Facebook uses bgsound to see if you opened an e-mail

Facebook uses bgsound to see if you opened an e-mail

Summary: Facebook is using a new implementation of an old trick to see if you opened an e-mail that the company sends you. Furthermore, Facebook isn't the only one to do this.


Here's an interesting conversation I stumbled on over at Google+. Carl Chatfield starts off with a casual observation:

Fun fact, facebook knows when you read their emails (assuming you have html enabled and show images). This is at the bottom of every email that facebook sends:

<span style=3D""><img src=3D"http://www.facebook.com/email_open_log_pic.php?mid=3D51178b2G56e57c6dG1f415bcG0" style=3D"border:0;width:1px;height:1px;"/><bgsound src=3D"http://www.facebook.com/email_open_log_pic.php?mid=3D51178b2G56e57c6dG1f415bcG0&s=3Da" volume=3D"-10000"/></span>

I'm also not sure whether or not gmail disables bgsound by default, which facebook also attempts to use to track you. Someone at gmail, could you please comment.

Charles Ma comments saying Facebook isn't doing anything new:

A lot of companies do this, anyone using www.campaignmonitor.com or www.sendgrid.com. Not saying it's right or wrong, just pointing out that pretty much anyone who knows anything about email marketing is doing it now.

Michael Whalen thinks Facebook is doing something perfectly okay:

Hmm, I wouldn't really consider this an invasion of privacy? It's more like a monkey-patch to not having solid read receipts with email. I also think it's a cool approach. If you're using Facebook and enjoy it, why would you care if they know you read the email or not? It's a notification after all.

Scott Moss explains why it's not that simple:

The main issue is that image blocking in emails (unless otherwise specified by the users request on a domain by domain basis) was a standard implemented to stop tracking and subsequent verification of email addresses. Right now, I can put money on it (if they haven't already done so), spammers are adding BGSOUND tags into their messages to verify not just accounts, but accounts that are "accessed".

It may be a nice feature in a perfect society, but last time I checked, we were far from perfect. If you're enjoying FB, then allow the images for that domain. FB knows that people don't always do this, so they found a way of circumventing the issue.

David Lindsey tries to bring the discussion back on topic:

About half the commenters are missing the bit about bgsound. Everyone knows about tracking via images. But the question is, do email providers like Gmail load external resources like bgsound even when loading images is disabled? I'm guessing not, but what about various email apps?

Jonathan Graehl finally closes the circle:

according to my test with https://grepular.com/email_privacy_tester/ gmail doesn't fetch bgsound or any of the other usual suspects.

In short, this is a technique that has been around since the 1990s. If you want to learn more about it, head over to Wikipedia.

I have contacted Facebook for more information and will update you if I hear back.

Update on March 6: "Similar to other services that send a large number of emails (e.g. notifications users have rquested), Facebook uses several industry standard technologies to confirm that emails are received and whether they are opened," a Facebook spokesperson said in a statement. "We only use this information to improve the emails we send and no other data is tracked or collected."

See also:

Topics: Collaboration, Social Enterprise

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Sigh

    I miss when email was just text.
    • Heavy sigh

      You don't have to miss it. There are still a few email clients that support text-only. I ALWAYS use plain-text when sending and request it from anyone who sends me 'pretty' email.
  • IE only

    Bgsound is IE only. So this will only work in Outlook Express or webmail using IE. Seems pretty dumb to me but I must be missing something?
    jan bLinQue
  • hmm

    This article is missing all sorts of pertinent information like:

    - What is bgsound and how is it processed?
    - What types of email readers will recognize this tag?
    - How can the processing of this tag be disabled?
    - Is this is a web only issue or are some email clients affected?

    The trouble here is the writer doesn't really want to do any actual reporting, but just scour other people's posts and copy and paste.