

Tell HN: Use Your Hosts File to Blackhole EMail Trackers - MichaelCrawford

Bananatag, Streak and Yesware each add web bugs - invisible one-pixel images - to HTML eMail so that the sender will know when you&#x27;ve opened their eMail.  Bananatag also tracks clicks on links by using a redirect.<p>The following entries in your &#x2F;etc&#x2F;hosts file should put a lid on this gross privacy violation.  Note that &#x2F;etc&#x2F;hosts is not accessible on iOS; I expect it can be on jailbroken phones but I don&#x27;t really know.  Some Android devices can be unlocked with a straightforward tool that comes with the Android source code.<p>Really it would be best to block these domains at your router, or with a DNS server, but that won&#x27;t really work if, as I, you hang out at WiFi spots frequently.<p>Add the following to your existing &#x2F;etc&#x2F;hosts file - don&#x27;t just replace it or your box won&#x27;t work anymore:<p><pre><code>    # = B =

    # Bananatag eMail Tracking
    #
    # Bananatag uses both web bugs as well as tracking redirects for links

    127.0.0.1   bl-1.com
    127.0.0.1   s.bl-1.com

    # = S =

    # Streak eMail Tracking

    127.0.0.1   streak.com
    127.0.0.1   www.streak.com

    # = Y =

    # Yesware eMail Tracking

    127.0.0.1   yesware.com
    127.0.0.1   app.yesware.com
    127.0.0.1   www.yesware.com
</code></pre>
Note that DNS is not an API, it is a network protocol.  While the convention is for name lookups to consult the hosts file, there is no particular requirement to actually do so.
======
jlgaddis
Perhaps it's just because I'm old but I still prefer reading my e-mail using
mutt in a terminal. Even when I use a graphical mail client (Thunderbird) I
still read all mail in plain text.

Running Unbound (or something similar) locally would also work too (using,
e.g., the "empty" zone) in your case (moving between networks often).

~~~
MichaelCrawford
Clearly plain-text mail clients will prevent this kind of problem. I would use
one - such as mutt - were it not for the fact that many of the people I do
business with insist on formatted mail, and have no insight whatsoever into
the reasons why plain-text email is to be preferred.

~~~
jlgaddis
Understood (I likewise correspond with folks who will occasionally send an
e-mail with something like "changes below in red", forcing me to log into my
web mail and view the message there).

Plain-text mail 100% of the time certainly isn't/doesn't work for everyone.

------
ams6110
You can block all sorts of known ad and malware sites this way. I use a hosts
file from a windows-oriented site (search for "MVPS hosts file") but it works
on linux/Mac OS/BSDs just as well. There are others floating around if you
prefer another source.

~~~
MichaelCrawford
I'm OK with advertising, but not with tracking. The problem for me is that
most advertising is served from a host other than that of the publisher, so
tracking can be done by the ad server.

That is, say HN were to publish AdSense. HN's webmaster would add a small
snippet of Javascript, that fetches the ad itself from Google's server. That
would enable Google to track me.

I am, for the most part, completely cool with ads that are served from the
same IP address as the web page I'm looking at.

~~~
a3n
Let's say that became a reality, that most ads were served from the site of
interest.

Wouldn't the site's back end just send data about the client viewing an ad
back to the ad vendor? I would think it would be part of their contract.

I also have no problem with ads per se, but they aren't just ads anymore, ...

