Published On Jul 19, 2023
👍 Try ProtonMail: http://proton.me/grant
🔍 Spy Pixel GitHub Repository: https://github.com/collinsmc23/spy-pixel
🔗 Resources:
/ pixel-tracking-how-easy-and-unethical-is-it
https://aws.amazon.com/blogs/big-data...
https://proton.me/blog/how-to-stop-em...
/ deploy-a-flask-app-on-aws-ec2
https://www.theguardian.com/technolog...
https://proton.me/mail/security
https://proton.me/support/email-track...
🎥 Video Overview:
In today's video, I will be overviewing how applications can spy on you with a spy pixel by demonstrating the small spy pixel I wrote using Python and deployed on AWS. I am able to collect the User-Agent string, IP addresses, geolocation, and if the individual browses to the page where the pixel is located. I will specifically be using the email ecosystem to show you how spy pixels are often embedded in your emails. Although spy pixels can provide insight into who visits your website or if your email is read, it's not privacy-friendly. Especially with your personal email inbox, sometimes you would rather wait to respond after opening an email, ignore its promotional junk, or simply not respond. But with a spy pixel, individuals, marketers, or companies can know if your email has been opened, identify the relative location of where it's been opened if using their ISP-issued IP address, and gather information on your device. They could continue to send more emails and target you.
Spy pixels can be removed. There are several ways... you could use browser plugins, change the settings in your email client, or turn off HTML email entirely. All of these are viable ways, but are not very convenient or pleasing to read. Or you could use a privacy-first email application, Proton Mail, which blocks trackers, provides E2EE encryption, provides a pleasant user experience, and is completely free to use.
Specifically for the spy pixel - Proton Mail offers enhanced tracking protection which is enabled by default for all users. Proton Mail blocks email spy pixels (referred to as risky pixels) by pre-loading remote images on your behalf using a proxy with a generic IP address and geo-location. But they also hide your personal information and the exact time you opened the email. When you open an email containing blocked trackers, you'll be notified with how many blocked trackers there are. (source https://proton.me/support/email-track...)
🐕 Follow Me:
Twitter: / collinsinfosec
Instagram: / _collinsinfosec
Cybercademy Discord Server: / discord
🤔 Have questions, concerns, comments?:
Email me: [email protected]
🎧 Gear:
Laptop (Lenovo X1 Carbon Ultrabook 6th Gen): https://amzn.to/2O0UfAM
Monitors (Dell D Series 31.5” D3218HN): https://amzn.to/2EXlgRF
Keyboard (Velocifire VM01): https://amzn.to/2TEswfd
Headphones (Audio Technica ATH-M40x): https://amzn.to/2F4Tvq6
Work Monitors (Dell U4919DW UltraSharp 49 Curved Monitor): https://amzn.to/3yQmDhM
Desk (FLEXISPOT EW8 Comhar Electric Standing Desk): https://amzn.to/3S9OxvG
💻 Cybersecurity PC Build Parts
[Processor] Intel Core i7-13700K 3.4 GHz 16-Core Processor: https://amzn.to/3OlTTUK
[Graphics Card] Asus DUAL OC GeForce RTX 3060 Ti 8 GB Video Card: https://amzn.to/3OE0bkd
[AIO Cooler] Corsair iCUE H100i RGB ELITE 65.57 CFM Liquid CPU Cooler: https://amzn.to/3DEUUT9
[Motherboard] MSI PRO Z690-A WIFI DDR4 ATX LGA1700 Motherboard: https://amzn.to/3Ol9La8
[RAM](2x) Corsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-3200 CL16 Memory: https://amzn.to/3OlsgeM
[HDD] Seagate IronWolf NAS 8 TB 3.5" 7200 RPM Internal Hard Drive: https://amzn.to/3DFdc6K
[SSD] Samsung 980 Pro 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive: https://amzn.to/3KpTnnQ
[Case] Corsair 5000D AIRFLOW ATX Mid Tower Case: https://amzn.to/44Rjaxf
[Power Supply] Corsair RM850x (2021) 850 W 80+ Gold Certified Fully Modular ATX Power Supply: https://amzn.to/478wC1r
[Fans] Corsair iCUE SP120 RGB ELITE 47.7 CFM 120 mm Fans 3-Pack: https://amzn.to/44R4myD
