Single-Pixel Tracker Leads Paranoid Turkish Authorities To Wrongly Accuse Over 10,000 People Of Treason

from the tiny-web-beacons,-massive-consequences dept

We’ve written many articles about the thin-skinned Turkish president, Recep Tayyip Erdoğan, and his massive crackdown on opponents, real or imagined, following the failed coup attempt in 2016. Boing Boing points us to a disturbing report on the Canadian CBC News site revealing how thousands of innocent citizens have ended up in prison because they were falsely linked with the encrypted messaging app Bylock:

The Turkish government under President Recep Tayyip Erdogan links Bylock with treason, because of the app’s alleged connection to followers of Fethullah Gülen, the man the Turkish government believes is behind the deadly 2016 coup attempt. Gülen denies the allegations.

Alleged Bylock users are a large part of the nearly 150,000 Turks detained, arrested or forced from their jobs under state of emergency decrees since the summer of 2016.

An estimated 30,000 are believed to be among the innocent swept up in this particular campaign, victims of the chaos, confusion and fear in Turkey.

It’s bad enough that the Turkish authorities are equating the mere use of the Bylock app with treason. But it gets worse. It turns out that many of those arrested for that reason didn’t even use Bylock, but were falsely accused:

it was due to a single line of code, which created a window “one pixel high, one pixel wide” — essentially invisible to the human eye — to Hypothetically, people could be accused of accessing the site without having knowingly viewed it.

That line redirected people to the Bylock server using several other applications, including a Spotify-like music app called Freezy and apps to look up prayer times or find the direction of Mecca. Some people have been accused because someone they shared a wifi connection with was linked to Bylock.

According to the CBC News report, the single-pixel trackers that linked back to were used intentionally by the Bylock developers in order to muddy the waters, and make it harder to identify real Bylock users. However, it’s not clear how these Web “beacons” came to be associated with other apps. Whatever the mechanism used to accuse innocent people, the Turkish authorities have confirmed indirectly that the misleading calls to did indeed take place, albeit releasing that information in a way that violates the victims’ privacy pretty badly:

The Turkish government and the country’s courts rarely admit they are wrong, but in December, they revealed the gravity of the mistake they’d made by publishing a list of 11,480 mobile phone numbers. Each number represented a person wrongly accused of terrorism in the Bylock affair.

As well as confirming that Turkey remains in the grip of institutionalized paranoia emanating from the country’s president, this episode underlines just how serious the implications of single-pixel tracking can be. In an ideal world, such surreptitious tracking would not be taking place. As a second best, browsers would incorporate technology that warned users of such tricks and blocked their callbacks as a matter of course, but it’s hard to see how this could be done in a way that isn’t easily circumvented.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Single-Pixel Tracker Leads Paranoid Turkish Authorities To Wrongly Accuse Over 10,000 People Of Treason”

Subscribe: RSS Leave a comment
Paul Brinker (profile) says:

Re: Re: Re:

I recall the Clapping issue being used by Stalin’s secret security. An auditorium would call for those in attendance to clap for the great leader. The first to stop clapping would then be arrested.

Not sure if its real, but several sites have the same story.

Anonymous Coward says:

Single-pixel trackers have a dark origin

They were developed and deployed by spammers in order to help them figure out which tactics were getting their abuse delivered. Each access to those pixels is accompanied by data that tells them:

– which of their outbound mail servers was used
– which version of the spam was sent
– which user was targeted
– which delivery method their mail server used
– and so on

When a spam victim hits one of those single pixels, that N-tuplet of information is sent back to the spammers — along with a timestamp of course, so they can also measure the time between when spam was sent and when it read by someone insane enough to use an HTML-capable mail reader.

This tactic is still used today by spammers-for-hire like MailChimp, ExactTarget, ConstantContact, and so on. All of them have been busy spying on huge numbers of users for years.

This would be a good time to wonder who they’re selling all that data to.

Turk here says:

Re: Re:

These gulenist who made the bylock app are active for over 30 years. Every Turk on earth knows about their existent. I get how it would sound tinfoil hat bs, but its not.<br />Gulen is their leader and there is a video of him saying to move into every position of power inside the government and armed forces. To grab as much power positions as possible so they can take over the government in the end.<br /><br />The net the government threw out is indeed too large and innocent people get caught up the process of catching the guilty ones. Time to time, theyre getting released after more research about them.

You should research the gulenist school in europe, america, asia and africa. They`re everywhere “educating” the elites childeren to get in those governments also. Super easy in poor countries which have bad education.

Turk here says:

Re: Re: Re: Re:

You cant compare a person like Stalin who killed millions of his own people and millions of none Russians with gulen or Erdogan. Or with that propaganda Trotsky.<br /><br />Its correct that Erdogan/akp was allied with gulen and his followers. They did that to take down the armys hold over the government. Something the west also demanded from Turkey. Civilian rule not a military one. <br />That alliance broke up when the government realized that gulen was putting his own followers inside the army high command. <br />I followed the probe against the the army. Files were full with errors like wrong dates, places or buildings that didn't exist until after the criminal offenses were committed. All those arrested in the probe are released, got money for time spend in prison and missed promotions.<br /><br />Coup<br />2 weeks before the coup, i saw a news report on tv, that the army would be purged of gulens followers. It was stupid to release that information. <br />After that the gulenist had 2 options. Do nothing and get arrested. Or do a last stand and take over the army and with that the country. <br />The coup failed because the mit(Turkish fbi)hacked the bylock server and knew of the coup. So they had to rush the operation. The day the coup was going to happen one of those gulenist got caught and they could follow the operation trough whatsapp group chats. If the civilians didn't take to the streets, coup would have been successful.<br /><br /><br />Western source about the coup. Worth reading, they fact check everything.<br /><br />Its complicated and everyone in Turkey wants it to be over. You can dismiss what i said as pro government propaganda. Thats up to you. All i and millions of Turks want is a stable Turkey.

Roger Strong (profile) says:

Re: Re: Re:2 Re:

Even if you accept that there was a real coup attempt, it’s obvious those involved make up a only tiny percentage of the tens of thousands arrested.

Erdogan used it to clear all opposition – reporters and newspaper editors, teachers and professors, police and judges, mayors and other politicians, etc.

He used a failed coup as a pretense to launch his own, seizing totalitarian power.

Richard (profile) says:

Re: Re: Re:2 Re:

You can`t compare a person like Stalin who killed millions of his own people and millions of none Russians with gulen or Erdogan. Or with that propaganda Trotsky.

BUT I can compare the RELATIONSIP between Erdogan and Gulen with the RELATIONSHIP between Stalin and Trotsky.

I can also point out that Erdogan is a nastier character than Gulen, in the same way as Stalin was a nastier character than Trotsky. I can also point out that Trotsky and Gulen ended up in exile and that Stalin and Erdogan ended up in power.

I can also point out that Stalin pursued the exiled Trotsky just as Erdogan is pursuing the exiled Gulen.

The parallels are obvious.

Stalin knocked down the church of the Saviour in Moscow to make way for the (never built) palace of the Soviets.

Erdogan wants to reconvert the Hagia Sophis into a Mosque.
If he was a peaceful leader, friendly to other religions but his own he would give it back to the Orthodox Church.

He is not – he has an agenda of Islamic domination – just like Stalin had an agenda of communist domination.

Gulen also has an Islamic agenda – but it is a more peaceful one.

Turk here says:

Re: Re: Re: Re:

Im secular, didn't go to a mosque in at least 20 years. Im covered in tattoos, i drink alcohol and enjoy the separation of government and religion.
I hear western people always talk good about secular governments Turkey had. Yet they never research what those governments did. They`re the ones which took away every right kurds had. They invested nothing in Turkey and killed every big project. If they did their job, no one would have voted for the akp. Good start would be wiki

The sad thing is, the opposition parties would lose an election to a demented eldery. 3 main parties next to akp

chp(secular) Basically trump with even worse ideas. They suck so bad. They had a convention last week where 100 got food poison en they fought among each other.

MHP(ultra nationalistic party) Run by a 80 year old dude, who wants to go to war with everyone(russia/iran/the west)

HDP (leftist pro pkk) They even go to kandil mountains and do photo shoots with terrorist. Brother of their leader is in the pkk.

As much as i want more parties in the government. There is no other party which works like one should. Until they fix their parties, akp will keep winning. The way the west is reacting to Turkey, only strengthens the hand of akp. Turks from all sides will fight each other with no problem. But we always unite against an outside attack.

Just trying to explain how Turks think. Do with this info as you pleas.

Richard (profile) says:

Re: Re: Re:2 Re:

You are right that the old secular parties weren’t that great.

Lots of bad things happened on their watch. Attaturk, after all, came out of the same environment as Mussolini and Hitler (ie defeated nations after WW1). Unlike them he did avoid WW2 but the regime he left behind was blatantly nationalistic.

Subsequently Turkey did tend to get a free pass (rather like Iran) as a frontline state against communism and I think that didn’t help the political atmosphere.

Richard (profile) says:

Re: Re: Re:2 Re:

Turks from all sides will fight each other with no problem. But we always unite against an outside attack.

I think that is actually part of the problem.

Nations have to learn self-criticism if they are to become mature.

Germany did this after the war by admitting their fault and is a better nation as a result.

Similarly with (most of) the US vs slavery.

Similarly with the colonial history of the UK.

S. Africa had its "Truth and Reconciliation" process.

Countries that don’t go through this type of process (eg Zimbabwe) tend to remain barbaric.

That is why Turkey needs to own up to a few things (eg Armenian Genocide). However Turkey has to do this willingly. No one else can force them.

They have to realise that their standing in the world would be vastly improved if they did.

Richard (profile) says:

The Turkish government and the country's courts rarely admit they are wrong,

The Turkish government and the country’s courts never admit to anything. Strangely the rest of the world seems to keep letting them get away with it.

From the Armenian/Greek/Assyrian genocide, through the invasion of Cyprus to the current attacks on the Kurds – with many smaller stopping points on the way there is a great litany of actions that few other countries could have done with the impunity that Turkey seems to enjoy.

It isn’t just Erdogan – it is the country – or at least a big chunk of it – and the part that doesn’t agree is largely behind bars (or at least out of a job) today.

Wendy Cockcroft (user link) says:

Re: The Turkish government and the country's courts rarely admit they are wrong,

This might be a good time to carry out a search on “Japan comfort women,” a euphemism for horrific sexual slavery. Their other atrocities (Rape of Nangking, abuse of POWs, Tenko, etc.) are well noted in the historical record.

The UK government has yet to admit that colonialism was a bad thing that resulted in millions starving to death in manufactured crises wherein laissez-faire policies prevented the government from intervening as the all-powerful god Market was supposed to be doing that. Must have been on his jollies or something. We Irish have not forgotten. Oh, and Brits invented concentration camps during the Boer War.

I recently learned that colonists wiped out the indigenous people of Tasmania (they put bounties on the locals) and racist policies continue in Australia to this day; indigenous kids are fostered out to white families instead of being placed with their own people to maintain their family and cultural ties.

The takeaway: nobody’s perfect and we ourselves have a lot of cleaning up to do where our own acts are concerned. Shouldn’t we at least make a start before calling other people out?

PaulT (profile) says:

While it’s on a different scale, this sort of thing is why I’m always opposed to the three strikes-style rules. The evidence used is so flimsy and so easily spoofed that plenty of innocent people would have their connections shut off, and it would be trivial to deliberately target victims.

In this case, it’s nice that the authorities have admitted their mistake, but I can’t help wonder how much irreversible damage has been done to these peoples’ lives in the meantime.

Anonymous Coward says:

As a second best, browsers would incorporate technology that warned users of such tricks and blocked their callbacks as a matter of course, but it’s hard to see how this could be done in a way that isn’t easily circumvented.

Although slightly overkill, blocking cross-origin requests by default kills this and blocks a surprising amount of other badness too. Firefox has Policeman to do this (and RequestPolicy before that). Chrome probably has something similar. In principle, it’s as simple as:

if source_document_domain is not target_document_domain:


The ugly details come down to how precisely to match domains: do you allow to embed (often yes, but even that is risky if the stakes for a false negative are as high as in Turkey)? Do you allow to embed (usually no)? What do you do about the obnoxious sites that stupidly embed things like Etc.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...