DT Note: This is an area I have been looking at and was preparing to write on, however, when I saw this I knew that I would struggle to beat it in terms of research and completeness, so thank you to Peter Steven Ho.

Also known as 1 × 1 pixel trackers, they’re the data vampires that go undetected in your emails.

It’s getting harder and harder to keep your online activities private. Everyone — governments and commercial organisations alike — wants to know your opinion, what you like or dislike, what you do or don’t do online and all your social interactions.

Most of us will no doubt be familiar with the use of cookies. They’re used by websites to track our activity when we visit the website. Some sites are polite enough to ask for our permission, while others aren’t, but there’s little doubt that your activities will be monitored using cookies.

1. Unlike cookies, email trackers don’t need your permission

Current regulations on the use of cookies “limit” the type of information that it can capture, relay and retain. Furthermore, in some jurisdiction, a site must obtain a user’s consent for cookies that do more than what’s legally permitted.

But nothing similar exists for email trackers and that makes its use a free-for-all. Worst still, we don’t even get an option or a right to opt out.

2. You can’t tell if your email has a tracker

When an email arrives in your inbox, there’s nothing to indicate an embedded tracker is in the email.

The tracker itself is essentially an image, it’s transparent and it’s only one pixel by one pixel in dimension, which makes it invisible and undetectable to the naked eye.

Without some kind of software filter or detector, you would be none the wiser.

3. The information that trackers can collect

When the recipient opens the tainted email, the mail client or browser automatically contacts the server to source the transparent image.

At a minimum, that request is logged, along with the IP address, to indicate that the email has been opened.

But for those with more nefarious intent in mind, the image server could also instruct the email client or browser to report on:

  • who, when and how many times the email was opened,
  • the amount of time the recipient spent on the email,
  • the type of email client or browser the email was opened with, including the type of device and operating system that’s in use,
  • the recipient’s IP address, and
  • the links that the recipient clicked on in the email.

The tracker can gather all that information without the use of cookies or access to your browser history.

As far as I’m aware, mainstream apps like Apple Mail and Yahoo, and browser-based email clients don’t detect, warn or block hidden email trackers.

4. What our data reveals

With all the data that the trackers have amassed, it’s now possible for them to paint a picture of:

  • when is the best time to send emails,
  • your location and demographics,
  • the type of audience, their preferences and buying tastes,
  • which headlines, texts, images and formats generated the most opens and clicks, and
  • the clicks that produced a sale — a key indicator of a successful email champaign.

To me, that’s an extraordinary amount of information that I would ordinarily be very unwilling to give away.

Yet market researchers believe they have a right to that information. Their efforts are legitimised under the guise of helping businesses provide a better and a more targeted service that’s really supposed to benefit us, the consumer.

This is a blatant over reach by market researchers and it has become an unwanted intrusion into our private lives and it’s deeply concerning that it’s becoming “normalised”.

Again, without any regulation to curtail its use, the temptation is always there to expand the information dragnet.

So far, legitimate marketing organisations insist that they don’t weaponise their trackers with trojans in order to hack the system for information, but it’s difficult to imagine that they’re immune to the temptation.

From our perspective, it’s best to assume that it’s already occurring. If not by marketing agencies, then most certainly by scammers and hackers.

Photo by Pawel Czerwinski on Unsplash

5. You can protect yourself

Here are some useful solutions to protect yourself from giving away your information.

Gmail Users

For Gmail users, Google has spent a lot of money on image proxies.

Normally, a proxy would have a large cache of frequently requested images. If a tracker’s requested image exists in the cache, it would supply the image to satisfy that request.

This negates the need to reach out to the image server itself and that would also stop the image server from logging an email engagement, the recipient’s IP address and geolocation.

However, Google does something unusual. They modify all the requests that are sent to the image sever. The modification makes it look like the request is from Google instead of the recipient.

Although this does effectively deprive the marketers of the recipient’s IP address and geolocation, it still allows them to log the transaction an email engagement.

While this might seem like a win for Gmail users, there is a catch.

“>… an important fact omitted from Google’s rationale is that data such as the IP addresses and the geolocations don’t magically disappear when Google caches the image. The sender may no longer get this data, but Google certainly does. What Google plans to do with this information remains to be seen.” The Goolara Blog

If you’re not keen to just rely on Google alone, here are a couple of other things that you can do to make it more secure.

If you access your Gmail using the Gmail app, you can disable the loading of all remote images. Tap the hamburger (the three horizontal lines) icon, scroll down to Settings, choose the account to configure and tap on Images. Select the Ask before displaying external images.

If you use a browser to access your Gmail, you can block images from downloading. Simply click on the gear icon in the top right corner, then select See all settings. In the General tab, scroll down to the Images section, then click on the Ask before displaying external images to enable that feature.

Alternately, you may consider installing a filter extension like:

Outlook users

As far as I’m aware, Outlook.com loads its images through a proxy, which is more in keeping with how proxies work. This goes some ways towards keeping users safe from pixel trackers and from other malicious content.

macOS

With Monterey, you will have to enable the Mail Privacy Protection measure in the Mail app manually. To do this, start the Mail app, go to Mail > Preferences, then click on the Privacy tab and select Private Mail Activity. Unfortunately, this feature is only available for Monterey users.

For earlier versions, you can try the following solutions:

  • MailTrackerBlocker: an open source extension to Apple Mail.
  • Boxy Suite: Subscription based Gmail client that runs on macOS.
  • Mailbird: a Windows email client that’s about to release a version for macOS.

Alternately, you can simply disable the loading of all remote images, which will prevent the trackers from giving away your information. To do this, start the Mail app, go to Mail > Preferences, then click on the Viewing tab and uncheck the Load remote content in messages option. Any image that’s in your emails will now be replaced with an empty box.Also known as 1 × 1 pixel trackers, they’re the data vampires that go undetected in your emails.

iOS

To turn on the Mail Privacy Protection feature in iOS 15, go to Settings > Mail > Privacy Protection and turn on Protect Mail Activity. Unfortunately, this feature isn’t available in iOS 14 or earlier.

iOS 15 Privacy Protection Settings. Photos by Author.

For added protection, be sure to enable the other tracking protection features. Go to Settings > Privacy > Tracking. Ensure that Allow Apps to Request to Track is unselected. This will force apps to ask if they want to track your activity.

Finally, to protect your IP address, go to Settings > Wi-Fi and tap on the “i” that’s next to the network name. Make sure you have Private Wi-Fi Address turned on. This will reduce the tracking of your iPhone across different Wi-Fi networks.

Windows

  • Mailbird: a licence and subscription-based Windows email client that also integrates with all the major social media apps.

Android

  • FairEmail: a fully featured, open source, and privacy oriented email app.

Browser filters

Catch all option

For maximum protection, you should consider using a paid VPN service like NordVPN or a free VPN service like ExpressVPN. Here’s a review of the best free VPNs for 2022.

😃
We publish a daily dose of decentralization here every day (UTC+8), for additional daily updates follow us on Mastodon, Twitter, Telegram or Element (Matrix). Please like & share all our output. We rely on User-Generated Content so why not write for us and since we try to avoid ads and sponsorship, why not donate to help us continue our work - all major cryptos accepted. You can contact us at decentralize.today and at blog@decentralize.today
Share this post