
How Email open tracking quietly took over the web - ploggingdev
https://www.wired.com/story/how-email-open-tracking-quietly-took-over-the-web/
======
jabot
Thunderbird supports not accessing remote content:

[https://support.mozilla.org/en-US/kb/remote-content-in-
messa...](https://support.mozilla.org/en-US/kb/remote-content-in-
messages#w_what-is-remote-content-and-why-is-it-blocked)

This seems to be a sufficient countermeasure against the kind of tracking in
the article.

~~~
craftyguy
Anyone know if mutt does this? I currently pipe HTML mails through w3m to read
them, and I'm almost certain this technique is pulling remote content, so I
would be interested if anyone has some tips on improving this setup. Avoiding
HTML mails altogether is sadly not an option.

~~~
dividuum
Put it in a sandbox without network access.
[https://github.com/projectatomic/bubblewrap](https://github.com/projectatomic/bubblewrap)
might be worth looking at for that. It also has the added benefit of reducing
the attack surface of running w3m on untrusted content.

~~~
craftyguy
Oh, that's an interesting idea! I currently use firejail quite a bit, but
hadn't thought of using it to also kill network access for w3m's rendering of
an html email. Thanks for the idea!

------
didgeoridoo
I was under the impression that the email tracking pixel technique became less
reliable once GMail started pre-loading email images on its own server and
sending you the cached copy instead. Does anyone know if these services found
a way around that?

~~~
Jagat
Contrary to popular beliefs, gmail does not pre-fetch all the images. It
fetches the images via a proxy the first time the user loads the email via
gmail app or gmail web, and caches it for repeat opens. Also, there’s no
proxying if the user uses a third party app (like the iPhone app). So open
metrics are still fairly accurate since not many users open the same email
multiple times.

So why does gmail do this if it still allows the websites to track opens?
Primarily to prevent IP address leak and to prevent the website owner from
reading it's cookies on email opens (if opened on a browser), and/or cross-
linking multiple emails for further tracking and linking identities.

------
oblib
I implemented this on an invoicing app I make. The app also lets users create
"estimates", "quotes", "proposals" and other documents which I do not use it
on.

The reason I did this is because over the first decade after creating the app
the users of the app kept telling me that clients would tell them "I didn't
receive the email".

I've had clients do that to me as well, even before I made the app. One of
them was a contractor for the U.S. federal government who owed me over $20k
and was most certainly going to screw me. In that case, after sending the
invoice with the US Postal service three times I sent it the forth time with a
"Return Receipt" required. Even that didn't get my check in the mail from them
because they lied again about receiving it until I informed them I had a
signature saying they did get it.

Still, the only reason they paid me is because I shut down web based "Real
Time Traffic Conditions Map" I'd created for the project a few days before
their public debut of the app and refused to turn it back on until the check
was in my hands.

I don't really consider this an invasion of privacy. All it is telling my
users is rather or not their customers and clients opened the emailed invoice
and it's little different than the "Return Receipt" service offered by the US
Postal Service.

FWIW, it works with Gmail too.

------
romdev
Many web mail clients (Yahoo, Hotmail, etc.) don't render images by default,
and you opt to download each email's images with a button. HTML mail renders
without images pretty cleanly if the alt text is included. IMO, this should be
the default for all email clients, and the lack of that feature on mobile
devices shows the immature state of mobile development compared to desktop.

------
mmagin
I know I'm weird, but I feel like email clients automatically loading remote
content by default is a security hole.

~~~
tinus_hn
Yeah, better limit them to opening locally generated email.

