It’s 3 p.m. on a Friday afternoon, and an email with a promotional offer for a pair of headphones arrives in your inbox. You open it with anticipation — it’s payday – checking the offers for the set of headphones you desire and going on to the headphone company’s website.
What you may not be aware of is that marketing emails like this one are being tracked. During this brief encounter, the headphone company has amassed a vast amount of information about you and your preferences. There are other pieces of information that could be collected, including the time you opened the email and your IP address, which can be used to determine where you are located.
All of this is done so that marketers can better target you. The vast majority of email tracking takes place under the radar, using hidden pixels that you might not notice embedded in images or links. The practice of tracking has become so widespread that it has been dubbed “endemic.” If this invisibility of tracking emails is intrusive, uninvited, and bothersome, what can be done to stop it?
Apple is making some significant modifications to its operating system to help people avoid being targeted by covert email monitoring schemes. At its WWDC conference in June, Apple revealed Mail Privacy Protection capabilities in iOS 15 and macOS Monterey, which will be released later this year. As soon as it becomes available this fall, Apple’s software will automatically disguise your IP address and download remote content discreetly in the background, regardless of whether or not you interact with the email in question.
It will be routed through a number of proxy services, with an IP address issued to you by Apple in a random manner. As opposed to responding to your precise location, this will reply to the region in which you are. The launch, on the other hand, is still a few months away. Before then, or if you prefer not to use Apple’s system, here’s what you can do in the meantime.
How you are tracked
Tracking pixels are typically a single 1×1 image that is inserted into an email’s header, footer, or body. They are often invisible to the recipient. Although you may not be able to see them, the pixels in the message load when you view it and send information back to the sender, allowing them to track your movements. Marketing organizations are taking advantage of the fact that many email providers allow remote pictures to be loaded by default by incorporating tracking pixels into their email campaigns.
The pixels have the potential to collect a great deal of information about you. The device type and IP address of the victim’s computer is revealed, according to Laurie Graham, director of cyber intelligence at technology consultant 6point6. Other information collected may include whether or not you viewed the message, the web browser version you are using, and your location in relation to the time zone. The combination of these can be used to create a unique fingerprint, according to Graham.
According to Andy Yen, founder and CEO of encrypted email provider ProtonMail, your location is possibly the most concerning among the vast quantities of information that may be obtained by tracking pixels. In order to better understand your daily routines and where you live and work, the information acquired can be utilized to create reports. The most intrusive aspect is that it is taking place without your awareness or consent.”
As Jon Callas, director of technology projects at the Electronic Frontier Foundation, explains, the ability to track users via email allows virtually any company to build a detailed profile of its customers. This is especially true when companies collecting your information “conspire together” in order to gain access to your information. In a collaboration between clothing and a book store, the clothing store learns about your reading habits and can use this information to market clothes to you based on what your books say about you. This combination of information collecting is what gives advertisements their eerie appearance at times.”
Aside from that, tracking companies are capable of rewriting any and all links contained within messages. In order to validate an account or register for a website, you may be forwarded to a marketing server URL before being transferred to the intended destination.
There is legislation in place to prevent email monitoring without your consent. Pixels are governed in Europe by the Privacy Electronic Communications Regulations 2003 (Pecr) and the EU’s General Data Protection Regulation (GDPR), which both protect personal data (GDPR). According to Emily Overton, managing director of records management firm RMGirl, consent is not necessary unless pixels are required for service delivery under the terms of these standards.
Although the regulations have not been widely enforced in this area, businesses may claim that customers agreed to receive the email by signing up for the service or that the use of pixels is acceptable because it is specified in their privacy notice, which is not specified the case.
What to do about it
According to the company, Apple’s Mail Privacy Protection will not be enabled by default when it becomes available in the fall of this year. This feature must be enabled in the Mail settings (Settings > Mail > Privacy Protection and toggle on Protect Mail Activity). Select Protect Mail Activity from the Mail menu in macOS Monterey, Mail Preferences, Privacy, and then click Save Changes.
Because tracking pixels are typically found in images, you can configure your email client not to load images by default until the iOS and macOS upgrades are released. On an iPhone, the option is located in the iPhone Settings, Mail, and Load Remote Images sections.
If you use Gmail, the option is located under Settings, Images, and Ask Before Displaying External Images. Note that since 2013, Google has served photos in Gmail through its own proxy servers, which has the effect of masking the sender’s IP address in the majority of cases.
Meanwhile, the browser version of Outlook.com automatically loads external images through a proxy server; however, you cannot prevent these images from loading entirely, which means that some information may still be collected. The Microsoft Outlook for Windows 10 (through File, Options, Trust Center and Trust Center Settings) and the Microsoft Outlook for Mac are both equipped with more extensive controls (in File, Preferences, Reading).
Remote image loading can be blocked to protect your personal information; but, it may have an impact on your user experience because you will not be able to see images in any emails, including newsletters unless you manually download them. In the words of Overton, “Not everyone is utilizing alt text, so images may include information that you won’t be able to read if you don’t allow pixels to be viewed.”
And, as Callas points out, turning off remote image loading does not prevent marketers from collecting data when you do include photos in an email. True fixes must be carried out by the email provider or email client in question. “Gmail might be able to achieve it, but Google is also the world’s largest advertising company,” Callas explains further.
Other alternatives are available. Graham recommends using a free service such as Cloudflare’s WARP software, which is analogous to a virtual private network (VPN). When you click on a link, your true IP address is not revealed.
Another alternative for Chrome and Firefox users is an add-on such as Ugly Email, which works with Gmail in your browser by scanning your inbox for emails that include tracking pixels and blocking them.
Additionally, several other privacy-conscious email companies, such as ProtonMail, include remote image blocking as a matter of course by default. DuckDuckGo plans to develop an email privacy solution later this year that will prevent the tracking of users’ emails. You can also pay for Basecamp’s consent-based email service Hey, which blocks tracking pixels and notifies you if the message contains tracking. This is an additional option. Then there’s Thunderbird, a free email client developed by Mozilla that doesn’t automatically load remote content, instead of displaying a notification bar to indicate that it has blocked it.
In addition, AirMail is a premium solution for iOS that offers a variety of privacy features, according to Overton. The privacy standards of AirMail are more severe, and if you choose to turn off protection, the program will notify you of the consequences.