1. 38

    1. 6

      I just found out that github inserts 1x1 tracking images into email that it automatically sends me. Fortunately, my email client (fastmail) protects me from this. But it’s still privacy invasive malware, coming from a social media site that I previously considered trustworthy.

      1. 4

        A tracking pixel alone is not malware by any normal definition of malware. While it’s possible to abuse the info you get from a tracking pixel, there’s a lot of good things (good for the users!) that Github might be doing, like improving emails that have bad open rates to make them more useful.

        1. 4

          Reminds me of an anecdote from a job interview I had a few years ago:

          The interviewer was mad at me for not checking the email they sent to confirm the time of the email. I had to explain to her that I only receive plaintext emails to that address so her tracking pixel would never had loaded.

          Now I work at a company with a solid marketing department and the tracking pixels from Hubspot are super important for our sales decisions (we are 100% e-commerce).

      2. 5

        I’m kinda surprised they want to associate names with their tracking data. I worked at Conversant a few years ago, at the time one of the largest competitors to Google, and they were very concerned about potential lawsuits and penalties they might be exposed to if they had personally identifying information. They would try their best to assign an opaque identifier to a person, and keep it accurate across devices and sessions (dubious how well this actually worked, along with many other things in ad-tech…) but they were careful to scrub incoming data of PII, and there was no storage of names and no way to work back to a name. They really didn’t want to be in the position of having that information and potentially have a public leak or having it abused by someone internally. And to reiterate, this wasn’t because they cared about peoples privacy (though some individuals did, I’m sure) but because they were afraid of getting a massive fine and/or big lawsuit.

        Google has a vastly higher profile than Conversant, and privacy sensitivity is much higher than it was a few years ago, so they must be very confident in their security and processes (or they’re not concerned about penalties or backlash, or they think the sweet sweet revenue trumps any of those issues).

        1. 2

          More likely they are too big to be properly sued, and this was after having the American president’s ear every week, so I’m sure they felt very legally secure.

        2. 6

          Wow… Okay, I guess it’s time to switch to Firefox and fastmail….

          1. 11

            This article was originally published by ProPublica on October 21st, 2016.

            Guess it is time!

            1. 3

              And yet it was news to me.