Hacker News new | past | comments | ask | show | jobs | submit login

We used to do that to track emails. Gmail's fix was to cache the emails' images on their own server, so it's only hit once. They also don't listen to selector:hover{} so you can't have hover effects.



> Gmail's fix was to cache the emails' images on their own server, so it's only hit once.

That doesn't solve the problem; email trackers could just use a unique URL per email.


It does solve the problem because Google download the image no mater what so you can't know if someone opened the image or not.


Google's service delays downloading the image until the moment it is requested by the client.


Correct. This is how Mailchimp and other similar services can tell if you opened an email.


But is that when they "open" the email, or simply them opening Gmail?


Mailchimp analytics would outright not work if it was the latter, so it's probably the former.


Couldn't google just hit the URL randomly themselves to throw off tracking, even if the email was never opened?


This would actually be detrimental to users. Responsible email publishers use lack of opens as a signal to reduce volume of emails sent and, eventually, unsubscribing you automatically. Gmail causing a lot of bogus engagement would make it look like people can’t get enough of your content


> Responsible email publishers

I'd love to meet these people. I've yet to have a good email publisher experience. whether it's a fortune 500 co or the newest startup they all terribly abuse email.

> unsubscribing you automatically

What is this magic? I've never once been automatically unsubscribed from anything.


> I've never once been automatically unsubscribed from anything.

To be fair, this is the kind of thing where, if it had happened, it’s possible you wouldn’t have ever noticed.


Hi, pleased to meet you. Even though everyone on our newsletter list specifically signed up to get newsletters, we’ll still warn you and then unsubscribe you if you do not engage for a long time.

Google, in particular, will send all a sender’s mail to everyone’s spam folder if it sees low engagement across all gmail users... so it is in publisher’s own self interest to remove disengaged users.


I believe mailchimp has something that automatically unsubscribes users if they haven't opened your emails for x time, but the amount of publishers that use this is probably pretty low.


> Responsible email publishers use lack of opens as a signal to reduce volume of emails sent and, eventually, unsubscribing you automatically.

That does not remotely sound like the behaviour of responsible "email publishers". Responsible behaviour is to only email people who asked for it, and to stop when they tell you to stop. Clever trickery to spy on people is not the behaviour of responsible people.

If their intention was as you say, it would be really stupid and unreliable trickery, not just because some systems might load the images without the user reading the email, but also because the user might read the email without loading the images. And even if they were to only and reliably load on reading, reading the email does not in any way imply that the user wants to receive it. Lots of people open email before throwing it away. Some mail readers show a preview which may be enough to read the message. Does that count as reading or not?

No responsible organisation would rely on this kind of trickery, and no organisation that relies on this can be considered responsible in their handling of email.


Agreed, it's a terrible idea. I've been subscribed to the NY Times' "morning briefing" email for a long time. I'm using an IMAP client, and I never bother to load the images for this, because all I want is a text summary of the day's news.

They recently sent me an email saying something like "we noticed that you're not reading our email, so we're unsubscribing you." Apparently I hadn't been loading their tracking pixel/script/CSS, so they thought I wasn't "engaging" enough. This was despite the fact that I clicked on links to full articles, which had all sorts of tracking info embedded in a redirect.

A responsible email publisher offers a clearly-visible "unsubscribe" link at the bottom of the email, which will unsubscribe you with a single click. No nags, no checklists of email categories, maybe an "are you sure?" page at most, with equal-sized "yes" and "no" buttons. One or two clicks, and I don't hear from you again.

A dodgy email provider is more likely to "use lack of opens to reduce volume." If I don't trust some company to actually unsubscribe me when I ask, I'll just filter their domain directly to the trash. Clicking on spammers' "unsubscribe" links is usually a bad idea.


I don't know why this is being downvoted. I work for an ESP, and this is an accurate statement. Whatever you think about marketing emails, you probably don't want gmail to simulate click traffic. Trust me.


> Responsible email publishers use lack of opens as a signal to reduce volume of emails sent and, eventually, unsubscribing you automatically.

No, they don't.

> Gmail causing a lot of bogus engagement would make it look like people can’t get enough of your content

For a few days, perhaps. Gmail accounts for a significant proportion of all email. 'Publishers' would quickly realise they are no longer able to track emails sent to Gmail. To fail to do so would be their loss; if that weren't the case, they wouldn't bother with tracking at all.


That would require Google to care about user privacy.


Cartels still like to take out their competition.


And they do that exactly. The fix is to disable images by default but every user has to manually do this.


Or use an email client that disables images by default.


I thought images were off by default


But it does not matter, if google download all the images when for all your emails then showing them to you is just a fetch from their own servers. Similarly to the ad-blocking extension that clicked all ads on the page (in isolation) so that tracking would be useless.


Not in the Web client I'm afraid


... and then do what?


and then send many emails? is that an availability attack?


> We used to that to track emails.

Why are you contributing to the surveillance age of the internet?


"Sorry boss, please fire me and ask one of the 200 other employees here to use that system with built-in tracking to make a newsletter for this clothing brand."


Take some pride in your work. Software is literally the most in demand profession today, you don't have to work for corrupt employers. You can contribute something positive to society and still make decent money.

In some other profession I'd make exceptions, but seriously the amount of money flowing to developers these days, there's no excuse to sell out.


What you describe as a corrupt employer is anyone that uses Mailchimp, SendinBlue, MailPoet, CampaignMonitor, Dotmailer, MailGet, etc.

Do you think that companies who send newsletter do it without any traces of analytics? Every link is tracked, every image is tracked. On the web, there are heatmaps of every single mouse movement. Your keystrokes used to be tracked too, until GDPR hit. Anyone who works does analytics can play back the path visitors used to navigate on the site.

It doesn't take any advanced team to do that. You simply drop a .js file from some third-party CND in your site's head and you have all that data. Any mom ? pop shop that has a website has access to that data.

Everyone does it, that's the current state of the industry. To refuse work from anyone who does analytics would mean to leave the web industry.

> but seriously the amount of money flowing to developers these days

At the time, I was paid cad$40k/year. According to glassdoor.ca, the salary for the same position would be cad$59k/year today. Not everyone works from the inside of a bubble.


> Do you think that companies who send newsletter do it without any traces of analytics?

I don't doubt it.

> Everyone does it, that's the current state of the industry.

That's not an excuse

> To refuse work from anyone who does analytics would mean to leave the web industry.

Analytics as a whole is not the issue. Doing shit like abusing CSS in order to track when someone opens an email and what they do in that email is evil. That violates the user's trust and expectations. I don't doubt that any time I spend on somebodies website will be tracked and analyzed by them. But they have no right to track and analyze me on my own properties, like while reading my own email.

"Everybody is doing it" is not an excuse for evil behaviour. Be better than others, don't contribute to this race to the bottom.

59k a year is a very healthy salary. I know real Engineers doing things like verifying building and bridges who make less than that. Honestly to think that $59k a year in Canada is too little money to afford a moral compass shows how much of a bubble you are already in.


This tracking is made by tracking when someone loads an image from our server.

When their device calls our server, we have access to this person's basic information. Usually this information isn't aggregated but only counted to know how many users opened the email.

That's the equivalent of a caller id. This is the less hurtful and evil method of tracking I can think of.

I don't understand why you are so outraged from it.

Nobody is forcing you to open the newsletter email titled "AMAZING deal from [brand], get ONE FREE if you purchase THREE!" that you just received and much less to click the "request images in this email" button.

I could understand your point if we were talking about "Canvas Fingerprinting" where an invisible image is generated and the user's GPU is singled out to an unique token by exploiting the unique hardware information outputted during the rendering of the image, allowing you to track user across browsers, sites, logins and even after a software format or operating system reset.

However right now I'm merely talking about tracking the number of hits our server receive for "banner-image.jpg". This is not even information unique to the viewer.


> Nobody is forcing you to open the newsletter email titled

And nobody is forcing you to invade users privacy.

> We used to do that to track emails. Gmail's fix was to cache the emails' images on their own server,

The fact that you call what gmail did a "fix" shows that you know what you're doing is not okay.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: