34 comments

[ 3.0 ms ] story [ 92.9 ms ] thread
Gmail and Runbox both allow the user to not download images (this is the default and is opt-in per sender). I assume this protects anyone using their readers, yes?
I think: Gmail started caching the email/images in late 2013 to protect against this. So if the sender is watching, they only see gmail servers pull it once to their cache. The gmail user only ever sees or gets content from Google's cache. To not "download images" is to stop arbitrary image content when you load an email (for me atleast since I stay inside gmail).
How can they cache tracking pixels? Each one has a distinct URL.
If I understand your question, the cache GP is referring to is not meant to help across users. Rather, when someone sends you an email the images are pulled into a cache [0]. When you view the email you aren't seeing the resource loaded from the tracking pixel URL, but rather a google cached version. This would mean that the sender wouldn't be able to know about you looking at the email multiple times, etc.

[0] I don't actually know if it works that way. Just what I believe the GP is saying. I could maybe see this being done so they can run heuristics on the assets, or something like that.

I worked for someone back around 2013/14 in which we tried to implement some tracking pixels, and what you described was exactly what we ran into with Gmail recipients. When the e-mail lands in the inbox, Google was retrieving the image from your server, caching it, and then displaying the cached version to the user -- so all you knew was that the email was being delivered to the inbox, but couldn't tell if the email was opened. I don't know if that's how it currently works, but that's what we ran into at the time IIRC.
(comment deleted)
I disabled downloading images in Gmail a while ago to work around thism
Yet iOS still downloads pictures in emails by default.
Why are you using ios?
Android is even worse in terms of spying on you. At least on iOS you can go turn everything off.
Does it? Do my settings cary over in the backup? I vaguely remember turning this off years ago but that was a few phones back. Nowadays I just assumed it was off by default.
(comment deleted)
This is a pure puff piece for a new webmail app. I'd love to know how the BBC (of all outlets) came to publish this article.

If I may say so, the mnm project also deserves coverage like this. It prevents spy-pixels, and phishing, and provides unsubscribe (from threads, or senders, or whole sites). And a heck of a lot more :-)

mnm, an open source project to replace email & SMTP:

https://mnmnotmail.org

https://twitter.com/mnmnotmail

i thought not downloading images in email was the default in pretty much all clients since.. maybe 2005? Am i wrong?
Gmail loads external images by default. You can disable it. Please do.

https://twitter.com/dheeranet/status/1163542814233223168

I'm pretty sure gmail caches everything to prevent anyone from getting useful data from this.
No, they don't. This spy pixel crap is exactly how privacy-invading tools like Superhuman get read receipts. Some even show the city and country that the e-mail was read from by GeoIP-reversing the IP address that accessed the pixel. This practice needs to be ended, and IMO is a far worse violation of privacy than GDPR or anything else people are making noise about today.
Gmail does say they use image proxies. Is there some specific way those tools are getting around this? Just unique image names per sent email? https://gmail.googleblog.com/2013/12/images-now-showing.html
I wasn't aware of the proxy, so I may be wrong about the GeoIP aspect, but it's possible other mail clients don't proxy, so it's something to be wary of nonetheless.

They use unique URLs for each e-mail and recipient, so when the proxy makes the request, they can trace it down to which exact e-mail was opened.

Gmail doesn't cache things. It does proxy them. So, they can't read or write cookies, but given that spy pixels contain unique URLs, they are able to determine things like opens.
Same, I don't remember seeing images in emails since forever. But then again I use Thunderbird and not a fancy web client. Hell, even our corporate outlook settings prevent external images from loading.

Always amazed me that some marketing emails still use images for all content, when I see that I just laugh at the empty email.

PSA: you can disable automatic loading of images in Gmail. PLEASE do this NOW and end this horrible privacy practice which enables stalkers and numerous other behaviors.

I would start a Twitter storm but I'm not famous enough on Twitter to do that. Here is the setting you want:

https://twitter.com/dheeranet/status/1163542814233223168

Interesting - we used to have tracking pixels and now we have upgraded to active code spy pixels?

Tracking pixels go way back, they were used primarily for deliverability and engagement analysis.

The article says that now the sender can see what street you are on. I thought google proxied these so you got a google IP - how do they defeat google's proxy? Also you would think that most email providers would filter out spyware - I have not picked up any of these spy pixels through google so far.

Any links sent in an email can become unique to the recipient.

Link a link shorter, but the URLs are not short :-)

You can know what link was clicked and who clicked it.

So even if the images are blocked, if you click a link it goes through the link shortener redirection server, and bingo! They know more about you! :-)

Sure, tracking pixels worked this way, you give the image a unique hashed filename.

But these "spy pixels" that can see the street you are on. I've not been following this space, but google proxies the request, how does the spy pixels active spyware payload deploy even? And if they are using the ip address that is just a google IP (or a cloudflare IP if I'm going through WARP).

I am convinced the only way to shut this down is probably for Apple and Microsoft to band together and remove support for external content entirely from Mail and Outlook.

Sure all (intrusive, privacy-violating) newsletters and email messages will turn into "click to read" links, but that's probably a better situation than what we have now.

I was amused by a financial service I use that sent me a mail expressing concern that I wasn't opening their mail (which I had subscribed to).

I was reading them all along. They just didn't know, and assumed I wasn't opening them. I was, but not the tracking pixel.

These exist because Internet email was never properly designed in the first place(!) -- initially, a long time ago, there was no way to know if a recipient opened your Internet (SMTP/POP3) email (compare this to a Bloomberg terminal or Microsoft Outlook, where emails to other users of the same email system would return a return receipt automatically in the case of Bloomberg, and if requested by the sender, in the case of Outlook...)

But the tracking pixels, aka, "spy pixels" -- are there to get around this earlier limitation...

The way it works: A link to an image, an image hosted somewhere else on the Internet, is placed in an email. Well, now the email system needs to display that image, so when the message is opened, the URL for the image is opened, and if that's a unique URL -- then it can be tied to a specific piece of email -- in effect letting the party on the other end know that you opened the email, when your email client went out to the Internet to fetch the graphics for the image...

Is that good or bad?

Well, it depends on one's point of view...

Certainly it's bad for privacy... but what about transactions in business where one party needs to know that the other party received something important?

You could compare this to asking UPS or the Post Office to put package tracking on a package, which is a very beneficial service to businesses, because it lets them know that a package they have sent is now in the customer's hands, and their responsibility (at least as far as shipping and getting it into their customer hands) is now over...

Certainly you would want to know if an intended recipient actually received Bitcoin, or other digital currency you sent, as part of an online transaction you were involved in...

Also, by reciprocity, if you wanted that, then by reciprocity you should also be OK with other senders/counterparties in digital currency transactions with you -- being able to know with certainty if you had received the Bitcoin or other digital currency that they had sent...

It's almost the same thing...

People should not blame the Internet for inventing this "creative work around" for tracking -- for the Internet's earlier invention of email which didn't know if anyone received an email or not...

A well-designed future email system -- permits message tracking as an option -- but doesn't force it down users' throats without consent.

Also, a well-designed future email system -- would permit a high degree of granularity on what the end user wants to allow others to track and what they don't...

For example, they might set the system so that their friends and family (or other whitelist of names) could receive automatic confirmation when their messages are received, opened, etc. -- but this wouldn't happen for unknown/unsolicited senders...

But anyway, that's "why" of the "spy"...

...pixel, that is... <g>

A well-designed future email system prohibits tracking.
As an end user, what can I do to help reducing tracking in e-mails?

Politely sending and email to Company Foo? What are good arguments to write in there, so that _anyone_ working in Company Foo can understand the problem?

I don't expect companies to start using plain text in emails, although I'd love that...