• MarTech Today
  • Sections
    • Ads
    • Marketing
    • Content
    • Sales
    • Analytics
    • Management
    • Resources
    • More
    • Home
  • MarTech Today
  • Ads
  • Marketing
  • Content
  • Sales
  • Analytics
  • Mgmt
  • Resources
  • More
  • Events
  • SUBSCRIBE

MarTech Today

MarTech Today
  • Ads
  • Marketing
  • Content
  • Sales
  • Analytics
  • Management
  • Resources
  • More
  • Events
  • Newsletters
  • Home
Martech: Analytics & Data

FTC PrivacyCon: Your email address is leaking and vulnerable

Opening an email can unknowingly share your email address with other vendors, and hashed emails -- a popular ‘protection’ among data providers -- can be hacked.

Barry Levine on February 28, 2018 at 3:18 pm
  • More

A research paper delivered this morning at the Federal Trade Commission’s third annual PrivacyCon shows how email addresses — the gold standard for linking personal datasets — are vulnerable to data leaks and hacking.

The title of the paper by researchers Steven Englehardt, Jeffrey Han and Arvind Narayanan summarizes the possible reactions of many users hearing about this:

“I never signed up for this! Privacy implications of email tracking”

First of all, Englehardt said in presenting the paper, the act of opening emails often results in processes that resemble web tracking.

If your email client says it is blocking the retrieval of images for your security, part of the reason is that the URL calling those images from other vendors could contain your email address.

In a test, the researchers signed up for hundreds of email lists, received a zillion emails and analyzed what info those emails sent out. Some of the received emails, Englehardt said, were connected to as many as two dozen outside vendors through calls to content like images or to other external services.

“Many (of the calls to those vendors) were leaking the email address,” he said.

Englehardt noted that emailers like email ad monetization platform LiveIntent say they hash users’ email addresses.

Hashing is an algorithmic process that turns user@domain.com into a gibberish label, like $o98Cis?. Although gibberish, it’s unique, so it can be employed as an anonymized identifier.

It’s supposed to be one-way, meaning that you can’t turn the gibberish back into the email addresses.

Wrong, says Englehardt and his colleagues. “Hashes are likely to be easily reversible,” he told PrivacyCon.

‘Little to protect the privacy’

Essentially, he said, there is a finite universe of email addresses, estimated by researchers to be something over four billion. You can cheaply buy massive lists, so that, conceivably, a hacker could inexpensively build a database of virtually every email address on the planet.

And then the hacker could use brute computing force to test every email address through the hashing algorithm, until the unique gibberish identifier appears.

Bingo.

“Due to [high-end processors],” the researchers wrote in their paper, “trillions of hashes can be attempted at low cost.”

The authors found that “hashing does little to protect the privacy of a user’s email address.”

This is an arrow straight at the heart of many kinds of deterministic data matching, particularly cross-device and “people-based marketing.”

The reason is that an email address is frequently used as the “persistent identifier” to match the user data between, say, your phone, your laptop and your tablet. If you’ve logged on to something on each of those devices using your email address, a data provider is likely to be able to match you via your email address and determine that those are your devices.

Similarly, email addresses are commonly used to match your offline purchases to your online behavior, creating whole-person profiles.

“But don’t worry about our using personally identifiable information (PII) like email addresses,” data providers usually say in effect.

“The address is hashed.”



About The Author

Barry Levine
Barry Levine covers marketing technology for Third Door Media. Previously, he covered this space as a Senior Writer for VentureBeat, and he has written about these and other tech subjects for such publications as CMSWire and NewsFactor. He founded and led the web site/unit at PBS station Thirteen/WNET; worked as an online Senior Producer/writer for Viacom; created a successful interactive game, PLAY IT BY EAR: The First CD Game; founded and led an independent film showcase, CENTER SCREEN, based at Harvard and M.I.T.; and served over five years as a consultant to the M.I.T. Media Lab. You can find him at LinkedIn, and on Twitter at xBarryLevine.

Related Topics

Channel: Martech: Analytics & DataEmail Marketing & Martech

Subscribe to receive daily martech news and expert insights. See terms.


We're listening.

Have something to say about this article? Share it with us on Facebook and Twitter.

Get the daily newsletter digital marketers rely on.
See terms.

ATTEND OUR EVENTS

MarTech 2021: March 16-17

MarTech 2021: Sept. 14-15

MarTech 2020: Watch On-Demand

×

Attend MarTech - Click Here


Learn More About Our MarTech Events

White Papers

  • The Six Principles of Building a Memorable Customer Experience
  • 5 Reasons Agencies Adopt Marketing Automation
  • How to Land Higher-Paying Clients: A 7-Step Framework to Grow Your Agency
  • B2B Marketing Trends Shaping 2021
  • State of Email Marketing 2021 Report
See More Whitepapers

Webinars

  • Crawl Your Way Towards Better Search Results With Dynamic Rendering
  • The AI Revolution Is Coming to Every Stage of Your Buyer’s Journey
  • The Fundamentals of Link Building for E-Commerce & Affiliate Sites in 2021
See More Webinars

Research Reports

  • Local Marketing Solutions for Multi-Location Businesses
  • Enterprise Digital Asset Management Platforms
  • Identity Resolution Platforms
  • Customer Data Platforms
  • B2B Marketing Automation Platforms
  • Call Analytics Platforms
See More Research

Register For MarTech - Free

Receive daily martech news and analysis.

Channels

  • Advertising
  • Marketing
  • Content
  • Social
  • Commerce
  • Sales
  • Analytics
  • Management
  • Home

Our Events

  • MarTech
  • SMX

Resources

  • White Papers
  • Research
  • Webinars

About

  • About Us
  • Contact
  • Privacy
  • Marketing Opportunities
  • Staff

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • Newsletters
  • RSS

© 2021 Third Door Media, Inc. All rights reserved.