I coded a spy tracking pixel.
Вставка
- Опубліковано 12 чер 2024
- 👍 Try ProtonMail: proton.me/grant
🔍 Spy Pixel GitHub Repository: github.com/collinsmc23/spy-pixel
🔗 Resources:
/ pixel-tracking-how-eas...
aws.amazon.com/blogs/big-data...
proton.me/blog/how-to-stop-em...
/ deploy-a-flask-app-on-...
www.theguardian.com/technolog...
proton.me/mail/security
proton.me/support/email-track...
🎥 Video Overview:
In today's video, I will be overviewing how applications can spy on you with a spy pixel by demonstrating the small spy pixel I wrote using Python and deployed on AWS. I am able to collect the User-Agent string, IP addresses, geolocation, and if the individual browses to the page where the pixel is located. I will specifically be using the email ecosystem to show you how spy pixels are often embedded in your emails. Although spy pixels can provide insight into who visits your website or if your email is read, it's not privacy-friendly. Especially with your personal email inbox, sometimes you would rather wait to respond after opening an email, ignore its promotional junk, or simply not respond. But with a spy pixel, individuals, marketers, or companies can know if your email has been opened, identify the relative location of where it's been opened if using their ISP-issued IP address, and gather information on your device. They could continue to send more emails and target you.
Spy pixels can be removed. There are several ways... you could use browser plugins, change the settings in your email client, or turn off HTML email entirely. All of these are viable ways, but are not very convenient or pleasing to read. Or you could use a privacy-first email application, Proton Mail, which blocks trackers, provides E2EE encryption, provides a pleasant user experience, and is completely free to use.
Specifically for the spy pixel - Proton Mail offers enhanced tracking protection which is enabled by default for all users. Proton Mail blocks email spy pixels (referred to as risky pixels) by pre-loading remote images on your behalf using a proxy with a generic IP address and geo-location. But they also hide your personal information and the exact time you opened the email. When you open an email containing blocked trackers, you'll be notified with how many blocked trackers there are. (source proton.me/support/email-track...)
🐕 Follow Me:
Twitter: / collinsinfosec
Instagram: / _collinsinfosec
Cybercademy Discord Server: / discord
🤔 Have questions, concerns, comments?:
Email me: grant@cybercademy.org
🎧 Gear:
Laptop (Lenovo X1 Carbon Ultrabook 6th Gen): amzn.to/2O0UfAM
Monitors (Dell D Series 31.5” D3218HN): amzn.to/2EXlgRF
Keyboard (Velocifire VM01): amzn.to/2TEswfd
Headphones (Audio Technica ATH-M40x): amzn.to/2F4Tvq6
Work Monitors (Dell U4919DW UltraSharp 49 Curved Monitor): amzn.to/3yQmDhM
Desk (FLEXISPOT EW8 Comhar Electric Standing Desk): amzn.to/3S9OxvG
💻 Cybersecurity PC Build Parts
[Processor] Intel Core i7-13700K 3.4 GHz 16-Core Processor: amzn.to/3OlTTUK
[Graphics Card] Asus DUAL OC GeForce RTX 3060 Ti 8 GB Video Card: amzn.to/3OE0bkd
[AIO Cooler] Corsair iCUE H100i RGB ELITE 65.57 CFM Liquid CPU Cooler: amzn.to/3DEUUT9
[Motherboard] MSI PRO Z690-A WIFI DDR4 ATX LGA1700 Motherboard: amzn.to/3Ol9La8
[RAM](2x) Corsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-3200 CL16 Memory: amzn.to/3OlsgeM
[HDD] Seagate IronWolf NAS 8 TB 3.5" 7200 RPM Internal Hard Drive: amzn.to/3DFdc6K
[SSD] Samsung 980 Pro 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive: amzn.to/3KpTnnQ
[Case] Corsair 5000D AIRFLOW ATX Mid Tower Case: amzn.to/44Rjaxf
[Power Supply] Corsair RM850x (2021) 850 W 80+ Gold Certified Fully Modular ATX Power Supply: amzn.to/478wC1r
[Fans] Corsair iCUE SP120 RGB ELITE 47.7 CFM 120 mm Fans 3-Pack: amzn.to/44R4myD
Can't believe they still use this thing. I used this kind of mechanism to track "email open" 10 years back when I was working as email/internet marketer.
It's crazy the spy pixel still works to this day.
@@collinsinfosec It's crazy how bad security is.
Great tutotial!!
Tracking pixel also work as a picture you add in an HTML page. I doubt the Base64 Encoding will negate it.
Looks interesting!
Fun project!
Hey! Really appreciate your videos so far.
Am stuck at the Step 3: getting echo "Hello world" > index. Doesn't seem to get the hello world. Looked at the log, its seem to have issue with the symbolic link or permissions. Would appreciate your assistance...
The only thing that keeps me from not changing to Proton Mail is the 1GB storage limit for free subscriptions... Keep up with the good work! I relate to you a lot
I'd rather pay for privacy using Monero than give my data for free
did i understand that correct, if we are getting an ip address for geotracking and the customer has gmail, it will not really be their ip, it's a generic or local google ip location, is that correct?
yes
Spy Pickles @ 5:00 lol
Woops 😂
👍
im curious, how old are you mister collins
Would you be so gentle to consider the usage of a dark screen plugin the next occurrence.