Geolocalize Someone By Sending Him An Email

You thought you could consult your emails from anywhere incognito. You thought you could not be tracked. Yeah, it is not entirely true. If you do not pay attention to certain little things (and most of people don't), you may not be as incognito as you think you are.

How to geolocalize someone

The only thing that you need is a web server on which you can read the access logs.

  1. Upload a smiley on your web server. Let say you can access it via http://myserver/smiley.jpeg.

  2. Prepare your message in a HTML document with the smiley in it. Like this message:

    See you tomorrow ! <img src="http://myserver/smiley.jpeg" />
    
  3. Open it in your browser, copy the whole page and paste it in a new mail in Gmail that you send to the person you want to track.

    Note: Gmail do not allow you to write email directly in HTML. That is why you have to write it in a text editor, open it in a browser and copy-paste it to Gmail.

  4. When the recipient will open the mail, it will load the image. It means that his browser will send a request for the image to your web server and that request will be logged into a file. If you use Apache, that file will be something like /var/log/apache2/access.log. You will see a line like this one :

    myserver.com:80 66.78.236.243 - - [28/Apr/2011:19:00:05 +0200] "GET /smiley.jpeg HTTP/1.1" 304 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.57 Safari/534.24"
    

What you can know from this line is :

  • the IP address of the receiver is 66.78.236.243, that you can geolocalize with a tool like geolocip.com,

  • the receiver opened you mail the April 28th of 2011 at 19:00:05,

  • the receiver has a Mac with OSX 10.6.7 and uses Chrome v11.0.

Kind of scary, huh?

And how can I prevent it?

Some mail client do not load automatically the images in the mail of people you don't know. In gmail for instance, you are asked if you want to load the image or not from mail from unknown senders :

But, here an extract from the Gmail help:

If someone you've sent email at least twice sends you a message with images in it, you’ll see the image by default (because the people in this group are likely people you know and trust).

Understand that you can be geolocalized by all the people you have sent at least 2 emails. If you are paranoid, you can disable to load automatically all external content in your email client, then you will control a bit more the information you send to the world.

But I am not doing this, I prefer to be geolocalized rather than having to click each time I receive an email to display the images. And no need to send me an email, I am telling you: I am here!

More info in Gmail help: Display images from certain senders.

Quentin Pleplé
April 2011