How Email Open Tracking Quietly Took Over the Web

Brian Merchant, writing for Wired: There are some 269 billion emails sent and received daily. That's roughly 35 emails for every person on the planet, every day. Over 40 percent of those emails are tracked, according to a study published last June by OMC, an "email intelligence" company that also builds anti-tracking tools. The tech is pretty simple. Tracking clients embed a line of code in the body of an email -- usually in a 1x1 pixel image, so tiny it's invisible, but also in elements like hyperlinks and custom fonts. When a recipient opens the email, the tracking client recognizes that pixel has been downloaded, as well as where and on what device. Newsletter services, marketers, and advertisers have used the technique for years, to collect data about their open rates; major tech companies like Facebook and Twitter followed suit in their ongoing quest to profile and predict our behavior online. But lately, a surprising -- and growing -- number of tracked emails are being sent not from corporations, but acquaintances. "We have been in touch with users that were tracked by their spouses, business partners, competitors," says Florian Seroussi, the founder of OMC. "It's the wild, wild west out there." According to OMC's data, a full 19 percent of all "conversational" email is now tracked. That's one in five of the emails you get from your friends. And you probably never noticed.

e-mail is not web

[arth1]

Stop using a web client to read e-mail, and it isn't a problem.

And if you're an admin, configure your SMTP servers to mark e-mail containing links to trackers as potential malware.

What? This is really old news

[nctritech]

Email clients have been set to not load remote content by default for over 15 years. Gmail caches remote content to its own servers making tracking bugs in emails mostly useless unless you click an outbound link with tracking data in the URL. Unless you've changed the default setting from "DON'T load remote stuff by default" then you've not been trackable for a really long time. Who needs anti-tracking services? All I have to do is not click on any links. This is an old story. I wonder if the Wired article is "sponsored content;" they are, after all, one of the companies that has complained a lot about ad blockers, so I know they're pretty hard up for dollarydoos.

Re:"enable loading of remote content"

I was surprised by an overdue credit card bill. I had email bill alerts enabled but when I logged in they had been inexplicably turned off. I called support and they said since I didn't read any of my alert emails they disabled them (read: I have remote content loading disabled so their trackers didn't load).

CapitalOne, they are run by pieces of HUMAN GARBAGE.

Re:"enable loading of remote content"

[epine]

I'm not sure anyone using "gmail" as their primary e-mail service is very worried about "tracking."

So far I trust Google's immense appetite to keep all the cream for themselves. They might track, but they don't share (so far as I've read).

I've also never seen anything from Google that I didn't know was from Google, so as a personal privacy attack surface, it's so far been fairly conspicuous.

Google knows everything about me from my search history already (on the order of one million data points).

Not that I don't have my own e-mail service (as well), but I estimate the my added exposure from Google knowing 99% of my life (by means of my e-mail) instead of 98% of my life (through search alone) as fairly small.