Ways to block strangers from getting your data when you open an email
By now you probably know that browsing the web leaves you open to tracking by Internet service providers, website operators and advertisers. But less well known is that you can be tracked simply by opening an email. Merely clicking or tapping to pen a message can transmit to the sender not only that you opened I, but also where you were when you did so and on what device, among other things.
The technology has been used by email marketers and Nigerian fraudsters for more than a decade. But more recently, it has become a tool used by employers, sales people, bill collectors, lawyers, political candidates, nonprofit fund-raisers and maybe also that guy you met at a bar and regrettably gave your contact information to.
Here’s how it works: The sender of the email embeds a so-called web bug or pixel tracker into the content of the message or possible inside an attached PDF, Word or PowerPoint. These bugs are 1-by-1 pixel images (tinier than tiny), which are invisible to the recipient. When the email or document is opened, the bug triggers your device to contact the sender’s server and convey all sorts of information.
“What it does is lure you into an online environment and the collection that goes on there without alerting your that it’s happening,” said Ryan Calo, a professor of law at the University of Washington Law School in Seattle who specializes in privacy issues.
There are some things you can do to avoid having your email activity monitored. Perhaps the easiest defense is to adjust the settings of your email program so there is no image rendering.
It used to be set that way by default but last year, in a boon to marketers, Gmail made the setting an opt-out feature and many other email providers followed suit.
Disable images will sift and block images from incoming emails, including those tiny, pixel-size tracking bugs. You can click on the missing images you want to see and which ones you don’t.
“A more advanced technique is to construct a personal firewall that blocks images,” said Gerald Friedland, director of audio and multimedia research at the International Computer Science Institute at the University of California, Berkeley.
Or, he said, you could simply turn off your Wi-Fi while opening and reading email messages. This, of course, assumes you aren’t checking your email on your provider’s website but rather using a retrieval program like Apple Mail or Outlook.
And don’t click on any attachment while connected, nor a link within the message, even if it’s the unsubscribe button. “The unsubscribe link is the most clicked item in emails, so it’s often what they use to track you,” said H.D. Moore, a senior researcher with the Internet security consultant Rapid7. “As soon as you click on it, they knew everything about you.”
The unsubscribe link is the most clicked item in emails, so it’s often what they use to track you.
Besides when, where and on what device you opened the message, an email sender can also tell how long you looked at the message and if you opened other windows while you had the message displayed.
Also transmitted is if you saved, forwarded or deleted the message, how many times you subsequently opened the message plus various details about your device’s operating system and settings.
Analysis of this kind of tracking data is a standard service offered by bulk email providers like Constant Contact, MailChimp or HubSpo