Pixels in emails

Neil_Jones

goodValue said:

Neil_Jones said:

Turn off the "load images in email" or similar option.

Would this also stop me getting ads based on my location?

No.  Is the simple answer.

[Deleted User]

goodValue said:

There is no message sent back, your email reader just makes a request to read the tracking pixel from the server so it can "display" it in the email - even though you won't actually be able to see it.

I can't say that I fully understand this, but I do find it fascinating.
If I read it a number of times I think I'll get a better understanding.

From what you said, I get the feeling that the server withholds information about the pixel, so the email reader has to send another request to the server to get the details about the pixel. And it is this request that supplies all the information about my email account and hardware to the server.
Is that correct?

Yes so I probably need to go back a step to explain. 

When email was first invented many moons ago, the whole contents of the email was just plain text sent from one mail account to another. 

Over time emails have generated into more complex content, pretty much the same as you see on a webpage, a mix of text and images. 

To minimise the size of the email being sent, many emails nowadays don’t send all the contents in the email itself, images are instead loaded from elsewhere like they are in a web page. 

But this process of loading the images only occurs when you open the email. 

So when you open an email like that, you are basically contacting a remote web server to load the content. 

If a specific part of the content is unique just to your email, such as a tracking pixel, then the sender can work out when you opened the email. 

goodValue

1. From the above the web server can build a "fingerprint" of your device. This can be used to track you across different websites without using cookies - when a website see the same combination of IP address, browser and hardware information then it knows it is probably the same person accessing the website. 

I think this is the point I'm having difficulty with:
My current understanding is:
  1 Only the originating website sees the request from the email website
  2 The originating website will only see that the request that comes from the email website.

So how do multiple websites get involved?

[Deleted User]

goodValue said:

1.  From the above the web server can build a "fingerprint" of your device. This can be used to track you across different websites without using cookies - when a website see the same combination of IP address, browser and hardware information then it knows it is probably the same person accessing the website. 

I think this is the point I'm having difficulty with:
My current understanding is:
  1 Only the originating website sees the request from the email website
  2 The originating website will only see that the request that comes from the email website.

So how do multiple websites get involved?

1. Within the email, the HTML code can call any website it is programmed to call to request content such as images. The request comes from your device, not the email provider. 

2. No, so your email client or browser is rendering the email so the request comes from your device, not the email website. 

For the final question about multiple websites, I’m now taking things a step further. Some internet marketing companies will make a fingerprint from you visiting one website based on your IP address, browser and hardware. Same fingerprint can be obtained from your email pixel tracking. 

When that same fingerprint turns up at another website that the marketing company is monitoring they assume it is you and now can start building up a database of the websites you visit - even if you block cookies. 

goodValue

When that same fingerprint turns up at another website that the marketing company is monitoring they assume it is you and now can start building up a database of the websites you visit - even if you block cookies. 

So I can prevent this with the email website (by not displaying images), but not with other websites - that's a shame.

[Deleted User]

goodValue said:

When that same fingerprint turns up at another website that the marketing company is monitoring they assume it is you and now can start building up a database of the websites you visit - even if you block cookies. 

So I can prevent this with the email website (by not displaying images), but not with other websites - that's a shame.

If you are determined enough you can be more private and prevent fingerprint tracking, but it takes a bit of effort and you'll need to do a bit more research to understand tracking etc.

Whilst I have the know-how to browse the internet totally anonymously, I don't bother. The data that is being collected about me isn't detrimental to my freedom and is just being used for marketing purposes. 

If I lived in a country where my browsing habits are subject to surveillance by some official body, then I would use all those tools.

The various tools you can use are things like:

1. Browser plugins that block tracking websites and adverts
2. Privacy based browsers such as Brave
3. Taking control of your DNS with PiHole and unbound
4. VPN to hide your IP address
5. Tor browser 

All of them add a degree of complexity to your browsing and can take away from the experience in terms of relevance of content, remembering previous visits or items in your basket on shopping sites. Some of them will slow down your browsing as well.

All depends on how far you want to go to stay anonymous and what benefits you think it will have?

k_man

[Deleted User] said:

goodValue said:

1.  From the above the web server can build a "fingerprint" of your device. This can be used to track you across different websites without using cookies - when a website see the same combination of IP address, browser and hardware information then it knows it is probably the same person accessing the website. 

I think this is the point I'm having difficulty with:
My current understanding is:
  1 Only the originating website sees the request from the email website
  2 The originating website will only see that the request that comes from the email website.

So how do multiple websites get involved?

1. Within the email, the HTML code can call any website it is programmed to call to request content such as images. The request comes from your device, not the email provider. 

2. No, so your email client or browser is rendering the email so the request comes from your device, not the email website. 

For the final question about multiple websites, I’m now taking things a step further. Some internet marketing companies will make a fingerprint from you visiting one website based on your IP address, browser and hardware. Same fingerprint can be obtained from your email pixel tracking. 

When that same fingerprint turns up at another website that the marketing company is monitoring they assume it is you and now can start building up a database of the websites you visit - even if you block cookies. 

I finally got around to having a search on this, as I remembered something.

Google/Gmail do proxy access to images, so if using the web interface, your IP address is hidden (obviously not from Google) from the tracking pixels at least.
 Other web based email providers may do the same.

https://gmail.googleblog.com/2013/12/images-now-showing.html

Although as touched on above, tracking you is basically ed in lots of things, IP address just being one.

goodValue

If you are determined enough you can be more private and prevent fingerprint tracking, but it takes a bit of effort and you'll need to do a bit more research to understand tracking etc.

Even if I didn't put it into practice, I'd like to understand what is going on.
Do you know of a website suitable for novices?

[Deleted User]

goodValue said:

If you are determined enough you can be more private and prevent fingerprint tracking, but it takes a bit of effort and you'll need to do a bit more research to understand tracking etc.

Even if I didn't put it into practice, I'd like to understand what is going on.
Do you know of a website suitable for novices?

https://privacy.net/