Facebook uses bgsound to see if you opened an e-mail

Facebook is using a new implementation of an old trick to see if you opened an e-mail that the company sends you. Furthermore, Facebook isn't the only one to do this.

Here's an interesting conversation I stumbled on over at Google+. Carl Chatfield starts off with a casual observation:

Fun fact, facebook knows when you read their emails (assuming you have html enabled and show images). This is at the bottom of every email that facebook sends:

<span style=3D""><img src=3D"http://www.facebook.com/email_open_log_pic.php?mid=3D51178b2G56e57c6dG1f415bcG0" style=3D"border:0;width:1px;height:1px;"/><bgsound src=3D"http://www.facebook.com/email_open_log_pic.php?mid=3D51178b2G56e57c6dG1f415bcG0&s=3Da" volume=3D"-10000"/></span>

I'm also not sure whether or not gmail disables bgsound by default, which facebook also attempts to use to track you. Someone at gmail, could you please comment.

Charles Ma comments saying Facebook isn't doing anything new:

A lot of companies do this, anyone using www.campaignmonitor.com or www.sendgrid.com. Not saying it's right or wrong, just pointing out that pretty much anyone who knows anything about email marketing is doing it now.

Michael Whalen thinks Facebook is doing something perfectly okay:

Hmm, I wouldn't really consider this an invasion of privacy? It's more like a monkey-patch to not having solid read receipts with email. I also think it's a cool approach. If you're using Facebook and enjoy it, why would you care if they know you read the email or not? It's a notification after all.

Scott Moss explains why it's not that simple:

The main issue is that image blocking in emails (unless otherwise specified by the users request on a domain by domain basis) was a standard implemented to stop tracking and subsequent verification of email addresses. Right now, I can put money on it (if they haven't already done so), spammers are adding BGSOUND tags into their messages to verify not just accounts, but accounts that are "accessed".

It may be a nice feature in a perfect society, but last time I checked, we were far from perfect. If you're enjoying FB, then allow the images for that domain. FB knows that people don't always do this, so they found a way of circumventing the issue.

David Lindsey tries to bring the discussion back on topic:

About half the commenters are missing the bit about bgsound. Everyone knows about tracking via images. But the question is, do email providers like Gmail load external resources like bgsound even when loading images is disabled? I'm guessing not, but what about various email apps?

Jonathan Graehl finally closes the circle:

according to my test with https://grepular.com/email_privacy_tester/ gmail doesn't fetch bgsound or any of the other usual suspects.

In short, this is a technique that has been around since the 1990s. If you want to learn more about it, head over to Wikipedia.

I have contacted Facebook for more information and will update you if I hear back.

Update on March 6: "Similar to other services that send a large number of emails (e.g. notifications users have rquested), Facebook uses several industry standard technologies to confirm that emails are received and whether they are opened," a Facebook spokesperson said in a statement. "We only use this information to improve the emails we send and no other data is tracked or collected."

See also:


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All