Forgot your password?
typodupeerror
Privacy Advertising The Internet Your Rights Online

How Websites Know Your Email Address the First Time You Visit 184

Posted by Soulskill
from the dark-sorcery-and-a-disregard-for-privacy dept.
An anonymous reader writes "Darren Nix works for 42Floors, a business that uses its website to help people find office space. He recently received a marketing email for a service that offered to identify visitors to his website. After squeezing some information out of the marketer and playing around with a demo account, he now explains exactly how sketchy companies track your presence across multiple websites. The marketer offered to provide Nix with 'tracking code that would sit in your web site' which would 'grab a few key pieces of data from each visitor.' This includes IP addresses and search engine data. The marketer's company would then automatically analyze the data to try to identify the user and send back whatever personal information they've collected on that user from different websites. Thus, it's entirely possible for a site to know your name, email address, and company on your very first visit, and without any interaction on your part. Nix writes, 'A real-world analogue would be this scenario: You drive to Home Depot and walk in. Closed-circuit cameras match your face against a database of every shopper that has used a credit card at Walmart or Target and identifies you by name, address, and phone. If you happen to walk out the front door without buying anything your phone buzzes with a text message from Home Depot offering you a 10% discount good for the next hour. Farfetched? I don't think so. ... All the necessary pieces already exist, they just haven't been combined yet.'"
This discussion has been archived. No new comments can be posted.

How Websites Know Your Email Address the First Time You Visit

Comments Filter:
  • 10% ? Great (Score:5, Insightful)

    by coinreturn (617535) on Wednesday December 12, 2012 @09:19AM (#42259571)
    When this scenario plays out, I will gladly walk into and out of every store if I can expect a 10% off coupon for doing so.
    • Re:10% ? Great (Score:5, Insightful)

      by LoverOfJoy (820058) on Wednesday December 12, 2012 @09:24AM (#42259611) Homepage

      When this scenario plays out, I will gladly walk into and out of every store if I can expect a 10% off coupon for doing so.

      *Some restrictions apply...

    • by alen (225700)

      no shit

      geeks are so dumb sometimes it astounds me. what if i have to buy a new dishwasher? 10% is a nice discount to keep me from going to Lowes

      last time i bought appliances i had to show my army discharge papers to get a nice 20% discount. saved hundreds of $$$ that day

      • Re: (Score:3, Funny)

        by Anonymous Coward

        Interesting.... Menards gave me a 25% discount when I showed them your army discharge papers.

        • by cdrudge (68377)

          Can I get a copy of his army discharge papers too in order to save 25%? Or are only you allowed to use his papers?

      • by characterZer0 (138196) on Wednesday December 12, 2012 @10:22AM (#42260127)

        Did they give you a 20% discount because you joined the army, or because you left?

        • Re: (Score:2, Funny)

          by Anonymous Coward

          Go green: turn off your refrigerator.

          Unrelated to this thread - but relevant to the signature:

          If you turn off your refrigerator, it is your food that goes green :-)

      • Re:10% ? Great (Score:5, Informative)

        by nabsltd (1313397) on Wednesday December 12, 2012 @01:27PM (#42262491)

        last time i bought appliances i had to show my army discharge papers to get a nice 20% discount. saved hundreds of $$$ that day

        The last time I bought an appliance, all I had to do was ask them to give me price that they would if the item was on it's best sale, and they did.

        Since there are dozens of places to buy most anything, asking such a question costs you nothing, and might get you what you want. But, you have to be serious about walking away and going somewhere else to buy.

    • A real-world analogue would be this scenario: You drive to Home Depot and walk in. Closed-circuit cameras match your face against a database of every shopper that has used a credit card at Walmart or Target and identifies you by name, address, and phone.

      Some shopping centres already do this and have done for a decade or so now. Used to prevent fraud or let security know of trouble makers.

    • by MiniMike (234881)

      What I'm waiting for is when Home Depot's competitor has a camera scanning the Home Depot parking lot and sending you a coupon for 15% off their store before you even walk into Home Depot.

      • by Mitreya (579078)

        What I'm waiting for is when Home Depot's competitor has a camera scanning the Home Depot parking lot and sending you a coupon for 15% off their store before you even walk into Home Depot.

        Yes, because an urgent email from [hardware store] providing me with 15% discount will totally stop me in my tracks right before I enter Home Depot.

        Unless they are also going to blindfold and kidnap their customers at the parking lot to make sure these customers make the right choice.

      • by holmedog (1130941)

        You're way over-thinking this. It's already done in casinos. Step outside of the MGM Grand at 10AM and you will get a text message offering you a 15% discount on lunch. Step into some of their competitors and you'll get bonus next time you load your card. I'm not joking in the least, by the way.

    • Re:10% ? Great (Score:5, Insightful)

      by jenningsthecat (1525947) on Wednesday December 12, 2012 @02:57PM (#42263605)

      When this scenario plays out, I will gladly walk into and out of every store if I can expect a 10% off coupon for doing so.

      Do you really think you're saving any money in the long run? When people get such discounts, the base price of everything goes up - after all, ultimately the manufacturer or seller isn't picking up the tab, the consumers are. So it's a temporary advantage, offset both by the higher prices other buyers pay as a result of YOUR discount, and by the higher prices YOU pay when you buy something that you don't get a discount on, but other buyers do. To paraphrase Syndrome in the Incredibles, "When everyone gets a discount, then no one does". Also, via Heinlein, "There Ain't No Such Thing As A Free Lunch"

      The whole thing is a zero-sum game, except for the manufacturers and sellers - they get their fingers on our privacy and entranceways into our lives, and we, ultimately, get nothing in return.

      • When this scenario plays out, I will gladly walk into and out of every store if I can expect a 10% off coupon for doing so.

        Do you really think you're saving any money in the long run? When people get such discounts, the base price of everything goes up - after all, ultimately the manufacturer or seller isn't picking up the tab, the consumers are. So it's a temporary advantage, offset both by the higher prices other buyers pay as a result of YOUR discount, and by the higher prices YOU pay when you buy something that you don't get a discount on, but other buyers do. To paraphrase Syndrome in the Incredibles, "When everyone gets a discount, then no one does". Also, via Heinlein, "There Ain't No Such Thing As A Free Lunch"

        The whole thing is a zero-sum game, except for the manufacturers and sellers - they get their fingers on our privacy and entranceways into our lives, and we, ultimately, get nothing in return.

        Actually, 10% is something of what I call "the standard discount." If you aren't getting it, you're essentially paying extra. There is always somebody who can get this discount (veterans, seniors, frequent buyers, whatever). With this system in place, I will get "the standard discount." If the general public is too dumb to get it, then I am not paying the extra.

        • When this scenario plays out, I will gladly walk into and out of every store if I can expect a 10% off coupon for doing so.

          Do you really think you're saving any money in the long run? When people get such discounts, the base price of everything goes up - after all, ultimately the manufacturer or seller isn't picking up the tab, the consumers are. So it's a temporary advantage, offset both by the higher prices other buyers pay as a result of YOUR discount, and by the higher prices YOU pay when you buy something that you don't get a discount on, but other buyers do. To paraphrase Syndrome in the Incredibles, "When everyone gets a discount, then no one does". Also, via Heinlein, "There Ain't No Such Thing As A Free Lunch"

          The whole thing is a zero-sum game, except for the manufacturers and sellers - they get their fingers on our privacy and entranceways into our lives, and we, ultimately, get nothing in return.

          Actually, 10% is something of what I call "the standard discount." If you aren't getting it, you're essentially paying extra. There is always somebody who can get this discount (veterans, seniors, frequent buyers, whatever). With this system in place, I will get "the standard discount." If the general public is too dumb to get it, then I am not paying the extra.

          But now you are getting your privacy stomped on instead of simply getting the standard discount. It looks like the retailers and advertisers are winning here.

      • by chrismcb (983081)

        Do you really think you're saving any money in the long run? When people get such discounts, the base price of everything goes up -

        Yes, you are saving money. This is like saying the base price of everything goes up, because they advertised.
        A company can spend a bunch of money on a commercial, or they can spend the same money on discounts. Since the company is already spending the same amount of money, the base price isn't changing, and yet I'm getting a discount.

  • Tor (Score:4, Interesting)

    by girlintraining (1395911) on Wednesday December 12, 2012 @09:21AM (#42259595)

    "[...]All the necessary pieces already exist, they just haven't been combined yet.'"

    Not me. I'm behind ten proxies and use Tor for everything. I use throwaway e-mail addresses from places like Mailinator. I even registered my gmail account using a hospital courtesy phone... that was in another country. My friends joke that I'm paranoid of the government. No, I could care less about the government... it's all the corporations!

    • Re:Tor (Score:5, Funny)

      by Anne_Nonymous (313852) on Wednesday December 12, 2012 @09:34AM (#42259691) Homepage Journal

      >> hospital courtesy phone

      Get 20% of bedpans for the next 3 days at webpan.com.

      • Re: (Score:2, Funny)

        by Anonymous Coward

        What on earth am I going to do with one fifth of a bedpan? I bet it leaks.

    • Re:Tor (Score:5, Funny)

      by Volanin (935080) on Wednesday December 12, 2012 @09:35AM (#42259703)

      I know that you're not a girl... ;-)

    • Re:Tor (Score:5, Interesting)

      by usuallylost (2468686) on Wednesday December 12, 2012 @09:37AM (#42259723)

      Not me. I'm behind ten proxies and use Tor for everything. I use throwaway e-mail addresses from places like Mailinator. I even registered my gmail account using a hospital courtesy phone... that was in another country. My friends joke that I'm paranoid of the government. No, I could care less about the government... it's all the corporations!

      All of that sounds great for your electronic transactions. Not sure it will help all that much when they start tracking your physical movements through the world and building databases that way. I guess you could wear a variety of disguises, always pay cash, never sleep the same place twice and make your living by pan handling or something. The problem here is that as this stuff becomes more and more pervasive it is going to become harder and harder to avoid. I suspect what we really need is some strict data privacy rules that require people to get opt ins for this stuff. That may be possible in the EU I don't see it happening in the US.

    • Re:Tor (Score:5, Insightful)

      by Jah-Wren Ryel (80510) on Wednesday December 12, 2012 @10:10AM (#42259987)

      Not me. I'm behind ten proxies and use Tor for everything. I use throwaway e-mail addresses from places like Mailinator. I even registered my gmail account using a hospital courtesy phone... that was in another country.

      You have utterly succeeded in missing the point - you are an aberration. The problem here is that normal people, behaving normally, are unknowingly subject to this shit through no fault of their own. We should not need to be randian privacy ubermen in order to have privacy.

      These stalking companies are taking advantage of the fact that by default society requires a certain level of openness to function. They are abusing that openness for their own enrichment - they are encouraging people to behave like you and in the long run as more people take similar countermeasures that makes society less functional. In effect they are stealing from all of us by leeching away at the trust that greases the gears of a functioning society.

      • by mrbcs (737902)
        What about Facebook? How many millions willingly give up personal information for free?

        There are many companies taking advantage of the naivete of internet users for their own advantage.

        • What about Facebook? How many millions willingly give up personal information for free?

          There are many companies taking advantage of the naivete of internet users for their own advantage.

          If they give it up for free then that's one thing, if they have no choice in the matter that's another thing entirely.

        • What about Facebook? How many millions willingly give up personal information for free?

          They aren't giving it up for free, they are trading it for the services facebook gives them.

          There are many companies taking advantage of the naivete of internet users for their own advantage.

          They do so voluntarily by explicitly entering a contract with facebook when they sign up.

      • by tlhIngan (30335)

        You have utterly succeeded in missing the point - you are an aberration. The problem here is that normal people, behaving normally, are unknowingly subject to this shit through no fault of their own. We should not need to be randian privacy ubermen in order to have privacy.

        These stalking companies are taking advantage of the fact that by default society requires a certain level of openness to function. They are abusing that openness for their own enrichment - they are encouraging people to behave like you a

        • You are absoltuely right - those companies have expanded beyond simply providing service for payment in the form of your personal information to stalking everyone, even those who aren't getting any value in return because they don't explicitly use those companies' services. They don't release that info to the 3rd party websites, but they do collect it and put it into a database beyond our control. It is wrong too.

      • You have utterly succeeded in missing the point - you are an aberration.

        Or you succeeded in missing the point: That this is what it's come to and even average people should start considering doing this.

    • If you were straight, or if I was a woman, I'd totally ask you out.

    • by Pope (17780)

      Not me. I'm behind ten proxies and use Tor for everything. I use throwaway e-mail addresses from places like Mailinator. I even registered my gmail account using a hospital courtesy phone... that was in another country. My friends joke that I'm paranoid of the government. No, I could care less about the government... it's all the corporations!

      What laughable BS. And yet you still signed up for a Gmail account.

    • by hAckz0r (989977)

      Not me. I'm behind ten proxies and use Tor for everything. I use throwaway e-mail addresses from places like Mailinator. I even registered my gmail account using a hospital courtesy phone... that was in another country.

      Unfortunately that may not be enough. They also get the browser fingerprint (app, OS, plugin list including your TOR plugin and version no, and much more...) which is fairly unique statistically, and can say a lot about a person just in itself. If you are not also blocking javascript, cookies, and all web bugs then they already know you uniquely enough to track your movements across the web. TOR is only the "how you got there" part, and they can work around that missing information. They can still get the I

    • No, I could care less about the government... it's all the corporations!

      You should look more closely into where corporations get their charters, the limitations on liability, and their market power.

      e.g. FDA actions preventing Polaner (fruit spread) and Spectrum (oils) from using "Non-GMO" on their labelling. In the first case, they argued that strawberries were produce, not organisms. In the second case they told Spectrum that the use would cause people to think GMO's were bad.

      That there's a revolving do

  • Highly illegal (Score:5, Interesting)

    by Splab (574204) on Wednesday December 12, 2012 @09:37AM (#42259727)

    Well one reason why this hasn't been done is it's downright illegal to do so in many countries.

    Try this in EU and find yourself in a world of hurt.

    • Only if the servers are hosted in the EU. I guarantee you this is happening all the time with people from the EU.

  • by magic maverick (2615475) on Wednesday December 12, 2012 @09:39AM (#42259741) Homepage Journal

    I've mentioned before that I don't use an Ad Blocker, and yet I rarely see ads. The addons I use (among others) are RequestPolicy, NoScript and Cookie Monster. These three allow me to not be tracked across most websites.

    As well, I tend to use unique email addresses (either with Mailinator, or with another domain) for each website I sign up on (I record which email address I use where, and this allows me to track who is sharing my info).

    And if I did somehow receive an email that said something like Sumit Suman received, I would be very unhappy with both the party I initially shared the email address with, and the other party. And would cease all business with both.

    A commentator at Hacker News [ycombinator.com] says at least one company uses the IP address to get the company and then looks up that company via LinkedIn. Another reason to a) support Tor, and b) not use LinkedIn I guess.
    ------

    Ironically, 42Floors is using Disqus for their comments. This allows visitors to be obviously tracked across websites (at least that use Disqus) and I'm amazed that any privacy conscious person or organization would outsource like that. There are many other tools (e.g. Gravatar) that fall into the same category. In fact, with Gravatar, I can be tracked even if I don't use the service (by not having an avatar with them) because my email address is still sent every time I leave a comment. And I'm sure there are some blog maintainers wondering why they get email addresses of the form webmaster@domain from some of their more insightful commentators.

    • by MobyDisk (75490)

      Disqus is an atrocity since it requires 3rd-party cookies to be enabled. For those not aware, turning on 3rd-party cookies is like saying "please send all web sites all information about everywhere I have ever been." The only reason to need 3rd-party cookies is bad design.

  • by Anonymous Coward

    TFA says user "fills out a form" but doesn't explicitly say exactly where that form is.

    I get all email to any address at my domain, so I tend to put the expected sender's name into whatever address I give them. For example, Amazon thinks my email address is amazon@example.com. So when I go to Target, am I getting a Target form where I submit target@example.com on a form to target.com, which they are then sending to a marketing company or is Target's site sending me to the marketing company's site, where I

    • by dpdjvan (2551774) on Wednesday December 12, 2012 @10:48AM (#42260407)
      Also with gmail you can add a unquie tag using a '+'. Then you know if someone was tracking you or selling your information. Use it like this regular_email+unquie_tag@gmail.com
      • Re: (Score:3, Insightful)

        by Anonymous Coward

        A lot of big bulk email providers are catching on to that and just truncate the trailing part for gmail accounts. Any company using Exact Target (a very very popular provider) will have that "feature" by default (started a few months ago i think. It didn't use to do that and then one day, poof!).

        • by dpdjvan (2551774)
          I did not know that, Thank you. You also just gave me an idea that any commerical email that don't have the '+' can be flagged a spam while ones with the '+' can be classified as non-spam. While you won't know who sold it you will reduce the amount in your inbox and devaule the information as it funnelled straight to the auto-delete after 30-days spam folder.
  • $ telnet 42floors.com 80
    Trying 2600:3c03::f03c:91ff:feae:fd4d...
    telnet: Unable to connect to remote host: Connection refused

  • by broothal (186066) <christian@fabel.dk> on Wednesday December 12, 2012 @10:20AM (#42260103) Homepage Journal

    I was logged into a gmail that I only use for receiving, never sending. I visited Netflix in another tab in Chrome. I visited their free trial page, but I decided it wasn't for me, so I closed the tab without entering any data.

    A few days later I got an email from netflix - to the gmail account I was signed in to in another tab - asking me if I needed help completing the form.

    True, and very scary story.

    • by V-similitude (2186590) on Wednesday December 12, 2012 @03:01PM (#42263649)

      Almost guarantee that they didn't snoop your e-mail through chrome or hidden cookies/3rd party trackers. Not saying it's not possible; it's just that they'd be crazy to do it so flagrantly. Most likely, you entered your e-mail in a field that was snooped by javascript. You may think you didn't "enter" any data if you close the tab before hitting submit, but that's not true. Either that, or you previously had an account with them and had some cookie with them indicating that.

      If I'm wrong, it should be replicable. I'd love to hear if that's actually the case.

  • Minority report (Score:4, Interesting)

    by Reclaimer (2793605) on Wednesday December 12, 2012 @10:27AM (#42260177)
    So we've hit minority report: "You drive to Home Depot and walk in. Closed-circuit cameras match your face against a database of every shopper that has used a credit card at Walmart or Target and identifies you by name, address, and phone. If you happen to walk out the front door without buying anything your phone buzzes with a text message from Home Depot offering you a 10% discount good for the next hour."
  • by jfruh (300774) on Wednesday December 12, 2012 @10:28AM (#42260189)

    The Wall Street Journal [wsj.com] had a big article about this practice, which is not new and is fully mainstream among U.S. companies. The article contains this COMPLETELY AMAZING quote" "Dataium [a company that facilitates this tracking] said that shoppers' Web browsing is still anonymous, even though it can be tied to their names. "

  • "phone buzzes with a text message from Home Depot offering you a 10% discount good for the next hour. "

    make it 20% and I'll walk back into the store. Yes I'm a price whore.

    • by Spamalope (91802) on Wednesday December 12, 2012 @11:07AM (#42260635)

      make it 20% and I'll walk back into the store. Yes I'm a price whore.

      It can get so much worse!

      *Buzz*

      Buy at least $200 in drapes for your wife in the next hour, or we text her the log of your visits to sexycoeds.com

      (1 hour later) *Buzz*

      Buy $400 of additional merchandise or we make a post on your facebook page about your love for gay tentacle porn. Thank you so much for Liking us earlier! We couldn't do it without you.

    • by rtaylor (70602)

      Look at your phone, pause, look at the store thoughtfully, perhaps phone a friend and argue with them, then start heading for your car again.

      The discount may get increased if cameras are watching closely enough.

  • Sorry this is a bit off topic, but I've been wondering what it would take for every site to think that it's the first website you've visited ever. Would it be enough if if the browser stored cookies and other permanent stuff based on what domain is in the address bar?

    So if you first visit bing.com and get a cookie from ad-network.com and then visit google.com, the ad-network.com banner doesn't see your earlier cookie, because the domain in the address bar is different. I think it should make tracking people

  • It looks like you left /. without commenting on a page and overusing the word 'most'
    Would you perhaps like to take part in this flame of a recent Apple decision?
  • is not the government.

    It's the corporations!

    May the programmers that coded this stuff burn in hell!!!

    • May the programmers that coded this stuff burn in hell!!!

      No single raindrop believes it is to blame for the flood. For that matter, what single raindrop really knows what part their tiny contribution plays in the flood?

      • Just stop. The people that design and deploy this KNOW what they are doing. All it takes for evil to foster is for good men to do nothing.
  • been around forever (Score:4, Interesting)

    by Charliemopps (1157495) on Wednesday December 12, 2012 @11:37AM (#42260939)

    I've been on here preaching this forever. Any large website you visit is doing this. It's easy to do and a cheap service. TOR doesn't even help you. If you visit a site, they can uniquely identify you, period. They might not know exactly who you are (your name) but they don't care about that. They have your browsing habits, what you're into, and what you're likely to buy. That's all they need. I've seen these systems in action and the level of detail is amazing. You can not escape them.

  • I may have written this one. Or maybe one of it's ancestors. Back in 2005, a marketing company in Minneapolis asked me to figure this out. So I did. Haven't thought about it since. If I did write this one, don't feel bad. I got paid a premium for it. So at least they're treating their programmers well. That should make you feel at least a little better about permanently losing your privacy, don't you think?
  • Whoa... companies are abusing their ability to obtain people's personal information? I'm shocked... SHOCKED I tell you!

    As an aside, here is an incredibly undervalued service:
    http://www.spamgourmet.com/ [spamgourmet.com]

    Lets you invent dynamic email addresses, so if someone wants your email address you can give them a specially crafted one right on the spot.

  • It hadn't already been fully researched and thrown out by all major data marketers 10 years ago. The fact is, it's illegal as hell (in the States, and therefore in all .us, .com, and .net domains) to use PI (personally identifiable) data at an anonymous level (eg, online). Cross site cookies have existed for years now, and that is all this is. It's a marketing cookie.

    How, might you ask, could this data actually be used? It's used to build a portfolio of a visitor to target ads. Google does it. So does

  • And you can use throwaway email addresses and pseudonyms. It's up to you.

  • by greywire (78262)

    I, for one, welcome our face recognizing, database comparing, privacy and anonymity eliminating invasive marketing overlords...

Don't steal; thou'lt never thus compete successfully in business. Cheat. -- Ambrose Bierce

Working...