7 comments

[ 3.0 ms ] story [ 19.8 ms ] thread
A beacon doesn't mean they're reading the content of the email.
Well, they sent the email in the first place. So they obviously already know the content.
This is one of my favorite features of GitHub, alongside reply by email to comment.

Does anyone know how their beacons get around Gmail's tracking buster? (https://gmail.googleblog.com/2013/12/images-now-showing.html)

What's there to get around? the gmail proxy fetches the image, which tells GitHub that the email has been opened, which is all they need to know. The proxy does protect against leaking the IP address, cookies and potential code injections, but not against the signal "image requested by user".
This is a very commonly implemented practice in HTML emails. Nothing to bust out your tinfoil hat over (just keep it on your desk, I'm sure it will be needed after reading other HN posts). Just disable loading external images by default in your email client if you don't want these services to know if you've read their email.
"I'm paranoid enough to be worried about an email beacon. But instead of protecting myself with a secure client or text-only mode, I'd like to trust that people aren't going to track me."

Right.

If you want to add this to your Rails app with basically no configuration check out the Ahoy gem.