Regulation exists to stop email tracking without your consent. In Europe, pixels are covered by the Privacy Electronic Communications Regulations 2003 (Pecr) and the EU’s General Data Protection Regulation (GDPR). Under these regulations, consent is required unless pixels are needed for service delivery, says Emily Overton, managing director of records management consultancy RMGirl.
However, the rules haven’t been widely enforced in this area, and businesses may say people consented to receive the email by signing up to the service, or that the use of pixels is okay because it is outlined in their privacy notice.
What to do about it
When it’s made available in Autumn this year, Apple’s Mail Privacy Protection will not be enabled by default. You’ll need to turn it on in Settings, Mail, Privacy Protection
Until the iOS and MacOS updates launch, you can set your email client to not load pictures by default, since images are where tracking pixels usually reside. On an iPhone, the option is in your iPhone Settings, Mail, Load Remote Images.
If you are a Gmail user, you can find the option in Settings, Images, Ask Before Displaying External Images. It’s also worth noting that since 2013, Google serves images in Gmail through its own proxy servers, which in many cases hides your IP address.
Meanwhile, the browser version of Outlook.com automatically loads external images using a proxy, but you can’t stop these from loading altogether so some data may still be gathered. More granular controls are available in Microsoft Outlook for Windows 10 (via File, Options, Trust Center, Trust Center Settings) and for Mac (in File, Preferences, Reading).
Blocking remote image loading will improve your privacy, but it could also impact your experience – you won’t see images on any emails, including newsletters, until you manually download them. As Overton warns: “Not everyone is using alt text, so images may contain information you won’t be able to read without accepting the pixels.”
And of course, switching off remote image loading doesn’t stop marketers collecting data when you do load images on an email, Callas says. True fixes have to be done by the email provider or email client. “Gmail could do it, but Google is also the world’s largest ad company,” Callas adds.
Instead there are other options. You could use a free service such as Cloudflare’s WARP app, which is similar to a VPN, Graham says. “This way, whenever you click on a link, your real IP address isn’t revealed.”
An add-on such as Ugly Email is another option for Chrome and Firefox that works with Gmail in your browser by scanning your inbox for emails containing tracking pixels, and blocking them.
There are also some other privacy-focused email providers that offer remote image blocking by default, such as ProtonMail. DuckDuckGo is launching an email privacy solution to block tracking later this year. Another option is to pay for Basecamp’s consent based email service Hey, which blocks tracking pixels and informs you if the message includes tracking. Or there is Mozilla’s Thunderbird email client, which does not load remote content automatically, instead showing a notification bar to indicate it has blocked it.
In addition, AirMail is a paid product for iOS offering multiple privacy tools, Overton says. “AirMail has more stringent privacy practices and if you turn a protection off, it warns you about the impact it will have.”