LPT: turn off "auto display images" in your email to stop hidden read receipt trackers

Submitted by flutterbyasaurus t3_z8c737 in LifeProTips

Tracking pixels are now commonplace, and these let a sender know that you’ve opened an email they’ve sent, plus the time and date that you did so. They can even see if you’ve forwarded the message to anyone else.

These are tiny bits of code that are usually hidden in images that are included in emails. When you open the email, they are triggered and send back the meta-data (it’s open, here’s when) to the sender.

Be aware though that this will only stop some from reporting on you. To safeguard your privacy fully, you’ll need to look at browser plug-ins.

1,426

Comments

You must log in or register to comment.

BustaferJones t1_iyb9aym wrote

This is a big deal in certain industries. I work in Legal, and trackers sent to attorneys and forwarded to clients and insurance companies often reveal key patterns like an intent to settle. Knowing what patterns to look for can make trackers a big deal and cause all sorts of ethical issues.

366

am-reddit t1_iybv22e wrote

Can u please explain how a pixel image tracker could indicate any kind of pattern? I can think of - if the pixel 'beacon' responded immediately then that indicates interest, if opened from mobile as opposed to 'regularly used' PC also so. Any interesting pattern to deduce that u know of?

49

RevengencerAlf t1_iydhqwy wrote

Think of it this way. If you're suing me, and you send my attorney a settlement proposal. If you see no evidence that the attorney forwarded it around, a reasonable assumption is that I wrote it off quickly. Don't assume it's definite but it's workable information to inform your decisions on the case.

More to the point, if you see that email has gone to 5 other people in the firm, and an IP address registered to my insurance company, you can infer that they're evaluating it for potential settlement or at least a counter-offer.

36

plafki t1_iyc52f3 wrote

Ofcourse because email is being forwarded to either settling lawyers or some other lawyers..

24

ramriot t1_iybfluq wrote

If you use Gmail for example they cache & filter these assets so that maximum, only a single fetch is made & originates from Google's own server

89

BoringTeacherNick t1_iyci7pd wrote

Fetch?

Can you please explain this like I don't know what you're talking about?

27

HaikuBotStalksMe t1_iycj6bj wrote

Normally when you email something, you can't know if someone opened it. Because you basically tell the email company, "tell them I said X".

So to get around this, you put in a specific address to a website that you control.

When someone opens the email, it'll be told "automatically load the picture from this website", where the picture is a single dot. Their email program "fetches" the dot.

When you go to check to see if they read the email, you can see when they opened the email because that's when the email program asks your website to show the picture (and logs it).

What this guy is saying is that instead of asking your website to keep loading that dot each time, it'll do it the first time and then just save the picture.

73

Jewsusgr8 t1_iycwhgs wrote

I got you

Fetch()

it's a function in JavaScript (and some other languages) for interacting with a database, especially with APIs (Application Programming Interface). These interactions include acquiring/pulling/fetching data, uploading data, editing data, and deleting data.

Since API is a loaded term and I'm not sure how familiar with computer science you are let's think of it like meal prepping. When you meal prep you create a large portion of a meal that you can pull from into any meal you feel like making that day. An API is similar in nature. An API is created by developers with code or processes they expect to need down the road.

For example if I want to pull data from a database I would create an API that allowed me to just pull from the database. Now that I've created an API to pull from the database other developers can use my API in their programs to pull from the database without having to reinvent what I just made. It saves time just like meal prepping.

Hope this answered the things!

Edit: changed some commas to slashes /

8

essoperagma t1_iyecpx7 wrote

The sender wouldn't know who you are if they sent the same asset URL to everybody. They make each one unique so that they can tie it to a single recipient. Which means that Google can't cache it for you since it wouldn't know what part of the URL is there to track you and what part of it is identifying the asset on the server.

What Gmail does for me is that it won't show any images unless I click "Show images" at the top of the email.

5

well_actuallE t1_iyciuuj wrote

This is one of those things that seem like it should be illegal (read receipts without the recipients consent)

67

flutterbyasaurus OP t1_iydegfb wrote

I agree entirely! I found out because I had a disagreement with the way my HOA was handling something, and had missed an email but found it after telling them I didn't see that specific email.

They came back with screenshots of their tracking system showing that I had just barely opened the email.

25

RogerRabbit1234 t1_iydloh0 wrote

This similar thing happened with a client who refused to pay. Told us she never got the invoice, and if it was sent to her, she didn’t see it, or she would have disputed it. Our attorney introduced to the arbitrator that she indeed did open the invoice three separate times, once right after it was received/sent, a second time where she had fwd’ed the invoice to three different individuals, and a third time about 3 hours before this arbitration session was scheduled to begin…

15

ourobboros t1_iybk70u wrote

Hey (https://www.hey.com/spy-trackers/) blocks a lot of these trackers.

21

BitnaNebitnost t1_iydj6p1 wrote

Are there any free alternatives?

2

TehWhale t1_iyedido wrote

There’s no free email if you want privacy. I’d highly recommend Fastmail though. It’s a lean and obviously fast email service that’s really cheap. You can also use your own domains included and have all those emails/domains go to the same inbox and choose which one to respond to. In my case, I have name.tld, fullname.tld, and a few project sites. All those domains have their “own” email addresses but ultimately they all are in my inbox and I can respond from all my services from there. They also offer masked email addresses like randomword-word@fastmail.com that acts as if it was your email address. If your email is ever stolen or beached, you’ll know where it came from! Also prevents tracking and building profiles on you. They offer like 5+ year plans for super cheap.

3

copywrtr t1_iyb5aed wrote

Or just use MS Outlook with default settings.

18

EntertainmentNo1674 t1_iyci6s4 wrote

Gmail and yahoo blocked this with their cache

16

flutterbyasaurus OP t1_iyde4vy wrote

Nope. Gmail does nothing to block those trackers. I'm unsure about Yahoo.

3

LeHappyCat t1_iydiv87 wrote

With Google accounts the tracking pixel may not be downloaded or may show strange open results. Google opens and proxies images transmitted to its users and uses a cache mechanism to serve a link to the same image.
Because Google proxies the image shortly after receiving the email, the initial open notification will often be a result of this action.
Google decided to use this method of image expression to save users and their server's bandwidth, avoid duplicates and optimize the client-to-server-to-client image processing.
Basically, it stores a copy of an image, and then, if some other Gmail account requests the same image, it is taken from the copy instead of the original location. Since most tracking software can only detect a download from the original location, the open tracking doesn't work or shows strange results when Google first retrieves the image (an "open" that is not made by an end user) and serves the cached version of the image from their image proxy server (end-user opens that may not be registered).
More details on this can be found on Google's official blog and this post about Google's image proxying from an external URL.
Most tracking software is highly inaccurate due to these systems as well as user error i.e opening the email in their own sent folder.

10

RevengencerAlf t1_iydidg3 wrote

This is true, but with a caveat.

They don't block them. But they do route all images through proxy services. Because of that, the sender can see that the image was in fact opened, and if it is truly unique to your email they can see that someone (presumably you if you're the only one they sent it to) opened it. But they will not see your IP and thus be able to derive where you were when you opened it.

9

bipolarbear21 t1_iydwtua wrote

Yeah this was my understanding. The link to the image is unique to your email (it doesn't execute code lol) so that when the user loads it they know that email has been opened. I don't see how using a proxy would fix this because it's still going to use the unique link.

2

Ok-Medicine-6141 t1_iydey6r wrote

If you're worried about privacy use protonmail.com. It hides all images, removes trackers, doesn't have access to your data and warns you when you click something in the email so that you don't click accidentally.

16

keep_it_kayfabe t1_iyczh5q wrote

I'm in marketing, with extensive email marketing experience. You'd be surprised at how much we can track based on a single open of your email. Even better is when you click a link with all the tracking info included in the URL string.

There's also platforms like HotJar that can look at someone's browsing habits in real-time if they happen to be on a particular website that has their script installed. Admittedly, I haven't used HotJar within the last two years or so...maybe they changed that feature by now because of privacy concerns? But yeah, back in the day I could see exactly where visitors were on our website and every action they took. You can also see larger amounts of visitor data in a heatmap format in order to see things like scroll depth, if users are clicking what you want them to click etc.

You'd be surprised at what can be tracked...

12

bizbaaz t1_iye92vw wrote

If that tool existed in the past is their something stopping me from recreating that?

1

10_Virtues t1_iybtlim wrote

This makes me think why Zuckerberg changed his company IP to Meta.

7

bipolarbear21 t1_iydwz9w wrote

What the fuck are you talking about

2

10_Virtues t1_iydycz8 wrote

The parent company is called Meta now. I am doing work at one of there Data centers and it’s not really Facebook anymore but Meta.

Zuck even made news over the controversy for taking the IP name from another smaller company.

0

bipolarbear21 t1_iydypw8 wrote

Yeah I understand the rebranding. I just don't see how that ties into what we're talking about

2

TehWhale t1_iyeds2o wrote

Yeah, Facebook org became meta but what does that have to do with any of this topic

0

10_Virtues t1_iyelnej wrote

Meta data. Facebook makes money collecting data through these methods.

0

Neonlad t1_iyczh5o wrote

Thunderbird blocks all remote content of emails by default unless you specifically allow content from the email you are viewing. (Unless you change the setting)

6

Ki6h t1_iydhthq wrote

Duck.Com has free email addresses that strip out trackers before forwarding to your main address. They also report how many trackers were found.

4

EM2_Rob t1_iybz79g wrote

Oh yeah? Is that why my thunderbird app does that?

3

serestar t1_iydivqh wrote

Apple devices now mark it as opened even if it wasn't opened as a way to combat this sort of thing. It's opened on the server so you get a lot of false positives on the types of reports. It's been a hurdle for marketers to adapt to.

3

m945050 t1_iydmdqr wrote

Is this how spam emails know that you have opened them?

3

TehWhale t1_iyedw2w wrote

Most email providers don’t load images in spam for this reason. They won’t know you’ve opened it if you don’t click links or load any images.

2

apparition47 t1_iydcixz wrote

I typically use the Apple Mail macOS client and it has some built-in proxy feature to block trackers that I recommend using. I also developed the MailTrackerBlocker plugin if that feature doesn’t work for you for some reason (older macOS version, etc).

2

bizbaaz t1_iye9hgb wrote

Im using gmail on android, is there something i could do other than turn off automatic download image as that doesnt work from experience. Is there a 3rd party app that i can ise on my phone?

2

keepthetips t1_iyav8ev wrote

Hello and welcome to r/LifeProTips!

Please help us decide if this post is a good fit for the subreddit by up or downvoting this comment.

If you think that this is great advice to improve your life, please upvote. If you think this doesn't help you in any way, please downvote. If you don't care, leave it for the others to decide.

1

bipolarbear21 t1_iydw42r wrote

This has been around for loooong time. It's nothing new. Not a single major email provider auto displays images for this reason. That's why users have to click a button to show images since many years ago.

If the setting you mentioned is on then the user must have enabled it.

1

DooBeeDoer207 t1_iyebs4y wrote

Well, that’s false.

1

bipolarbear21 t1_iyedu3q wrote

I have outlook (both personal and work), gmail (both personal and school), comcast, and email apps on my phone. On every single client, whether in-browser or mobile app, I have to click "load images" when I open an email or they won't load. It's been like this for years. Idk if the iPhone email app is different since I have a Galaxy but I imagine not. I admit I'm assuming this feature is disabled by default purely based on my anecdotal evidence though.

2

KieshaK t1_iyfczdw wrote

Outlook is the only platform I’ve used that doesn’t automatically download images.

1

Zestfullyclean87 t1_iyefjx7 wrote

I can confirm part of this, in my last job I was a hotel manager and I could tell if you received and opened your confirmation email. I could even tell if you clicked where it had the latest cancellation date before receiving a penalty

This was a big deal during Covid, because we sent an e-mail with Covid policies and what was open. A lot of people complained in order to get a free stay, claiming that they were not told this/that. But I would see that they not received the email, and clicked on the email, and the date and time that they did.

1

SgtBadManners t1_iybudkx wrote

I just tell my outlook to confirm all receipts once it's opened. It hurts my soul right now, that I have 2 emails unresponded to, but they send them after I left the office. If today was a work from home day, I would have still answered them. >_> Some of us have problems!

−6