3
0

Why you should never automatically load images in email


 invite response                
2021 Feb 17, 12:16pm   298 views  9 comments

by Patrick   ➕follow (55)   💰tip   ignore  

https://www.bbc.com/news/technology-56071437

The use of "invisible" tracking tech in emails is now "endemic", according to a messaging service that analysed its traffic at the BBC's request.

Hey's review indicated that two-thirds of emails sent to its users' personal accounts contained a "spy pixel", even after excluding for spam.

Its makers said that many of the largest brands used email pixels, with the exception of the "big tech" firms.

Defenders of the trackers say they are a commonplace marketing tactic.

And several of the companies involved noted their use of such tech was mentioned within their wider privacy policies.

Emails pixels can be used to log:

if and when an email is opened
how many times it is opened
what device or devices are involved
the user's rough physical location, deduced from their internet protocol (IP) address - in some cases making it possible to see the street the recipient is on
This information can then be used to determine the impact of a specific email campaign, as well as to feed into more detailed customer profiles.


Worse than that, they are used to sell information about you, specifically that you are a good target for spam because they know you open spam emails and don't have image auto-loading turned off in your email reader.

BTW, patrick.net emails have no such trackers which you should be able to verify by looking at the raw email text. On the other hand, I don't even allow valid images from my site to be displayed to email programs. That's a byproduct of some security maneuvering I did when being threatened by a copyright lawyer over an image of chicken tenders with Pepe the frog over them. I should fix that.

Comments 1 - 9 of 9        Search these comments

1   Blue   2021 Feb 17, 12:23pm  

One might also disable one more option. Email clients generally have an option to disable acknowledgemen that send back to sender upon opening the email.
2   Patrick   2021 Feb 17, 12:45pm  

Good point.
3   Tenpoundbass   2021 Feb 17, 12:49pm  

I've known about those since 2006, they used to call them "Click Pixels".
4   Blue   2021 Feb 17, 1:10pm  

I am sure most of you know, there is kind of unique id number is embedded in the image file header. That is used in many ways to track the unsuspected users who may receive/access/view/download. The java script in web page or app send a message back to one of their or partner servers.
5   Karloff   2021 Feb 17, 1:11pm  

Pricksels
6   Ceffer   2021 Feb 17, 1:40pm  

The Fiends! The Foul Fiends!
7   Patrick   2021 Feb 18, 1:12am  

Blue says
The java script in web page or app send a message back to one of their or partner servers.



Firewalls and Little Snitch help to block this sort of thing.
8   NuttBoxer   2021 Feb 18, 12:29pm  

protonmail blocks all images by default. Coupled with Tor no one's getting shit from me.

A big part of identifying you is capturing your screen info when you're browsers in full-screen. Never do this on your laptop monitor, or use Tor. Even with Tor, they purposely make your screen slightly smaller as this form of ID'ing is still possible.
9   Hircus   2021 Feb 19, 9:55am  

NuttBoxer says
A big part of identifying you is capturing your screen info when you're browsers in full-screen. Never do this on your laptop monitor, or use Tor. Even with Tor, they purposely make your screen slightly smaller as this form of ID'ing is still possible.


I think you might have it backwards, or I misunderstand you. The way I see it, changing your window size will significantly help them uniquely fingerprint you.

When you're full size, your dimensions are the same as tons of other people who have the same resolution + physical screen dimensions, of which there are many people with say, a 24" monitor at 1920×1080, who have their browser window maximized. Once you un-maximize, now you are a person with 24" at 1920×1080 res, but with a window size of say 1733x987, which is extremely unique. The odds that another person will have exactly the same size, to the pixel, is unlikely.

When full screen, you may go from being 1 of the 100,000 users who have that combo of dimensions, to 1 out of 5 users with the same ultra-specific 1733x987 size combo.

And of course, they use other variables in your fingerprint too, and that will narrow the group sizes down considerably.

For avoiding fingerprinting, you want to be like others, not be unique.

Please register to comment:

api   best comments   contact   latest images   memes   one year ago   random   suggestions