And now you're back to square one due to draconian French surveillance laws.
Running your mail server on a VPS is not a very good solution, particularly when that VPS exists in a country that interpreted 1984 to be an instruction manual rather than a cautionary tale.
unfortunately not, adblock blocks ad related media only. This is one of the few tools that will intelligently block people from tracking your email views/opens
EasyPrivacy is an optional supplementary subscription that completely removes all forms of tracking from the internet, including web bugs, tracking scripts and information collectors, thereby protecting your personal data.
My point being, if you care about privacy enough it would extend more than just your email. Thus using Adblock Plus (with Easylist + Easyprivacy + other subscriptions), would be more beneficial to the end user.
Neat tool, thanks. I wasn't going to install it because it required access to mail.google.com and googleusercontent.com, but since it's open I feel better about it. It might be helpful to others to mention that and link to it in the chrome store.
If Google proxies and caches images at the time of receipt, instead of when you open the email, then you effectively don't have read receipts for Gmail users, because it looks like they all read the email immediately.
Caching images immediately is probably an attractive engineering decision on its own merits. Whether spamming read receipts is good (because it makes them useless) or bad (because it makes people think the emails got read) is an interesting question.
I mean, one can legitimately want that they do not receive the tracking information. But are there any real security implications, like siphoning off any unauthorized data, facilitating spam, etc?
But this is not any email; it's usually a promo or info email, usually with a link to directly click, so I would willingly divulge the same details — if the email is legitimate.
I could imagine that geolocating my IP might be undesirable at times. I wonder what are other potential security (not privacy) implications.
It's not just marketing emails. I have worked with people that track opens of their emails so they could decide how and when to follow-up with their contractors, clients, and prospective clients.
I too don't understand what's to be gained from a tool like this. If the party collecting the data abuses it to spam you then you simply unsubscribe/block the emails altogether. And of course they know you know you can do this, which gives them incentive to not do that.
I know first-hand of some recruiters who use email opens as yet another metric to gauge potential candidates. If you open emails but don't respond right away, some recruiters will immediately cross you off their list.
We use it to see if you are interested in the email. If you don't open 3 or 4 we take you off the list. We also use it to see if email addresses are no longer used.
I don't really see why you'd care about tracking pixels 99% of the time. If you purchase something from us and we email you, it's super useful for both of us to know if you have read the email (purchase receipt or booking confirmation.)
I personally don't see much spam and what I do see I just delete, so tracking pixels in those aren't an issue for me.
The average company does not behave so genially. They want to see who is opening adverts.
All I care about is myself getting the confirmation, if I have a problem I will contact the company. I do not care if they know about me receiving it otherwise, and I certainly do not care to help in the inevitable but unfortunately legal flood of spam after any online purchase.
The average company does not behave so genially. They want to see who is opening adverts.
All I care about is myself getting the confirmation, if I have a problem I will contact the company. I do not care if they know about me receiving it otherwise, and I certainly do not care to help in the inevitable but unfortunately legal flood of spam after any online purchase.
> If you purchase something from us and we email you, it's super useful for both of us to know if you have read the email (purchase receipt or booking confirmation.)
Why? If I'm interested in the email, I'll request it (i.e. if I'm purchasing something from you, me receiving confirmation emails from you should be opt-in, either in my user settings on your site or on a per-purchase basis). If I'm not interested in the email, I'll click the "unsubscribe" link in the email (you do include unsubscribe links, right?) or otherwise specify such in - again - my user settings.
In other words, that's not your call to make. That's my call to make, and your explanation is sounding like a very weak excuse to pin my privacy to a table and give it a night it'll never forget.
- Could be used for entrapment, that is to say, could send over potentially criminal information and argue that the user did in fact "receive" it since it was read.
- If you could inject your own tracker into someone else's email, you might also gleam when and potentially how they read that email.
- One funny thing that came to mind. In Australian contract law (likely similar to the UK from which the laws were adopted), if you email someone an your acceptance to a offer, that acceptance is deemed as received when the email is read (the person becomes aware of the acceptance). Where as with regular postal mail, the offer is accepted when posted (the "postal rule", a nice headache). If you had a tracking code, it would be harder to to argue you weren't aware of the acceptance by email. That is unless your email client pre-fetches images before the email itself is opened...
No Chrome extension can know which images are being used to track email opens. If you want to disable that sort of tracking you should disable images/external resources completely. Otherwise you're just getting a false sense of security.
I use (al)pine. Nobody has ever, in any way, received information about my email opens.
I speed through email with keystrokes and zero mouse movement, and I can use email with ease on even the slowest of satellite or 2G network access.
Finally - and this is my favorite part - since I use pine, and my engineers at rsync.net also use pine, not one single intra-company email has ever traversed the Internet. Ever.
All intra-company email is simply a local copy operation on a single mail server.
That's pretty neat to hear. I used to use Pine on the Seattle Community Network back in the early 1990s and have been thinking of trying it again. Have you documented your setup somewhere?
> since I use pine, and my engineers at rsync.net also use pine, not one single intra-company email has ever traversed the Internet. Ever.
What does the mail client have to do with this? I use Thunderbird with Gmail, and, since all of my contacts use Gmail, not one single email has ever traversed the Internet, ever.
With TLS-enabled mail servers, this isn't very relevant a metric.
Really? You're equating knowing who sent what when and how to just knowing that something was sent at some point, from an unknown origin to an unknown destination?
I used to use pine and as an email client it's very nice but I have such engrained muscle memory for emacs that I switched to gnus and then later to notmuch.
Also increasingly, mail clients are sending only html without a text/plain part, and w3m on emacs renders those nicely.
"[...] Google spokesperson I emailed said that’s not entirely correct. (The spokesperson declined to be quoted.) Instead, they said marketers who track open rates through images will still be able to do so — indeed, they suggested that the data might be more accurate now since open rates will count users who read the emails but don’t load the images."
Sounds like Google made sure tracking works even when users attempt to evade it.
But another quote in the same article still talks about pixels:
"MailChimp can still detect the first request for the open-tracking pixel."
Isn't this redundant unless I accept images? I get:"Images are not displayed. Display images below - Always display images from webmaster@ibmverse.com" (for example).
I generally use Thunderbird and while I have not checked what it does in all cases, it generally flags when there is remote content and provides options regarding loading it. I'm happy with that. I know many folk of course use web based mail readers, and this is directed at them, but if its a big issue using a product like Thunderbird may be the way to.
I thought that too, but no. It seems it replaces the original link with a google url, which is basically a proxy address for that original url. It seems they may cache it, but don't preemptively download it when the mail is received.
Obviously if they downloaded any image linked to an email send to gmail that could lead to a DOS, and be very wasteful in any case. So they wait until you actually open the email. But at least it obscures your IP unless you click on the links.
48 comments
[ 4.1 ms ] story [ 115 ms ] threadRunning your mail server on a VPS is not a very good solution, particularly when that VPS exists in a country that interpreted 1984 to be an instruction manual rather than a cautionary tale.
EasyPrivacy is an optional supplementary subscription that completely removes all forms of tracking from the internet, including web bugs, tracking scripts and information collectors, thereby protecting your personal data.
The proxy effectively prevents cookie setting, ip address determination and geolocation, and injection-type attacks.
Caching images immediately is probably an attractive engineering decision on its own merits. Whether spamming read receipts is good (because it makes them useless) or bad (because it makes people think the emails got read) is an interesting question.
I mean, one can legitimately want that they do not receive the tracking information. But are there any real security implications, like siphoning off any unauthorized data, facilitating spam, etc?
I could imagine that geolocating my IP might be undesirable at times. I wonder what are other potential security (not privacy) implications.
I too don't understand what's to be gained from a tool like this. If the party collecting the data abuses it to spam you then you simply unsubscribe/block the emails altogether. And of course they know you know you can do this, which gives them incentive to not do that.
I don't really see why you'd care about tracking pixels 99% of the time. If you purchase something from us and we email you, it's super useful for both of us to know if you have read the email (purchase receipt or booking confirmation.)
I personally don't see much spam and what I do see I just delete, so tracking pixels in those aren't an issue for me.
All I care about is myself getting the confirmation, if I have a problem I will contact the company. I do not care if they know about me receiving it otherwise, and I certainly do not care to help in the inevitable but unfortunately legal flood of spam after any online purchase.
All I care about is myself getting the confirmation, if I have a problem I will contact the company. I do not care if they know about me receiving it otherwise, and I certainly do not care to help in the inevitable but unfortunately legal flood of spam after any online purchase.
Why? If I'm interested in the email, I'll request it (i.e. if I'm purchasing something from you, me receiving confirmation emails from you should be opt-in, either in my user settings on your site or on a per-purchase basis). If I'm not interested in the email, I'll click the "unsubscribe" link in the email (you do include unsubscribe links, right?) or otherwise specify such in - again - my user settings.
In other words, that's not your call to make. That's my call to make, and your explanation is sounding like a very weak excuse to pin my privacy to a table and give it a night it'll never forget.
- Could be used for entrapment, that is to say, could send over potentially criminal information and argue that the user did in fact "receive" it since it was read.
- If you could inject your own tracker into someone else's email, you might also gleam when and potentially how they read that email.
- One funny thing that came to mind. In Australian contract law (likely similar to the UK from which the laws were adopted), if you email someone an your acceptance to a offer, that acceptance is deemed as received when the email is read (the person becomes aware of the acceptance). Where as with regular postal mail, the offer is accepted when posted (the "postal rule", a nice headache). If you had a tracking code, it would be harder to to argue you weren't aware of the acceptance by email. That is unless your email client pre-fetches images before the email itself is opened...
On a serious note: just block remote content.
I speed through email with keystrokes and zero mouse movement, and I can use email with ease on even the slowest of satellite or 2G network access.
Finally - and this is my favorite part - since I use pine, and my engineers at rsync.net also use pine, not one single intra-company email has ever traversed the Internet. Ever.
All intra-company email is simply a local copy operation on a single mail server.
What does the mail client have to do with this? I use Thunderbird with Gmail, and, since all of my contacts use Gmail, not one single email has ever traversed the Internet, ever.
With TLS-enabled mail servers, this isn't very relevant a metric.
They still have the meta-data, the actually interesting stuff.
http://www.nybooks.com/blogs/nyrblog/2014/may/10/we-kill-peo...
Also increasingly, mail clients are sending only html without a text/plain part, and w3m on emacs renders those nicely.
"[...] Google spokesperson I emailed said that’s not entirely correct. (The spokesperson declined to be quoted.) Instead, they said marketers who track open rates through images will still be able to do so — indeed, they suggested that the data might be more accurate now since open rates will count users who read the emails but don’t load the images."
Sounds like Google made sure tracking works even when users attempt to evade it.
But another quote in the same article still talks about pixels:
"MailChimp can still detect the first request for the open-tracking pixel."
http://gmailblog.blogspot.com.au/2013/12/images-now-showing....
Obviously if they downloaded any image linked to an email send to gmail that could lead to a DOS, and be very wasteful in any case. So they wait until you actually open the email. But at least it obscures your IP unless you click on the links.