Email is just about the least secure way to communicate. It’s unencrypted, so it can be read by anyone, anywhere along its journey across the internet, like a postcard, not like a sealed letter. But email always has been that way. Tracking pixels are even worse. They give the sender an obscene amount of information about you, without once asking for your permission. What’s going on? Can you protect yourself? “The privacy implications are that anyone can see when, and even where, you open their email,” Phillip Caudell, developer of privacy-first email app Big Mail, told Lifewire via email. “And unlike read receipts in apps like iMessage or WhatsApp, you can’t opt out, and worse, most people don’t know it’s even happening to them.”

What Is a Tracking Pixel?

When an email newsletter is sent to you, it contains a link to a tiny image, perhaps just a single pixel. When you open the email, it loads all the images contained in the message, including these pixels. Because the images are loaded from an external server, the sender knows exactly when you opened the containing email. Because your email app uses its built in web browser to load and display messages, it leaks the same data as a browser, including your IP address, which can reveal your location. Tracking pixels have many purposes. Email apps and services use them to tell a sender if and when their messages were opened. This works like read receipts in messaging apps like WhatsApp and iMessage, only the receiver cannot opt out or even know that they are being tracked. Your boss could check to see if you opened that email they sent, for example. It gets worse…

Privacy Emergency

Once you have an IP address, you have the location of that internet connection. From there, you can tie that address to a physical address. Spyware company El Toro said that its technology “brings the location-specific accuracy of direct mail to digital advertising. Through our patented IP Targeting technology we target digital ads to your customer by matching their IP address with their physical address.” It promises “targeting without having to use cookies, census blocks, or geo-location tools.”  Predictably, there’s a lot more. “[Email marketing company Sendgrid] also replaces URLs with their own URLs to track when someone clicks on it,” says software developer Jake Humphrey on Twitter. “I don’t care what justification you use,” David Heinemeier Hansson, the co-founder of HEY email-developer Basecamp, writes on Twitter. “Unless you’ve gotten informed, opt-in consent first, it’s an abuse of privacy and needs to stop. No excuses.”

How Can You Block Spy Pixels?

The most basic way to block spy pixels is to never load any images in your email. You can switch this feature on in many email apps, including Apple’s Mail app. Attachments sent to you still will arrive, but remote images never will be loaded. The problem with this is that you never see any images in your email, even the ones you want to see. And if you click to load those images, the spy pixels will be loaded too.  Some email services help out. Fastmail, for example, copies any linked images to its servers. It then loads these proxy images when you view the mail. “This means the sender only knows our server information and location, and not yours,” writes Nicola Nye, Fastmail’s chief of staff. This only works on the Fastmail site, or in its apps. Heinemeier Hansson’s HEY email service goes one better. It actively hunts and blocks spy pixels, and if it finds one, it tells you right away. HEY also proxies all other images, just like Fastmail, keeping your IP address private when you view them. If you don’t use HEY or Fastmail, or you don’t want to switch providers, there are other ways to protect yourself. You could use the MailTrackerBlocker plugin for Apple’s Mac Mail app. Or you could switch to an app that protects you. MailMate is a powerful email client for the Mac, and will warn you with a big banner when pixel trackers are found and blocked.  You also could use Caudell’s Big Mail, a privacy-focused email app, which should be launching this month. Big Mail’s unique feature is that it does all the processing on your own device, instead of on a remote server where you have no control.  “I suspect as more people learn about this invasion of their privacy, people will begin to expect privacy-shielding functionality from their mail apps,” says Caudell.