- In a digital world of pervasive surveillance, many people probably don’t realize that messages sent to their email account are being spied on.
- This is done through the use of trackers sometimes called spy pixels.
- They’re tiny inclusions in the body of an email that let the sender track when and who opened an email, what device they did it on, where the recipient is located, and much more.
It’s a pretty well-understood truism of the Internet at this point that pretty much no corner is safe from prying eyes — that your behaviors, keystrokes, purchases, and so much else is either being tracked or can be tracked quite easily. And we know who the players are, everyone from Facebook to Google, Amazon and so many more.
But there’s another vector of susceptibility, and a pretty boring one at that, that most people might not think all that much about. The messages that flow into your email account, believe it or not, are often sprinkled with tracking pixels in the body of the missive that give the sender a vantage point, not unlike the one they’d have if they planted a bug in your room. Granted, that’s an imperfect metaphor, but these so-called spy pixels in emails — first of all, the average user probably doesn’t realize they’re there in the first place. Nor do they realize the window into your activities that these trackers provide to the people who put them there.
A recent BBC analysis found that the use of spy pixels in email has become “endemic” and quite a cause for concern. A review by the messaging service Hey in recent days, for example, found that around two-thirds of emails that its own users received contained these so-called spy pixels — which are image files, like a GIF file, and invisible to the eye yet inserted into the body of an email.
Without the recipient even needing to take any action, the pixels in these emails let the sender see if an email was opened, and when it was opened — which also means they’d know how many times it was opened; also what device it was opened on; and a general idea of the recipient’s location, estimated from their IP address.
Per the BBC’s report, that data can be used to form a customer profile, among other things, and amount to what Hey co-founder David Heinemeier Hansson blasted as a “grotesque invasion of privacy.”
Albeit a much more obscure one, certainly compared to the level of something like the war over privacy and user data that Apple and Facebook are fighting right now, with Facebook actually rolling out a new marketing campaign to try and convince people that ads that track you around the web are actually a good thing.
Meantime, the email snooping continues unabated, while also attracting nowhere near the intense scrutiny that Facebook gets.
Hansson told the BBC that on average, his messaging service blocks more than 600,000 pixel tracker attempts daily. Extrapolate that out to the macro level, and to the billions of messages processed by a provider like Gmail, and his comment about a “grotesque” privacy invasion seems understandable.
“Tracking pixels have been around for some time but are not well-known,” the BBC report continues. “For marketers, pixels can be an invaluable method to measure engagement levels, estimate the success of marketing campaigns, and potentially to send follow-ups and more personalized notes when a message has been read, but not responded to.” But there’s such a fine line, it should go without saying, between personalized and super creepy.