Re: Scam alert: [Fwd: Thank you from One Laptop per Child]
FYI, Sine this topic has nothing to do with OLPC software development, let me attempt to move this conversion from the developers list to the 'support gang' list. The topic is more appropriate located there (here?). :) Thanks, -Ixo On Sun, Nov 16, 2008 at 16:44, John Gilmore [EMAIL PROTECTED] wrote: this mail was/is legitimate, and is part of the G1G1 launch starting tomorrow. the links go through a redirector so that OLPC can see statistics on click-through responses. I'm sorry, if I get an e-mail with visible links to amazon.com/xo and the hidden version not coming from the amazon.com domain I will delete first and ask questions later. OLPC should NEVER be tricking its donors with email spy techniques! I've gone one step further than deleting the messages. I've stopped funding nonprofits who use this kind of surreptitious monitoring in their bulk mailings. You'd be surprised how many nonprofits have been snowed by bulk email providers like Convio into perverting the recipient's classic postal-mail / email assumptions. Commercial companies are so afraid of being tarred with the spammer brush that they don't do this -- but nonprofits aren't yet that smart. They violate donor expecations like like: * Once you sent it, you don't know when, where, or whether I read it (unless it comes as a registered letter with explicit tracking). * I can read it over and over again without you finding out * I can copy and forward it to others and you can't tell who forwarded it. These social expectations are being deliberately and silently broken by including web bugs, tracking links and similar monitoring devices into ordinary emails. I encourage everybody who receives such mails to delete them unread, to chastize the organization that sent them (if they can be found), and to stop funding or supporting any org that persists. If an email sender wants to track the popularity of its emails that include links, that's easy to do by looking at how many accesses are made to the web pages that it links to. You can even link to a landing page for each such email that you send (to 1000 or 100,000 people), rather than linking to a pre-existing page. That kind of monitoring doesn't intrude on personal privacy by trying to figure out WHICH email recipient clicked on the link -- it just counts how many did. You can turn off all these intrusive technologies in the Convio user interface -- but they default to on, because Convio and its sister companies care more about data-mining than they do about donor privacy or social cohesion. And they'll continue to do so until donors ostracize any nonprofit who does this. John Gilmore -- Forwarded message -- From: Hal Murray [EMAIL PROTECTED] Date: Sun, Nov 16, 2008 at 16:29 Subject: Re: Scam alert: [Fwd: Thank you from One Laptop per Child] To: Chris Marshall [EMAIL PROTECTED] Cc: devel@lists.laptop.org devel@lists.laptop.org I got an email that claimed to be from [EMAIL PROTECTED] asking for help with G1G1 but all the links were not to where they said they were from. I think it may be phishing or a scam of some sort. For example, the link to amazon.com/XO actually goes to: If you look at the Received headers you will probably find that it came from something like ccm01.constantcontact.com Constant Contact is one of the big ESPs (Email Service Providers). They handle mailing lists for other people and generally do a better job than most people would do by themselves. http://rs6.net/tn.jsp?... If you poke around with whois, you will see that rs6.net is owned by Constant Contact. That particular URL will bounce through their system and off to Amazon. The idea is that they count clicks. Marketers love that sort of data so companies like CC provide it. A variation is 1x1 gifs, often called web bugs. That lets them count how many people opened the mail even if they don't click on any of the links. That assumes you enable html in your mail reader and that you enable gifs and ... I'm not sure why they use rs6 (or similar) rather than constantcontact. I think I saw an explanation once, but I don't have enough marketing blood in me for it to make sense. I'm a privacy nut. I hate tracking. I consider it to be rude at best. I don't know if CC is setup to disable tracking if their customers ask about it. -- Forwarded message -- From: [EMAIL PROTECTED] Date: Sun, Nov 16, 2008 at 16:57 john wrote: If an email sender wants to track the popularity of its emails that include links, that's easy to do by looking at how many accesses are made to the web pages that it links to. You can even link to a landing page for each such email that you send (to 1000 or 100,000 people), rather than linking to a pre-existing page. That kind of monitoring doesn't intrude on personal privacy by trying to figure out WHICH email recipient clicked on the link -- it just counts
Re: Scam alert: [Fwd: Thank you from One Laptop per Child]
this mail was/is legitimate, and is part of the G1G1 launch starting tomorrow. the links go through a redirector so that OLPC can see statistics on click-through responses. i understand completely why it made you nervous, however. we'll consult with our mailing partner to find out what we can do about the URLs in future mailings. paul chris wrote: I got an email that claimed to be from [EMAIL PROTECTED] asking for help with G1G1 but all the links were not to where they said they were from. I think it may be phishing or a scam of some sort. For example, the link to amazon.com/XO actually goes to: http://rs6.net/tn.jsp?e=00140GOQ-WV-PKk0vG2UCW1Iyligz-Y-vTYYeFTfL9NJG-1I4XgKCWk8 -WeF7IC2D-9hgtkisNsRQucVAv9EIRn_l9kuHNU3G29iDeWY5_C765ZwGWtDddYPQ== Be warned. ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel =- paul fox, [EMAIL PROTECTED] give one laptop, get one laptop --- http://www.amazon.com/xo ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Scam alert: [Fwd: Thank you from One Laptop per Child]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: this mail was/is legitimate, and is part of the G1G1 launch starting tomorrow. the links go through a redirector so that OLPC can see statistics on click-through responses. i understand completely why it made you nervous, however. we'll consult with our mailing partner to find out what we can do about the URLs in future mailings. In fact, the mailing partner did something very interesting here, which is to send the message with both a plain-text and HTML copy, embedded in the same mail. My client is configured to prefer the plain-text version, so I saw links of the form http://www.amazon.com/xo;. In the HTML copy, it's as Chris described. So OLPC beware; the traffic statistics you're getting back from Constant Contact Inc don't include (at least some) users running Thunderbird, and maybe anyone else with a similar client. - --Ben -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkkga2EACgkQUJT6e6HFtqRbvACfc5Y5ZSfdpJ9a0gjAovQOMyxt 1L0AnA9NYZV6ZcBRAUbLI5Y+GKQrIRNv =M71E -END PGP SIGNATURE- ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Scam alert: [Fwd: Thank you from One Laptop per Child]
Benjamin M. Schwartz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: this mail was/is legitimate, and is part of the G1G1 launch starting tomorrow. the links go through a redirector so that OLPC can see statistics on click-through responses. i understand completely why it made you nervous, however. we'll consult with our mailing partner to find out what we can do about the URLs in future mailings. I'm sorry, if I get an e-mail with visible links to amazon.com/xo and the hidden version not coming from the amazon.com domain I will delete first and ask questions later. This trick is *exactly* what phishing and identity theft spammers do. I certainly would not forward such a message to anyone without verification of its validity. If the links were instead to some scrambled URL in same domain, e.g. laptop.org, that would at least indicate that the link gibberish is likely valid since it is in the same domain as the link claims to be. --Chris ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Scam alert: [Fwd: Thank you from One Laptop per Child]
I agree. You need a better way to track your hits. Id suggest Google analytics as fast and free. Make a special web page for the landings from the email and track hits. Jk On Sun, Nov 16, 2008 at 2:18 PM, Chris Marshall [EMAIL PROTECTED] wrote: Benjamin M. Schwartz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: this mail was/is legitimate, and is part of the G1G1 launch starting tomorrow. the links go through a redirector so that OLPC can see statistics on click-through responses. i understand completely why it made you nervous, however. we'll consult with our mailing partner to find out what we can do about the URLs in future mailings. I'm sorry, if I get an e-mail with visible links to amazon.com/xo and the hidden version not coming from the amazon.com domain I will delete first and ask questions later. This trick is *exactly* what phishing and identity theft spammers do. I certainly would not forward such a message to anyone without verification of its validity. If the links were instead to some scrambled URL in same domain, e.g. laptop.org, that would at least indicate that the link gibberish is likely valid since it is in the same domain as the link claims to be. --Chris ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel -- ~~ Microsoft help desk says: reply hazy, ask again later. ~~ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Scam alert: [Fwd: Thank you from One Laptop per Child]
On Sun, Nov 16, 2008 at 2:34 PM, Jeffrey Kesselman [EMAIL PROTECTED] wrote: I agree. You need a better way to track your hits. Id suggest Google analytics as fast and free. Make a special web page for the landings from the email and track hits. The way google.com does it on their search results page is to set up an onclick() handler for each link which reports your click to google, without affecting the actual link target URL. I'm not certain this would work with email, since even clients which display HTML might not execute embedded javascript (I hope not, but I've been surprised/appalled before). --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Scam alert: [Fwd: Thank you from One Laptop per Child]
chris wrote: Benjamin M. Schwartz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: this mail was/is legitimate, and is part of the G1G1 launch starting tomorrow. the links go through a redirector so that OLPC can see statistics on click-through responses. i understand completely why it made you nervous, however. we'll consult with our mailing partner to find out what we can do about the URLs in future mailings. I'm sorry, if I get an e-mail with visible links to amazon.com/xo and the hidden version not coming from the amazon.com domain I will delete first and ask questions later. This trick is *exactly* what phishing and identity theft spammers do. I certainly would not forward such a message to anyone without verification of its validity. If the links were instead to some scrambled URL in same domain, e.g. laptop.org, that would at least indicate that the link gibberish is likely valid since it is in the same domain as the link claims to be. i agree completely. one more level of redirect (from us to our partner site then to the real destination would be far better. i confess i noticed it as the mail was being prepared, but my alarm bells didn't go off. (probably because i was on the sending end, and not the receiving end. :-) we'll do better next time. paul =- paul fox, [EMAIL PROTECTED] give one laptop, get one laptop --- http://www.amazon.com/xo ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Scam alert: [Fwd: Thank you from One Laptop per Child]
On Sun, Nov 16, 2008 at 2:57 PM, [EMAIL PROTECTED] wrote: chris wrote: Benjamin M. Schwartz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: this mail was/is legitimate, and is part of the G1G1 launch starting tomorrow. the links go through a redirector so that OLPC can see statistics on click-through responses. i understand completely why it made you nervous, however. we'll consult with our mailing partner to find out what we can do about the URLs in future mailings. I'm sorry, if I get an e-mail with visible links to amazon.com/xo and the hidden version not coming from the amazon.com domain I will delete first and ask questions later. This trick is *exactly* what phishing and identity theft spammers do. I certainly would not forward such a message to anyone without verification of its validity. If the links were instead to some scrambled URL in same domain, e.g. laptop.org, that would at least indicate that the link gibberish is likely valid since it is in the same domain as the link claims to be. i agree completely. one more level of redirect (from us to our partner site then to the real destination would be far better. i confess i noticed it as the mail was being prepared, but my alarm bells didn't go off. (probably because i was on the sending end, and not the receiving end. :-) we'll do better next time. The system handling our emails did this auto-magically. If we were to do this more than once we would likely setup a better system for it. --Seth ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Scam alert: [Fwd: Thank you from One Laptop per Child]
I got an email that claimed to be from [EMAIL PROTECTED] asking for help with G1G1 but all the links were not to where they said they were from. I think it may be phishing or a scam of some sort. For example, the link to amazon.com/XO actually goes to: If you look at the Received headers you will probably find that it came from something like ccm01.constantcontact.com Constant Contact is one of the big ESPs (Email Service Providers). They handle mailing lists for other people and generally do a better job than most people would do by themselves. http://rs6.net/tn.jsp?... If you poke around with whois, you will see that rs6.net is owned by Constant Contact. That particular URL will bounce through their system and off to Amazon. The idea is that they count clicks. Marketers love that sort of data so companies like CC provide it. A variation is 1x1 gifs, often called web bugs. That lets them count how many people opened the mail even if they don't click on any of the links. That assumes you enable html in your mail reader and that you enable gifs and ... I'm not sure why they use rs6 (or similar) rather than constantcontact. I think I saw an explanation once, but I don't have enough marketing blood in me for it to make sense. I'm a privacy nut. I hate tracking. I consider it to be rude at best. I don't know if CC is setup to disable tracking if their customers ask about it. -- These are my opinions, not necessarily my employer's. I hate spam. ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Scam alert: [Fwd: Thank you from One Laptop per Child]
this mail was/is legitimate, and is part of the G1G1 launch starting tomorrow. the links go through a redirector so that OLPC can see statistics on click-through responses. I'm sorry, if I get an e-mail with visible links to amazon.com/xo and the hidden version not coming from the amazon.com domain I will delete first and ask questions later. OLPC should NEVER be tricking its donors with email spy techniques! I've gone one step further than deleting the messages. I've stopped funding nonprofits who use this kind of surreptitious monitoring in their bulk mailings. You'd be surprised how many nonprofits have been snowed by bulk email providers like Convio into perverting the recipient's classic postal-mail / email assumptions. Commercial companies are so afraid of being tarred with the spammer brush that they don't do this -- but nonprofits aren't yet that smart. They violate donor expecations like like: * Once you sent it, you don't know when, where, or whether I read it (unless it comes as a registered letter with explicit tracking). * I can read it over and over again without you finding out * I can copy and forward it to others and you can't tell who forwarded it. These social expectations are being deliberately and silently broken by including web bugs, tracking links and similar monitoring devices into ordinary emails. I encourage everybody who receives such mails to delete them unread, to chastize the organization that sent them (if they can be found), and to stop funding or supporting any org that persists. If an email sender wants to track the popularity of its emails that include links, that's easy to do by looking at how many accesses are made to the web pages that it links to. You can even link to a landing page for each such email that you send (to 1000 or 100,000 people), rather than linking to a pre-existing page. That kind of monitoring doesn't intrude on personal privacy by trying to figure out WHICH email recipient clicked on the link -- it just counts how many did. You can turn off all these intrusive technologies in the Convio user interface -- but they default to on, because Convio and its sister companies care more about data-mining than they do about donor privacy or social cohesion. And they'll continue to do so until donors ostracize any nonprofit who does this. John Gilmore ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Scam alert: [Fwd: Thank you from One Laptop per Child]
john wrote: If an email sender wants to track the popularity of its emails that include links, that's easy to do by looking at how many accesses are made to the web pages that it links to. You can even link to a landing page for each such email that you send (to 1000 or 100,000 people), rather than linking to a pre-existing page. That kind of monitoring doesn't intrude on personal privacy by trying to figure out WHICH email recipient clicked on the link -- it just counts how many did. john -- i/we hear you loud and clear. i will say that OLPC has no idea _who_ clicked on any given link, nor how many times. nor are we the least bit interested in knowing. as you surmised, the default setting for doing link redirects is on, and for better or worse, they were left that way when we sent the mail. we will clearly reconsider this setting in the future. paul =- paul fox, [EMAIL PROTECTED] give one laptop, get one laptop --- http://www.amazon.com/xo ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel