Hacker News new | past | comments | ask | show | jobs | submit login

Pixel trackers are just small embedded images in the email that when they are fetched from a server, the server logs it. Pretty simple way to track whether or not someone has opened an email. It's my understanding that gmail however downloads all images and then serves them from Google servers to avoid this issue entirely.

Traditional email clients like Outlook/Thunderbird are susceptible to this kind of attack. That's why they often ask you before loading images.

https://smallbusiness.chron.com/set-email-tracking-pixel-493...




All Google does is proxy the images to hide your IP address. The images are proxied on-read so read receipts are still being leaked.

A Google employee has confirmed to me that they tested killing email read receipts but it was shelved as it broke too many partner integrations.


Variants of "pixel trackers" still work fine on Gmail despite this. To this day a lot of marketing, recruiters and others are tracking when you open their message on Gmail.


How are these variants working? Curious about how they are getting around google hitting all of them.


I assume Google doesn't request the image until the email is opened.


Even with images disabled?


No, disabling images breaks pixel tracking. One way to quickly sanity check a mail client's priorities is whether it gives you the option to disable images by default.

Some clients that don't allow you to disable by default: Polymail, Gmail on iOS, Inbox (Google) on IOS

If it's free, you're the product...


Ha I thought you were wrong, but it turns out that indeed, you can disable image loading in the Gmail Web interface, in the Android app, but not on iOS: https://support.google.com/mail/answer/145919?co=GENIE.Platf...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: