1. 38

  2. 5

    Why aren’t email servers proxying image requests? GitHub does this for remote images in markdown files (they call it “camo”).

    1. 12

      Meh, bad I guess, but count me in the group that says if your mail client is opening tracking pixels, you have a broken mail client.

      Continues reading a bit… oh, look, here’s the hypothetical with the pedophile… won’t somebody think of the children!!!

      1. 12

        I want to agree, but… There was a time when a) it was ok to add lead acetate to sweets b) most people didn’t know that lead acetate is toxic. Now, most people don’t know the implications of loading remote content, and blaming them for it is not too unlike blaming people of the old times for not knowing about health effects of lead when it wasn’t common knowledge and not testing their sweets for it.

        (I’ve just realized that bit is not common knowledge anymore unlike the toxicity of lead. Lead acetate reportedly tastes sweet and was cheaper than sugar, which is why it could be use as an adulterant)

        1. 11

          Singling out one bad sender doesn’t do anything to keep people safe, however. All of the “bad” things they’re doing are available to anyone with a mailchimp account (for cheaper, in fact). Or even anyone. I can put tracking pixels in my email, too.

          Raise the alarm? Warn the populace? Yes, please. But do it in a way that doesn’t merely request one bad actor turn nice.

        2. 4

          I’m always surprised that tracking pixels work at all. Even badly broken clients like GMail block them by default.

        3. 3

          A solution to avoid tracking would be for webmail to pre-download all the images and serve those to the clients. That way the tracking data would be completely bogus but clients can still see the images.

          1. 1

            The tracking data would not be completely useless because the URL to the image can contain a unique identifier.

            1. 4

              If GMail always fetches all URLs in the mail before you even open or regardless if you log in to your account then it renders the tracking feature useless as that’s no longer the user reading your mail - in fact the user may never do that.

              1. 1

                I’m assuming you mean the image resources, because a lot of email I receive contains one-time-use links that expire the second they get requested. Any client prefetching those would render the mechanism broken.

                1. 1

                  Spilled.ink purports to do this (listed under “Server asset fetch”)

                2. 1

                  Since the mail server would pre-fetch all the images, the sender would see somebody loading the tracking pixel from the mail server IP at the time where the email is received.

                  Gmail already does something similar where it proxies all image requests through their servers to hide the reader’s location. This would be going one step further and even hide open times.

              2. 3

                Gmail proxies these anyway. It won’t work. Silly feature.

                Interestingly, Boomerang includes the Read Receipt feature but when you enable it, it posts a line underneath that says “The sender has requested a read receipt. Click here to opt-out.”

                Well, preferably the opt-out would be offered before the reading was transmitted but it’s much better than this implementation.

                Anyway, back in the day, Outlook and stuff would offer you this with an exchange server. I’m glad we’ve moved past that, though. I think read receipts do feel somewhat invasive, and that’s why loads of people have turned off their ‘online’ status on WhatsApp (mine is on but that’s because I’d like my friends to know I’m on).

                That said, I think privacy advocates do their cause some harm by breathlessly screaming about read receipts in the same tone as they would about someone poking a camera through your bathroom window. There’s going to be some apathy from the overstimulation. I, for one, am going to put ‘privacy’ in my filtered tags now.

                1. 2

                  Interestingly, Boomerang includes the Read Receipt feature but when you enable it, it posts a line underneath that says “The sender has requested a read receipt. Click here to opt-out.”

                  It’s likely that under the GDPR, this should at least be opt-in in the EU.

                  1. 1

                    I’m going to enjoy watching the ICO and CNIL go after a bunch of unsuspecting office workers trying to see if their comrades in the org are actually reading the urgent emails they’re sending. Boomerang will probably also be affected but it’s going to be quite an amusing tale.

                    1. 1

                      I am unfamiliar with these abbreviations. What is the context?

                      1. 2

                        The British and French enforcers for GDPR.

                        1. 1

                          Surely the GDPR doesn’t apply to communications internal to an organization?

                          1. 3

                            I’m not an expert but I don’t think you automatically get an exemption for internal comms. Stuff like “hey, here’s my SSH key. Can you set me up?” Is probably fine while “David has just had a baby. Let’s congratulate him” or “I’m running for cancer research this summer. Would you mind funding me?” probably aren’t.

                            1. 2

                              Looks like you’re right:


                              I wonder where stuff like “show if someone is in a meeting based on calendar” qualifies. I might just mark myself permanently “offline due to GDPR”.

                2. 2

                  Aerc is a nice email client that won’t load pixels :)

                  1. 2

                    I’m a bit confused. I think perhaps I’m missing something? Because this is (and has been) standard practice, to include tracking pixels with all requests for emails.

                    Also, as an aside, this is hilarious:

                    tl;dr: Superhuman posted in the “Who’s Hiring?” thread on Hackernews, then included a screenshot of a Gmail inbox that showed a message with the title “Invitation: HackerNews ‘Who is Hiring’ Upvote Surge [details coming]”.

                    1. 2


                      They’re removing this tracking according to the CEO:


                      1. 2

                        No, this is a blatant overreaction. Superhuman is spying on those who receive emails sent with it. And in that respect, every company that sends you emails is spying on you. That is, if in your mind, “oh hey they opened the email” is tantamount to a secret intelligence operation.

                        1. 2

                          SaaS product? Check. Directly handles your data without encryption or blinding? Check. So it spies on you.

                          1. 1

                            The article highlights something that as far as I am aware is synonymous with a lot of communication products and in a largely hyperbolic writing style.

                            1. 1

                              I’ve never heard of this client before, and now I’ll never use it.

                              What kind of name is “Superhuman”, anyway?

                              1. 5

                                I happen to know they paid $300,000 for that domain. I know this because the guy interviewing me wouldn’t shut up about it.

                              2. 1

                                All this does is put into the hands of individuals something megacorps have been doing for decades. This is empowering users and adding new features to consumer email! Also, the user expectation these days is for read receipts - that’s how it is on all IM platforms. A little geo-ip is hardly a crime. An unprotected user leaks far more information to any website they visit.

                                1. 2

                                  An unprotected user leaks far more information to any website they visit.

                                  This is true. It’s also a crappy status quo and absolutely not a reason to chip away at people’s privacy even more. (And users hardly want to be leaking this information—it’s just that most don’t know any better.)