34 comments

[ 2.8 ms ] story [ 65.5 ms ] thread
Does this even work considering Gmail pre-fetches all the images nowadays?
Author here, yes it does. Meaning, email tracking still works regardless of gmail pre-fetching. But accuracy may be slightly off

I'll add this as well, several companies have built products just to allow people to do email tracking in Gmail (boomerang, signals, streak, banana tag). So yes it does work

[Edited x 2]

I think what he meant is - does TRACKING even work since google now pre-fetches images.
I'm not the author, but tracking doesn't work at all – this extension is 100% redundant.
Tracking still works. Tracking multiple opens doesn't work since Gmail will cache the image, but the first load of the image can still be tracked.
I can definitively say, as someone who spends a lot of time doing email marketing... tracking opens and CTR's for gmail users absolutely still works.
(comment deleted)
Want to pose the question:

Is it a bad thing to have your open and clicks "tracked" by an email marketer?

Yes and No.

It depends who the marketer is. If it's a spammer, then the answer is no, it's not good.

However, if it's a company you signed up for their email list, then you want tracking. You want them to send you advert's that you are actually interested in. You want them to not waste you time (and inbox space) with advert's that you will never be interested in. You also want them to send you engaging, funny, provocative emails that don't annoy you.

These things can only happen if the marketer knows what people are clicking on and what type of content is the most engaging.

I don't think gmail is prefetching images. They just proxy and cache them if and when you open the email
Why?
With Chromes PGP extension it seems logical that you don't want clear text email being sent and cached on google's servers.
I prefer not letting people know I'm reading their emails. It's a privacy thing :)
When and where I read my email is my business. Well, mine and Google's. But no one else's.
I'm wary of installing an extension that can access my data in gmail. Is the source code available anywhere?

Edit1: Found a chrome extension that lets me view the source code of chrome extensions[1]

Edit2: The inclusion of bootstrap.css is changing the appearance of some things, namely the "show original" message view. It also doesn't seem to detect the tracking image included by yesware

Edit3: Could I break this by adding "safe-img" somewhere in my tracking pixel url?

[1] https://chrome.google.com/webstore/detail/chrome-extension-s...

I understand your concern, but chrome extensions for gmail are widely used even across business/enterprise.

If it's any consolidation, I do not store/scan/save any data. It just blocks images that people are using to invade your privacy (ie track your email opens).

p.s. There is no oauth access required for this extension/app.

(comment deleted)
Edit2: Good catch Edit3: Technically yes, but I should move the blocking logic to the background script completely (webRequest level)

[Edit - fixed the Show Original styling issue]

(comment deleted)
Hi Alupis! PixelBlock specifically goes after known tracking images and things that smell like them (ie. 1x1 images). It doesn't block all images.

But more importantly, it's a privacy concern that some people may or may not have.

thanks! :)

Lol, updated my post and then saw yours ;-P

I understand people not wanting to be "tracked" by EMS... I'm on the "tracking" side of things... so my opinion is different than most people's.

Chrome plugins pose a HUGE security problem. This one, for example, gets access to your GMail account. Do you want that? What else could this plugin do since it can read your email? Do you trust the author not to steal your GMail cookie?

Are you installing this at work? What kind of trade secrets could you potentially leak? And how does it affect your corporate compliance requirements? If your email is subject to HIPAA regulation, then you may be leaking protected health information. That's pretty bad.

I, for one, rarely install plugins. I've written plugins for my own amusement that can do some very bad things, and it's just too easy. Think twice people.

I really really really want a better security model for chrome extensions. As an example, I'd be happy to install this extension if it didn't "have access to" my gmail content, but was somehow able to add DOM matching and mutating callbacks that were run under Gmail. The matching part would be under my control and couldn't be updated by the extension. For example I'd be happy to let this extension mutate any img tag. I'm sure you can find a million holes in this idea, but it would be better than what we have today.
Maybe if the permission was something like "Let this extension read and mutate stuff on the page but don't let it make any ajax requests". Would that be sufficient?
Not the person you were responding to, but this could be easily worked around by sticking `img` tags into the page with urls that are crafted to share information.
(comment deleted)
It's still a much, much safer model than Firefox's Add-ons.
Perhaps if I threw this on github people could see the code themselves, or better yet; run the extension in dev mode so they can 100% be sure they know the code running.

Appreciate the concerns claudiusd. Just trying to protect people's email privacy :)

Another potential solution to block 'read receipts' is to turn off image loading by default. Its not ideal - because you don't know what images will load until you load them so you may be tempted to load images when you think there may actually be some image content there.

The benefit of this approach is that all marketing email won't be tracked as well.

disclosure: i'm a co-founder at Streak and we offer read receipts for gmail.

Hi Aleem! This is Omar from Waterloo (your co-founder's friend). Big fan of you guys and what you've done with Streak. Contrary to some of the comments, some chrome extensions inside of gmail are very very very useful. Streak is definitely one of those
Personally, I find this very simple and useful. Great Job!
When I wrote email tracking software about 7 years ago, I dropped the 1x1 pixel, because of spam filters tripping over them. I just used any image in the email to track you and assigned it an unique URL. How do you propose catching that one?
At the moment I just scan for the most commonly known sources of tracking and then things that seem to be tracker images. The logic is quite simple, definitely can be improved to pick up a lot more tracking sources. But for now it works quite well :)