privacy, serving users not advertisiers.
I'm just being realistic about the scale of the issue. Online, advertising is tracking. Advertising-tracking is at the heart of consumer technology's income & investment stream. If tracking goes away tomorrow,it takes a bunch of stuff with it.
[+] [-] agumonkey|8 years ago|reply
[+] [-] followmylee|8 years ago|reply
[+] [-] vacri|8 years ago|reply
As an example, one company I work for is on the blacklist RFC-Clueless, which blacklists you for not following the RFC and having the required default mailboxes (webmaster@, abuse@, etc). We use gmail, and it was a screw-up in their system - something I got them to fix about 2.5 years ago. Despite multiple requests to get off the RFC-Clueless list (their request link being obfuscated), they've done nothing about it. It's particularly galling that a blacklist that blocks you for 'being a bad netizen' is themselves an atrocious netizen.
So, if a client has an IT dept that subscribes to RFC-Clueless, there's simply no way we can send them email - it's very difficult for our sales staff to convince their contacts to start that conversation with their own IT, especially in the initial stages of the trial.
So I can understand that Mozilla might want to keep themselves off mailing blacklists, especially when they're sending mail to now-dead addresses that have previously asked for mail to be sent.
[+] [-] feelin_googley|8 years ago|reply
Because it originates with the user, the user could refuse to grant it or revoke it.
The question for Mozilla is who are they accountable to?
These are not open source volunteers.
Mozilla can claim it is not a "for-profit" but its contributors are well-compensated, with salaries comparable to people working at the for-profit companies releasing web browsers. (Google Chrome was started by former Mozilla developers.)
"We are proudly non-profit, non-corporate and non-compromised."
https://donate.mozilla.org/
Question: What makes Mozilla any more trustworthy to users than the other companies releasing web browsers?
Question: Why should they care about users any more than those companies?
Annual salaries from 2015 (reportable compensation from IRS Form 990):
https://static.mozilla.com/moco/en-US/pdf/2015_Mozilla_Found...Question: How much of this comes from donations and how much comes (indirectly) from sale of advertising (by "partners")?
They get about half of their total revenue ($12,429,238) from licensing royalties ($6,466,566) according to the 2015 filing.
Question: Are there really any incentives to serve users in ways that the companies releasing web browsers do not? Users want the tracking to stop. Would Mozilla have disincentives to help users in this regard?
There is no "corruption" being implied by the above. It is legal to pay high salaries and not pay taxes.
[+] [-] matt4077|8 years ago|reply
Nobody has any rights whatsoever in this context, neither morally nor legally. It's all the law of the jungle, with the interested users perpetually a step ahead of advertisers, and the average user a step behind.
> Somehow 20 years ago businesses managed to judge how effective their communications/ads were without tracking; let them go back to that.
Well, they really didn't. And now that they've seen how much money they're wasting, it is no longer possible to feign ignorance.
But more important is the fact that the user's interests are not the total opposite of these publishers. Mpst companies publishing serious journalism on the internet, for example, barely break even. Any money they earn is directly invested in the product. Now you can obviously tell them to fuck off and they can't really stop you. But that's a collective action problem, like global warming or littering: if everyone follows your lead, everyone (including you) will suffer.
Many of the advertising practices of the last decade obviously went too far. But they were created not by collective greed, but panic. I wish we'd come up with a compromise that respects both users and creators.
[+] [-] y0ghur7_xxx|8 years ago|reply
So the real problem here is that everyone is using gmail/yahoo/hotmail, and those providers have broken spam filters. They should fix them.
[+] [-] ordu|8 years ago|reply
[+] [-] Animats|8 years ago|reply
There's also "Disposition-Notification-To", which sends back a message when an email is read. Most real mail clients tell the user this is being done, and allow the user to decide whether they want to send back a receipt. Does Gmail support that at all?
[+] [-] smileysteve|8 years ago|reply
Added additional ways to track for 'are we sure it is a user' is just another way that bypasses privacy to be able to send more email.
Solution? Get real leads, not just honeypots. Make your unsubscribe so easy. Keep customers active with promotions and products.
[+] [-] ikeboy|8 years ago|reply
Shouldn't the sites bounce those emails in a way Mozilla can detect and therefore use to prune?
[+] [-] danohu|8 years ago|reply
Sometimes it's because I'm reading but not triggering their tracking mechanisms. Other times it's because I'm subscribed to lists that I only occasionally read, but want to have available for reference.
Either way: if I've actively subscribed to a list, I have some reason for doing so. I don't want to be unsubscribed!
I'd be happy to add my email address to some whitelist of 'assume I'm reading anything I'm subscribed to', if only it were possible.
Otherwise, maybe I need to forward mails to some service that will open them all in a browser, and trigger all the tracking pixels.
[+] [-] Grollicus|8 years ago|reply
[+] [-] ben0x539|8 years ago|reply
[+] [-] bzbarsky|8 years ago|reply
Maybe they _should_, but in practice they _don't_.
[+] [-] Silhouette|8 years ago|reply
[+] [-] mike-cardwell|8 years ago|reply
[+] [-] shabbyrobe|8 years ago|reply
"Don't be evil" is deprecated, Mozilla Manifesto #4 will be too, soon enough.
[+] [-] actuallyalys|8 years ago|reply
They also willing to have conversations with users about privacy in the open [0] [1], and both telemetry and Google Analytics can be turned off. (The latter is already turned off if you've enabled Do Not Track.)
Finally, Mozilla apparently spent a year working on a contract with Google before they even enabled Google Analytics [2], so it wasn't a matter of slapping Google Analytics on a page because they thought one page couldn't possibly hurt.
That being said, I'm skeptical of their use of Google Analytics, so I'm not trying to defend that. I do think it's unfair to imply Mozilla is carelessly following the rest of the web, though.
[0]: https://bugzilla.mozilla.org/show_bug.cgi?id=697436
[1]: https://github.com/mozilla/addons-frontend/issues/2785
[2]: https://bugzilla.mozilla.org/show_bug.cgi?id=697436#c14
[+] [-] 20years|8 years ago|reply
This also confirms my belief that one or more of the big email ISP's (yahoo, gmail, etc.) may have sold a crap load of their inactive email accounts to spamhaus recently. Doesn't matter if these once active emails did opt in to your list in the past, you will still get backlisted now that they are in the spamhaus spam-trap database.
I don't understand why the email providers don't simply shut down the inactive accounts. This would then result in a hard bounce to the sender allowing them to remove the emails from their list.
[+] [-] jstewartmobile|8 years ago|reply
That, and having the marketing person insist that they need message tracking to prevent being blacklisted is shady as hell. Mozilla has plenty of smart people who already know several other ways to skin that cat.
[0] https://en.wikipedia.org/wiki/Mozilla_Foundation#Financing
[+] [-] matt4077|8 years ago|reply
[+] [-] Sir_Cmpwn|8 years ago|reply
[+] [-] skrebbel|8 years ago|reply
Do you just delete all emails from people who dare to use Gmail? Or Apple Mail? Or Outlook? Are they all horrible, horrible people not worth corresponding with?
[+] [-] dingo_bat|8 years ago|reply
[+] [-] eponeponepon|8 years ago|reply
Surely Mozilla has enough clout to at least get a message to them rather than just throwing in the towel?
[+] [-] gcp|8 years ago|reply
[+] [-] ekianjo|8 years ago|reply
Broken? Where? Is there a reliable open standard alternative to passing messages to one another with attachments, encryption, self-hosting, and local archiving as actual options on the table? And no, IMs are not an alternative for anything longer than a few lines.
Email is only "broken" if you don't use it properly.
[+] [-] Silhouette|8 years ago|reply
Email is plenty broken today even if you do use it properly. In my various business interests, we frequently see mails bounced or silently dropped even though we were sending a legitimate message from one specific person in our business to one specific client or customer contact.
We get rejections because a big mail service provider like Google has deemed certain types of attachments unacceptable.
We get rejections because someone screwed up a blacklist and caught a server at a service provider we use in the net.
Sometimes we get rejections saying our content is unacceptable or whatever words they're using for that this week, when we are literally just sending a standard form tax receipt that we are legally required to provide to our customer!
If you aren't sending from a well-established system or with whatever extra levels of sender verification these services have deemed necessary these days, you're pretty much automatically going into someone's junk folder regardless of the importance, urgency or legitimacy of your message. I had literally never had a problem with legitimate business mail going into a recipient's junk folder until relatively recently, but in the last few years I've seen whole deals blown because a crucial meeting was happening abroad and information that we sent to a client in good time to meet their own prospects wasn't received and turned up in their junk folder that they hadn't thought to check (and this is with long-term clients we have exchanged literally thousands of messages with previously).
Email is broken, and the likes of Google have broken it, and we can and should lay the blame squarely at their feet.
[+] [-] purplezooey|8 years ago|reply
[+] [-] auvrw|8 years ago|reply
i noticed the updated name when running `mutt -h` one day and was pleased to find this page
https://www.neomutt.org/
with good documentation along with an active github repository and apparently welcoming community. i think there's even a Twitter account for "keeping up with the times."
[+] [-] crispinb|8 years ago|reply
[+] [-] rb808|8 years ago|reply
[+] [-] jordanlev|8 years ago|reply
[+] [-] z3t4|8 years ago|reply
[+] [-] 4lch3m1st|8 years ago|reply
[+] [-] merb|8 years ago|reply
[+] [-] bluedino|8 years ago|reply
[+] [-] grogenaut|8 years ago|reply
[+] [-] astrodust|8 years ago|reply
[+] [-] tomsthumb|8 years ago|reply
How did we reach a point where a technical write up is forced into a column 6 inches wide on my 32 inch monitor?
Why does practically every code snippet exceed this 6 inch width, requiring a scroll bar?
Why is there a 50-50 chance that this scroll bar will be so tall that it actually hides the code snippet, and the fastest way to read the bits of information which are the point of the entire write up is to pop open developer tools by inspecting the element and read the code directly from the html?