
PixelBlock – Stop people from tracking your email opens - ramoq
https://chrome.google.com/webstore/detail/pixelblock/jmpmfcjnflbcoidlgapblgpgbilinlem/yc
======
bramgg
No Chrome extension can know which images are being used to track email opens.
If you want to disable that sort of tracking you should disable
images/external resources completely. Otherwise you're just getting a false
sense of security.

~~~
rsync
I use (al)pine. Nobody has ever, in any way, received information about my
email opens.

I speed through email with keystrokes and zero mouse movement, and I can use
email with ease on even the slowest of satellite or 2G network access.

Finally - and this is my favorite part - since I use pine, and my engineers at
rsync.net also use pine, not one single intra-company email has ever traversed
the Internet. Ever.

All intra-company email is simply a local copy operation on a single mail
server.

~~~
StavrosK
> since I use pine, and my engineers at rsync.net also use pine, not one
> single intra-company email has ever traversed the Internet. Ever.

What does the mail client have to do with this? I use Thunderbird with Gmail,
and, since all of my contacts use Gmail, not one single email has ever
traversed the Internet, ever.

With TLS-enabled mail servers, this isn't very relevant a metric.

~~~
1ris
>With TLS-enabled mail servers, this isn't very relevant a metric.

They still have the meta-data, the actually interesting stuff.

~~~
StavrosK
They know that some email was sent by someone to someone somewhere around that
time, but nothing more.

~~~
1ris
Nothing more? That all you need to know in 99% of the time. Just in case you
didn't get the memo: ‘We Kill People Based on Metadata’.

[http://www.nybooks.com/blogs/nyrblog/2014/may/10/we-kill-
peo...](http://www.nybooks.com/blogs/nyrblog/2014/may/10/we-kill-people-based-
metadata/)

~~~
StavrosK
Really? You're equating knowing who sent what when and how to just knowing
that something was sent at some point, from an unknown origin to an unknown
destination?

------
nine_k
BTW what is the point?

I mean, one can legitimately want that _they_ do not receive the tracking
information. But are there any real security implications, like siphoning off
any unauthorized data, facilitating spam, etc?

~~~
dublinben
Tracking an email open is enough of a security threat by itself.

~~~
monk_e_boy
We use it to see if you are interested in the email. If you don't open 3 or 4
we take you off the list. We also use it to see if email addresses are no
longer used.

I don't really see why you'd care about tracking pixels 99% of the time. If
you purchase something from us and we email you, it's super useful for both of
us to know if you have read the email (purchase receipt or booking
confirmation.)

I personally don't see much spam and what I do see I just delete, so tracking
pixels in those aren't an issue for me.

~~~
yellowapple
> If you purchase something from us and we email you, it's super useful for
> both of us to know if you have read the email (purchase receipt or booking
> confirmation.)

Why? If I'm interested in the email, I'll request it (i.e. if I'm purchasing
something from you, me receiving confirmation emails from you should be opt-
in, either in my user settings on your site or on a per-purchase basis). If
I'm not interested in the email, I'll click the "unsubscribe" link in the
email (you _do_ include unsubscribe links, right?) or otherwise specify such
in - again - my user settings.

In other words, that's not your call to make. That's _my_ call to make, and
your explanation is sounding like a very weak excuse to pin my privacy to a
table and give it a night it'll never forget.

------
nickphx
google already grabs the images via image proxy..
[http://gmailblog.blogspot.com/2013/12/images-now-
showing.htm...](http://gmailblog.blogspot.com/2013/12/images-now-showing.html)

~~~
ibejoeb
Unique images still allow for read receipts.

The proxy effectively prevents cookie setting, ip address determination and
geolocation, and injection-type attacks.

~~~
geofft
If Google proxies and caches images at the time of receipt, instead of when
you open the email, then you effectively don't have read receipts for Gmail
users, because it looks like they all read the email immediately.

Caching images immediately is probably an attractive engineering decision on
its own merits. Whether spamming read receipts is good (because it makes them
useless) or bad (because it makes people _think_ the emails got read) is an
interesting question.

------
ibejoeb
Source:
[https://github.com/ramoq/PixelBlock](https://github.com/ramoq/PixelBlock)

~~~
ramoq
Thanks for posting ibejoeb!

~~~
ibejoeb
Neat tool, thanks. I wasn't going to install it because it required access to
mail.google.com and googleusercontent.com, but since it's open I feel better
about it. It might be helpful to others to mention that and link to it in the
chrome store.

------
Paul_S
...or if you're using mutt you're laughing all the way to the plain-text
version.

On a serious note: just block remote content.

------
nthcolumn
Isn't this redundant unless I accept images? I get:"Images are not displayed.
Display images below - Always display images from webmaster@ibmverse.com" (for
example).

~~~
monk_e_boy
You are correct, I'm 99% sure this is why blocking images is an option in
email browsers.

------
69_years_and
I generally use Thunderbird and while I have not checked what it does in all
cases, it generally flags when there is remote content and provides options
regarding loading it. I'm happy with that. I know many folk of course use web
based mail readers, and this is directed at them, but if its a big issue using
a product like Thunderbird may be the way to.

------
zurn
[http://techcrunch.com/2013/12/12/gmail-open-
rates/](http://techcrunch.com/2013/12/12/gmail-open-rates/)

"[...] Google spokesperson I emailed said that’s not entirely correct. (The
spokesperson declined to be quoted.) Instead, they said marketers who track
open rates through images will still be able to do so — indeed, they suggested
that the data might be more accurate now since open rates will count users who
read the emails but don’t load the images."

Sounds like Google made sure tracking works even when users attempt to evade
it.

But another quote in the same article still talks about pixels:

"MailChimp can still detect the first request for the open-tracking pixel."

------
wodenokoto
Wouldn't adblock/muBlock/etc. accomplish the same, while working cross
browser?

~~~
ramoq
unfortunately not, adblock blocks ad related media only. This is one of the
few tools that will intelligently block people from tracking your email
views/opens

~~~
mp3geek
* Easy privacy.

EasyPrivacy is an optional supplementary subscription that completely removes
all forms of tracking from the internet, including web bugs, tracking scripts
and information collectors, thereby protecting your personal data.

------
RRRA
I thought gmail recently preloaded images so you didn't need this? (I say this
because the example shows gmail)

~~~
angry_octet
I thought that too, but no. It seems it replaces the original link with a
google url, which is basically a proxy address for that original url. It seems
they may cache it, but don't preemptively download it when the mail is
received.

[http://gmailblog.blogspot.com.au/2013/12/images-now-
showing....](http://gmailblog.blogspot.com.au/2013/12/images-now-showing.html)

Obviously if they downloaded any image linked to an email send to gmail that
could lead to a DOS, and be very wasteful in any case. So they wait until you
actually open the email. But at least it obscures your IP unless you click on
the links.

------
hackread
yeah well what about google tracking emails itself.

~~~
esMazer
is a given if you are using gmail. If anyone doesn't want google, microsoft,
yahoo tracking email.. you better get your own mail server.

~~~
zz1
Or pay one, e.g. Gandi: [https://www.gandi.net/](https://www.gandi.net/)

~~~
yellowapple
And now you're back to square one due to draconian French surveillance laws.

Running your mail server on a VPS is not a very good solution, particularly
when that VPS exists in a country that interpreted _1984_ to be an instruction
manual rather than a cautionary tale.

------
pearknob
quite useful, great job

