
PixelBlock – Gmail extension that blocks email open tracking - ramoq
https://chrome.google.com/webstore/detail/pixelblock/jmpmfcjnflbcoidlgapblgpgbilinlem?hn
======
Justsignedup
I thought this is completely pointless nowadays:

\- Gmail USED to block images unless you do "allow images"

\- Gmail changed to a system where gmail pre-fetches the images and runs them
through safety checks.

\- Gmail only does this check if you open the email.

\- Even if you block the pixel, you only block the gmail cache of it. NOT the
original.

Unless I misunderstand.

~~~
panarky
This is easy to test.

You will find images are NOT retrieved by Google's proxy before or after
opening the email when you have external images turned off in Gmail.

1) Ensure Gmail is set to "Ask before displaying external images".

2) Send yourself an HTML email with an img tag pointing to a site you control
(doesn't even need to be a real image).

3) Check your server log to see if the img url was retrieved.

4) Open the email in Gmail, but don't click "Display images".

5) Check your server log again.

6) In Gmail click "Display images" and check the server log again.

Only when explicitly clicking "Display images" does GoogleImageProxy fetch the
image.

Conclusion - don't install an extension that can spy on everything you do.
Just ensure external images are not displayed by default.

~~~
ramoq
I think the point of the extension is that you can keep images _on_ and not
have to worry about people tracking your opens. I would imagine the majority
of Gmail users keep images on

------
bahador
I could very well be wrong but I always thought that if you disable loading
pictures by default, that tracking pixels would be blocked as well. Unless you
click on "Show Pictures" that is.

~~~
phyzome
Right, that seems to be the real "fix".

(I still can't believe Google turned on remote images by default.)

~~~
ericpauley
This was likely the entire intent of this change, to allow email tracking by
default. After all, Google tracks email opens too.

------
fharper1961
Kinda scary to have a chrome extension that can read all of your email. Is the
cure more dangerous than the disease?

~~~
chewz
It ain't so difficult to analyze the code of Chrome Extension [1]. I did (I
quite often do this before installing extensions that do not have published
source) and as much as you should trust random guy on HN there isn't anything
malicious in the code.

On the other hand it is not very effective as the block list is quite limited.
33 entires if I have counted well.

[1] - Check for yourself -
[https://gist.github.com/chew-z/7b70da3724626ab04cfc9676bee18...](https://gist.github.com/chew-z/7b70da3724626ab04cfc9676bee18646)

~~~
p49k
Isn’t it a problem that Chrome extensions have been purchased by others who
then update the code to add spyware to them? I’ve never been notified about
updates to Chrome extensions; they’re quietly updated in the background.

Several examples are mentioned here: [https://www.howtogeek.com/188346/why-
browser-extensions-can-...](https://www.howtogeek.com/188346/why-browser-
extensions-can-be-dangerous-and-how-to-protect-yourself/)

------
rapnie
Maybe it is because I'm on FF and not logged in, but other than the name
'omar.w.qureshi' (I think he submitted this on HN) I don't see any other info
other than the 5 sentence privacy policy. I would be hesitant to install such
black-box extension. Could OSS this, or is there a reason not to do so?

~~~
ramoq
It's actually open source. You can find it on github. Or you can view source
yourself.

------
orastor
I know gmail does some image caching / proxying.

[https://news.ycombinator.com/item?id=6898454](https://news.ycombinator.com/item?id=6898454)

I guess the vector here is when you read an email versus where from / using
which device / etc.

------
rasz
If you really care about gmail privacy (ha) you should also

    
    
        var matches = document.querySelectorAll('a[href*="www.google.com/url?q="]');
        
        // remove all google spying	redirects
        for (var i = 0; i < matches.length; i++)
        {
          if (/^(https?:\/\/(www\.|encrypted\.)?google\.[^\/]*)?\/?url/.test(matches[i])) {
            var match = /[\?&](url|q)=(.+?)&/.exec(matches[i]);
            if (match != null) {
              matches[i].href = unescape(match[2]);
            }
          }
        }

------
O2F2
Tracking is just one of the many reasons why it should be considered common
courtesy to communicate in plain text (and attachments if necessary).

My email based workflow and toolchain has been plaintext only for years and I
think I've been better off for it. The recent _efail_ vulnerability just made
me shrug. Plain text mail is all around more reliable, more accessible, less
obfuscated, more to the point by the nature of the medium, easier to implement
[...].

------
JohnTHaller
Gmail and every other webmail vendor should block all of these by default.
That would be a nice hit to all these "new" drip campaigns (aka personalized
spam newsletters).

~~~
some_account
Yeah because Google cares about your privacy....no way would they want to
remain friends with the ad industry. No they are YOUR friend. Of course. They
don't even charge for their service to billions of people. Truly altruistic
company.

------
some_account
I'm stunned every time people try to get privacy with Google.

It's Google! I wish I could make you understand but I probably can't.... :(

------
ramoq
I hope this hits the front page as I feel this is an essential extension for
email privacy that many people are unaware of.

------
kalehrishi
I don't think having tracking pixel in gmail is a big thing. Almost every
modern messaging system such as whatsapp has read receipts. Since gmail has
image proxy, it doesn't leak any information. And most modern email client
doesn't open remote image unless allowed explicitly.

PS: I have built [https://www.mailtag.io/](https://www.mailtag.io/)

------
dancablam
Love it. Would be great to see as a direct Gmail Add-On instead of a browser
extension.

------
arthurfm
Could the tracking pixels not be blocked via a uBlock Origin filter list?

------
ramoq
extremely beneficial extension, you'd be surprised how many marketing emails
are tracking when you open the email

------
ct0
something available for firefox?

