Hacker News new | past | comments | ask | show | jobs | submit login
The life and death of email read tracking (missiveapp.com)
245 points by AdriaanvRossum on Sept 29, 2020 | hide | past | favorite | 160 comments



Good riddance.

Anecdotal, but I noticed a definite change in the tone of sales emails I was getting after I turned off images in Gmail. When they could tell I was reading their garbage but not responding, there was a lot of "tell me why you aren't interested" and "just a fifteen-minute call, just fifteen minutes we swear" and "please just talk to me, why won't you talk to me?"

They saw I was opening the emails—at this point, if I see something bold, I tap it without thinking—so they thought they had a chance, and they were really obnoxious.

I finally switched off images. After they stopped being able to tell if I was seeing their stuff, they got a little less pushy; they couldn't be sure I'd gotten their first email, so they focused more on re-explaining their product than trying to guilt me into reacting to them.

(I'm a little more understanding of people who use these to determine how much dead weight their mailing list has. Especially if you're an indie creator, you don't want to be paying for the 20% of people who might not be reading your newsletter. I don't mind a "please let us know if you're reading our newsletter" email as long as they're not obnoxious about it.)


I'd highly recommend https://www.emailprivacytester.com/ as well; it does a good job of testing if your email client leaks information about whether an email has been read.

That demanding, presumptuous tone in an email is indeed a fast way to generate annoyance. With or without read-tracking, it's a bad approach to sales.

I received mail via an address obviously obtained via a scraper or purchased spam list, with a subject of "quick call on Friday?". When that bait failed to work, they then had the audacity to send a mail asking for reasons for the lack of response, with such options as "I'm busy, reach out again in a month", or "I'm not the right person, but I've CCed another contact", etc. Naturally, there was no option for "You're a spammer and in an ideal world you'd go out of business".

Ironically, it was a company offering lead generation and sales, so the fact that they're spamming is a very clear sign that their services are highly suspect.

When I have the time and inclination, I go through the email headers of such mails, and report them to their mailing list service (some of them are very good about removing spammers), their hosting provider, their domain name provider, their email provider (gmail never seems to act on spam reports, but perhaps others might not be), and anyone else who might be able to stop the spam.


I would also recommend little snitch (on mac).

I use apple mail, and turn off remote images.

HOWEVER it has a huge privacy hole. If I forward an email it loads all images.

I found this out when I wanted to forward a phishing email to IT. ugh.


Really? Mail.app on Catalina here doesn't load anything when I go to forward a message. Maybe there's a different setting for that?


This looks pretty useful. Thank you.

And yeah, pretty much every such email I've received was from companies who seemed to pride themselves on their interpersonal services or abilities. Given that they managed to irritate me in under ten seconds, I did not have a whole lot of faith in their abilities.


Interesting service, apparently Apples Mail.app actually blocks all of its tricks.


It’s most likely drip marketing systems at work, and no human was ever involved. They are just systems that respond to certain triggers, such as “read 3 emails without answering”.

So right now you’re hindering the algorithm of making these decisions, which leads to more generic emails. Consider it the email equivalent to blocking cookies. :)


I always thought gmail requests the images whether you open the email or not since they moved to the image proxy in 2015 or so.


I too recall hearing this, but email tracking definitely still works in Gmail, and Google, being the advertising and marketing king, has no incentive to upset their actual customers by defeating email tracking. (In fact, AMP4Email, a.k.a. "Dynamic Email", will probably make this even worse.)

I suspect the thing we heard about means Gmail is messing up the IP address/location tracking aspect of a tracking pixel, but still loading it on email opens. The bargain of "we'll hide the user's IP, but still allow you to track their behavior" sounds like the devil's bargain I'm used to from them.


AMP4Email was the trigger that turned me from a paying customer to de-Googling my life, so I guess I can be thankful for that at least.


Good to know, I disabled loading images now.


> I always thought gmail requests the images whether you open the email or not since they moved to the image proxy in 2015 or so.

No. They request the image (through their proxies) the first time it's loaded. Only subsequent requests are loaded straight from the cache.

That means that, if trackers send personalized tracking pixels (which literally all do), then they still know the first time you read the email. (The only thing that's changed is that they can't tell when you open it subsequent times, and they can't get location information and the like from your IP address).

In exchange for taking location tracking away from marketing companies, they turned images on by default for Gmail users.


No, the proxy hides your IP, user agent, and cookies but it doesn't actually fetch the images until you open the message.


> When they could tell I was reading their garbage but not responding, there was a lot of "tell me why you aren't interested" [...]

I absolutely HATE these. Yes, I saw your email two weeks ago. No, I didn't want to talk to you then. No, if you send me a second email (especially if it's a condescending attempt at a power move like 'I didn't see your response to my last email, please let me know when we can meet up') I will absolutely not ever want to talk to you or buy anything from you.


> I'm a little more understanding of people who use these to determine how much dead weight their mailing list has. Especially if you're an indie creator, you don't want to be paying for the 20% of people who might not be reading your newsletter. I don't mind a "please let us know if you're reading our newsletter" email as long as they're not obnoxious about it.

I semi regularly use the prune feature of my mailing list client to get rid of people who haven’t opened emails recently. I suppose this may be removing active subscribers? If so, is there another way to achieve this goal? (Removing non-active members helps reduce spam reports and helps with deliverability I think)

(My niche is non technical so they probably use email app defaults for images)


Likely depends on the service.

About a month ago I got a 'still interested?' email that I could click on a link to say I was.

Looks like they were using ConvertKit.

Issues with email tracking has been a known issue for over a decade, so you would hope they would have that as part of their service. Might be worth using a test email to try it out.


I suspect I'm a few years older than you 8)

I run many small (and a few quite bigger than small) email ingress/egress systems for several decades now. I also worry about a fair few mailbox stores.

Email is quite old and was never designed to worry about things like security. It was designed to get a message from A -> B. Regardless of that, it is the Pony Express realised (says British bloke!)


I got less emails from recruiters when I turned off image loading in gmail. It's gotten better. What I suspect that I've found is that recruiters are embeddeding tracking images to indicate if you've looked at the email or not.


Thanks! I just disabled external images in gmail after reading your comment.


>For instance, sales people live and die in their email clients. One really useful feature for them is read tracking. You send an email to a prospect, that person quickly follows up saying they are not interested, but 3 months later, they reopen that same email, you get a live read notification, you instantly take your phone and follow up. You win.

[...]

>Now, if the love letter author inserted a pixel tracker, they can know every single time you did go back to that email, and read it again and again. Not cool.

How is the first example any less creepy than the second example?


>How is the first example any less creepy than the second example?

It's not. The whole concept of 'read receipts/tracking' in general, whether it's email or messaging or whatever is starting to get to me.

I've never actually heard of a positive use for them and I know they've personally caused me stress before as well as people I know and people's stories i've read.

I honestly can't see the desirability about a feature that allows you to see when others have read your message.

Even in your examples, they cause stress, the marketer and the love letter writer are stressed waiting, the person receiving the letter if they knew reads were being tracked would be stressed.

It really creates a strange conversation dynamic and the more communication methods that have it, the more uncomfortable I find communicating to be.


The reason is that it increases expectations without a concurrent increase in agency.

People tend to describe this dynamic as "always-connected" or something similar, but that verbiage really just scratches the surface of the underlying mechanics. At it's heart, it's all about trying to increasingly make "your time" into "my time", and that's not fair if you go back to our basic assumptions about what makes us human and why freedom is important.

Almost every dystopian sci-fi novel includes the theme of humans in some way being enslaved to machines, and this dynamic is the beginning of just such a thing. Here, the machine is not yet a machine but rather another person, but the outcome is the same; it starts to become a form of "attention slavery".


It makes me think about how we see this sort of thing actually becoming possible with YouTube. Soon algorithms will be able to create stuff that will be sufficiently entertaining. Dreadful.

I mean, I've already spent nearly half an hour looking at zooming into the mandelbrot fractal. But... that's different...


I'm the author, I totally agree.


Read tracking is very useful when you deal with people who don't check their email. I know some old people who "got hacked", and as a result they are scared of email and won't check it unless called and told of something important. (emailing semi-private pictures and directions is often useful)


Instead of using this creepy surveillance technique, how about calling them to ask if they read your email?


"Telephone anxiety", is a thing, as I've come to learn recently about some of my cohorts when I'd ask this very question:

"did you call and ask this person for the follow-up you're claiming they haven't given you in three days?"

I had no clue-now I'm not going to press the matter and push the person into it, yet at the same time here we're sitting on a decision being left open by one person, and not being acted on at all by another.

Makes for some interesting manager decisions, it does.


Telephone anxiety is easy to create.

Take a kid, who has a phone, and a peer group with elaborate customs around using it, which include never, ever calling someone without texting first. Maybe your best friend and main squeeze, as a special privilege.

Then the parent insists the child pick up the phone whenever they call. Also, there are spam calls, and the occasional genuine emergency.

Presto, the phone ringing is automatically Bad News, and as the child grows to adulthood, they associate phone calls with trouble, and subconsciously feel like an aggressive, bad person, if they have to make one.


And they're right.

Phone calls are, after all, even more aggressively demanding that someone else's attention be, right now, dedicated to dealing with you than any tracker.


Then the parent insists the child pick up the phone whenever they call. Also, there are spam calls, and the occasional genuine emergency

Coming from someone who had a parent who liked to LIE (yes, straight up bold faced lie) about there being a “family emergency” because I didn’t answer each and every single phone call they made fast enough (surprise, teenage me had a job and I couldn’t just stop making pizzas because dad wanted another check-in) I completely empathize


> I honestly can't see the desirability about a feature that allows you to see when others have read your message.

When placing an order via email it's really useful to get an automatic confirmation that the order has been read.


Does this even work for most clients, e.g. gmail and outlook? My understanding is gmail preloads the images (aka pixels) to their server before you even open. And outlook will cache the image after the first open so it won't fire back to the server after that.


I thought that too, but just looked talked with a user of an email marketing program and she is getting read notifications from her own Gmail account right after she opens it when testing (and lots in production). I think what Gmail does is they load the images from their server the first time you open the email and cache then for later views.


Working in a large corporation I can confirm that it doesn't work. Outlook blocks all images and external content by default. There is a button somewhere to unlock the email but you'd never click that for spam.


Most users here wouldn't, but plenty of enterprise users do. And also have active content allowed if not explicitly denied by a GPO.


Gmail just proxies the image which protects your IP address. Marketers can still see whether you opened the email unless you have images disabled.


Yeah I was referring to a time shift (and caching). Good point about the ip


You can also tell Gmail not to open images at all until you hit a button saying so


If they really cared, they'd made it simple to default to showing images from people in your contacts, and not otherwise.

However, because they're in bed with the advertisers, they make it so you either choose a degrading email experience for all your emails, or allow yourself to be tracked.


This comment misses the mark a bit. Gmail actually competes with spam emailers - then run their own ads inside your inbox and would rather you click on those. They also sort promotions and spam out of your primary inbox pretty robustly.


"but 3 months later, they reopen that same email, you get a live read notification"

It doesn't work for gmail users. Tracking pixel will only be fired the first time the email is opened. After that, images will be served via google proxy servers.

Source: https://gmail.googleblog.com/2013/12/images-now-showing.html


I doubt they'd cache an image for 3 months or longer.


nope, not sure about the gmail proxy servers but you get alerts everytime user opens the mail. speaking from first hand experience.


That happens if email is opened via clients like Thunderbird. For gmail, image will be served via google proxy servers.


What is the cache time for said proxy servers? Does it follow content expiration rules?


In my tests using Gmail website, I see the read receipts right away.


Do you see them the second or third time you open the mail?


When the situation is more personal, it's harder to suppress the cognitive dissonance of invading someone's personal space (their email client). By adding the business context, it's easier to justify it as likely being a work only email account, etc.


> How is the first example any less creepy than the second example?

Love is a much more personal and private topic than a b2b capital expense.


Yeah holy shit I was immediately struck by how creepy that first example was.


Well, mostly because many of us want the guy to reach out to us most of the time in the first case. I respond to practically every email quite rapidly and for ones I'm not interested in I just push it off. At some later time, I might need the sales guy at short notice and I always reach out to the same guy. Or maybe I just want to cultivate a link so that I have the connection later so I give him the lead when I would otherwise go random.


I worked at a startup (full of awesome people!) that, among other things, helped stock analysts track who was opening their publications (emails).

It wasn't just about finding out when or where someone was opening it. It was about finding out who was forwarding these emails. Because there was a cost to be on this mailing list- if you're forwarding the contents, you're effectively pirating that information (I wave my hands a bit as I say this because there's a loooot of interpretation there and you are welcome to disagree).

So if you send out your latest post to 500 (paying) customers, you could see- how many people read it? How many people came back and read it again later? And most importantly, how many different IP addresses were loading that tracking pixel? Oh, the tracking says the content I sent to John was opened by 1000 different people? Okay, John is off the list now.

What made it better was that a lot of the content was graphical. So the 'tracking pixel' was the content itself. Short of downloading and forwarding the image, you couldn't share it without there being a record.

The company wasn't what I wanted to do so I moved on pretty quickly- but it still strikes me how neat it all was.

Edit later: Oh right, the other thing- you could tell what company the person who opened it was at by the IP Address, some of the time! "Hey, I didn't send it to anyone at <Company>, why the $%&* are they reading it?"


> You send an email to a prospect, that person quickly follows up saying they are not interested, but 3 months later, they reopen that same email, you get a live read notification, you instantly take your phone and follow up. You win.

This is awful and precisely the reason I set my mail clients to not open remote content by default since I started using email decades ago.

If this exact situation occurred to me as a prospect, I would likely never deal with that company again.


I recently got an email from a mailing list saying "goodbye" to me because I don't read their emails anymore.

Of course, the catch is, I open their emails several times a week: I just block remote images. I replied back to them to tell them I don't appreciate them trying to track whether or not I open my mail in my inbox, but to keep me on the list.

I could get upset and unsubscribe because I'm annoyed they're relying on tracking, though FWIW, my experience demonstrates their tracking isn't working. And hopefully, me directly communicating with them that their strategy is both ineffective and unappreciated may help nudge them away from this sort of behavior.


They do this because they get penalized by email service companies for sending emails that people don't open, so they have to guess.


> because they get penalized by email service companies for sending emails that people don't open

... as measured by the exact same totally flawed technique the article at the top of this thread links too.

:sigh:

I guess for companies like, say, Mailchimp or Campaign Monitor or newsletter services like Tiny Letter - there's a big difference between a "maybe 70% accurate open rate of 50%" compared to a "maybe 70% accurate open rate of 0.1%", and the second should quite certainly be grounds for firing you as a customer. Sadly the "marketing automation" industry mostly likely think 0.1% open rates are acceptable and instead of firing that client instead recommend sending their email to 10 or 100 times as many email addresses is a great idea.


I had an incident with Capital One sending me a letter in the mail saying that I hadn't read any email correspondence and they thought my email address was invalid. I have display images disables in Gmail.


Some mail delivery systems unsubscribe folks from (legitimate) distribution lists/newsletters once they determine that tracking pixels are not loaded for a while.

People implenting and using such a feature (from the sender side) should be fired on the spot.


I implemented such a feature and thought it was a good thing as we don't want to send marketing emails to those who aren't interested.

People will also enter in junk email addresses so it is to clear them out to keep your list clean.

Those who are interested in the email content and still have images turned off are rare in practice. Even then, I also checked for email clicks and logins for some redundancy.


> Those who are interested in the email content and still have images turned off are rare in practice.

How do you know this? Maybe you keep kicking them off your list and are misinterpreting your signal. What percentage of your addresses never phone home?

I think this is the point of the post as people assume this functionality works and make decisions.

It seems like a low cost to maintain people who subscribed but never loaded a tracker image.

Not sure your product, but I think people who turn on this feature are savvier than some users. So pruning them from your list would remove potentially lucrative customers.

I think this availability bias of data leads companies to doing some weird, suboptimal things. Like using Facebook in place of market research leaves out non-Facebook users, etc etc.


As with all things, this is a context where the important information was on-platform and the emails were opt-in subscriptions. YMMV.

> It seems like a low cost to maintain people who subscribed but never loaded a tracker image.

On the contrary. Each send costs. This adds up. It also adds cost to the overall processes involved due to unbounded growth in possible recipients.

Reputation with service providers is another concern. Google, for instance, will punish a sender's deliverability if enough recipients never open emails. Failing to clean your list impacts the ability to deliver to active users.

> What percentage of your addresses never phone home?

These were an extreme outlier. Such that it's simpler to send an email communicating the pending removal unless they opt-in.

> So pruning them from your list would remove potentially lucrative customers.

These decisions aren't made in a vacuum. Links themselves are also tracked. Those users also weren't actively clicking emails either.

On the system I was cleaning up, something like 20% of outbound emails had _zero_ engagement.


If someone signs up, are they not interested?

But entering a junk email suggests an email address is required for other content.

Do you confirm addresses on sign-up?


This is mostly driven by Gmail and Outlooks spam filters.


Aha! Now I know why I used to get these a lot from various financial services companies I'm a customer of. "Your email address doesn't seem to be valid." And yet I know for a fact that it is, because I get several emails a week from them. So I know they're not getting bounce messages; they're just trusting their stupid tracking pixels. And I've had images turned off in my email since HTML email became a thing.


A long, long time ago, I had a boss who was nutso about this stuff. One day, he comes to me, and tell me to turn on read-receipts.

"Sure thing, boss." I let it work for a few days, then turn it off. Turn it back on before he comes to check why it isn't working.

"Gee, boss, I dunno. I don't even notice that, now." He goes away to 'think' about it. I keep it on for a few weeks. Then I turn it off, for the last time. I never heard from that PHB on that subject ever again.

Read receipts aren't something people ACTUALLY want. It's something they want to want. Or want you to want. Either way, nobody actually wants that unless you're trying to externalize your coping strategies onto those around you, which is maladaptive and very no bueno.


I'm not sure why you're being downvoted for relating your personal experience. I had an almost identical conversation with my boss, with similar results.


It's a sign your boss doesn't have enough actual stuff to do, and so is managing your time like you are a child.

I imagine some of the downvoters are mad that the person used an indirect means instead of a direct one, but people like this don't respond to saying "no, this is a dumb idea" very well.


It's a sign your boss doesn't have enough actual stuff to do, and so is managing your time like you are a child.

Yep. That was exactly her. And why she was in the first batch shown the door when the COVID cuts came.


This is in the top 10% of marketing communications where you are breaking bad news but modelling integrity. A herald of an age where privacy is a feature, not a bug.


Setting Thunderbird to default to only loading plaintext has been great for discovering sites that use trackers. Sometimes I'll sign up for a weekly newsletter, read it, but the hidden tracking isn't loaded. Inevitably, I'll get an email a few months later with instructions for unsubscribing since their tracking isn't showing that I read any of the emails.


Didn't most email providers kill these off years ago? I thought they just cached the images as soon as the email arrived, and showed you the cached version each time you opened the message.


Nope, but here is how to block them [1]

[1] https://mashable.com/article/how-to-block-email-pixel-tracki...


I see. So they're just proxying the request for the image, instead of caching it. That prevents the tracking image from learning your IP, receiving cookies, etc. but still gives the tracker that binary "did they see it" signal.

I guess I'm disabling images in email. I thought email providers would have closed this obvious privacy disaster... but nope.


Privacy-oriented email providers tend to block remote images by default[1]. Ad companies that provide free email services generally do not, because the users of tracking pixels are often their advertising customers.

[1] Fastmail also has a "middle-ground" option to show remote images if it's from someone in your contacts, if you want a way to filter it dynamically a bit. I leave mine on a straight block, but if you really hate seeing "ugly" emails, it's a nice option.


That's a bad idea, because it shows spammers which email addresses are valid.


That already happens. When I ran my own email server, I didn't reject invalid addresses because that was the anti-spam advice at the time (whether or not it worked, I don't know; most of my email was still spam). But that doesn't appear to be what providers like Gmail are doing; they are happy to tell you that an address is invalid. It is somewhat important to human users for the mail server to tell you the address is invalid. (An example: many years ago I interviewed at Google. Some time during the process, my recruiter left. I found this out by sending them an email and getting a message about the address being invalid. I then complained on HN, someone followed up, and I worked there for many years!)


I use this on my invoicing app. I implemented it after years of the app's users telling me that some of their customers/clients would consistently deny getting their invoices. This required me to sift through my email server logs to see if it was successfully delivered and that's a pita that was costing me time and my app's users a lot of frustration.

The app also allows users to create estimates, proposals, receipts, etc. I don't implement tracking on any of those documents, only invoices. An invoice is a "legal instrument" and I consider the documenting of it being opened a tool my users can offer a court of law as evidence their invoice was successfully delivered and viewed by the recipient. A court can certainly reject it, but they may also accept it.

I see it as little different than paying the Post Office for "Tracking" something you've mailed with their services.


Interesting, I hope this gets tested in court as I’d like to know the outcome.

Since I can open an email without you knowing and I can load your tracker image without reading it, I don’t think it will stand up.

I think a more reliable method is a system that requires a user to do something to acknowledge and sign. I refinanced a mortgage recently and had something like this where the email just contained links that I had to log in, view, and accept. That seems a bit more reliable if I actually want to prove that someone was “served.”


It's been a very long time since I looked into it, but I do recall a court case that ruled delivering an invoice by email was considered the same as using the USPS.

The software just increments a counter when the invoice is opened and calls the url for the image. The image url is only used in the customer's email and it has a unique id. The url points to a server side perl script that associates the id with an invoice and increments a counter if some tests are successful.

So, while I'm sure one could probably figure out how to spoof the counter the process is obscure enough to make that improbable.


The Post Office can’t tell you if the recipient opened your letter—just that they received it. (And I don’t think we would want the Post Office to know which letters you read and which you junk, either!)

So your old process of checking the email server logs seems more analogous to Post Office tracking to me. Would it be possible to automate that?


In that analogy, it would be more like you can only know that your local post office delivered it to their local post office... you have no idea if the carrier actually delivered it to the mailbox, or if it is just sitting in their sorting room still.


The app does tell the user their document was successfully delivered or not as well. It also counts the number of times an invoice has been opened. I could also track the date and time of that but I don't.


The amount of false negatives (users received the invoice but disabled tracking pixels) must be large enough soon to cause issues for you on its own.

Paying the post office is very much different, for obvious reasons.


Presumably, a successful tracking attempt provides good potential evidence that an invoice was viewed. For everyone else, whether they haven't viewed it, or blocked tracking that they did, doesn't necessarily detract from the value they get from the evidence in the case of successes.

That being said, I'm happy to block any tracking, and the fact that it might mean I'm leaving less potentially-incriminating evidence for a court of law is a nice perk.

Which is to say, I can see the reason the parent poster has to implement this as a feature, and can also say everyone in their right mind should ensure they're blocking it. ;)


I struggled a bit with the ethics of this. My own experience with a client denying he received an invoice I mailed with the USPS certainly swayed my decision to implement it. It wasn't until I mailed the invoice with their "Certified Mail" option and disabled their web app just days before their big "debut" that they paid me. Had I not done that I have no doubt they would not have paid me.

It's probably been around 8-10 years (at least) since I implemented that feature in my app and I've not had a user contact me about a client of theirs denying they've received an invoice since. That's only anecdotal evidence of effectiveness but it's worth noting.

That said, I do think using pixel tracking in a marketing email is a slimy practice. I don't block it by default though. I still flag junk and delete spam once or twice a day.


I think the kind of people that block tracking pixels and also claim that they don't receive invoices is small enough that this wouldn't be an issue. Most people just pay their invoices.


It wasn't a huge problem for the app's users, but it came up enough to make it worth implementing the feature.


I've noticed several mailing lists send me "you're not reading our mail, we're going to unsubscribe you" messages because I don't allow my MUA to spy for them.

Fixed; created a cron job to curl relevant tracking pixels once a month.


I've been using Trocker (https://trockerapp.github.io) for some time already and sometimes I get surprised by how many emails contain read-tracking.


this. I was about to add comment about trocker. I always install these 3 blockers in my browser: ub origin, privacy badger, and trocker.


Note that Google experimented with preventing read receipt tracking while allowing images to load, but eventually decided against it as it affected tracking data for their partners.

ProtonMail claims to be working on a solution as of 2 years ago[1] but has not yet shipped anything in this domain.

[1]: https://news.ycombinator.com/item?id=17611361 (ProtonMail employee, responding to https://news.ycombinator.com/item?id=17610732 )


What many people don't know: there exists an opt-in feature for read receipts, built right into all major email clients.


This does not apply to tracking pixels - the technology used here is completely different.

What you mention is the ability for your email client to send a "that email was read" message when you send an email with such a request.


Yes. They are saying that if people really wanted to tell you when they open your email, they could enable it. However, they don’t. Throwing tracking pixels in are really a means to circumvent the wish of the recipient.


...which most people have turned off, for good reason.

This is why people build features like this. They want to track their email to you, and they want to do it without your consent.


The default setting for such feature is to ask the user.

It makes the whole interaction more creepy, moreover, I don't think that a lot of webclient support it (or even Smartphone apps).

It's kind of a dying feature.


> The default setting for such feature is to ask the user. It makes the whole interaction more creepy.

I never considered that a consensual request prompt could be considered 'more creepy' than non-consensual spying. What about that interaction upsets you? Simply knowing that someone wanted to do it?


My general heuristic is that if people knowing that you're doing something to them would be a problem, then you should at least consider that it might be inherently creepy to do it.

The reason people are creeped out when you ask them whether or not you can monitor them is because they don't want to be monitored. Skipping that question and tracking them without their permission doesn't make it less creepy, it makes it more creepy.


I remember both Roundcube and Squirrelmail supporting them, and they are quite common.


At the risk of explaining the joke: I'm guessing you mean that option is the reply button? :).


No, there actually exists an email header to request a notification email to be sent back whenever the original email is read. This header exists since at least the 90s, and for instance Thunderbird has options to both set that header, and to honor that header (sending the notification emails). I vaguely recall that the default, at least when I last configured Thunderbird, was to not add that header, and to ask before sending a notification email.


Oh, that. I completely forgot about it! I always liked it that in the mail clients I've used, this was always voluntary.


Does it work the same for all clients?


For Outlook and Thunderbird yes, I am not sure about the support in Apple Mail and webmail clients.


I believe that rule zero that every developer should follow is "fight for the users". This is a great example of such: Regardless of how useful it can be for certain businesses, the combination of unreliability with the potential for abuse just makes it a net negative experience for the users.

And that it can save their company in the long run means that everyone wins. Or at least I hope so; they're doing the right thing.


> Regardless of how useful it can be for certain businesses

To expound;

It's always easy to justify something for your case; but that doesn't make it ethical.


Oh you've got to be in one of those threads, where Googlers try to defend, how much efforts they put into what they're doing and how they know better about everything, and yet their browser and OS is a privacy nightmare.


Superhuman seems to have encountered this last year and they disabled read receipts by default:

- https://www.theverge.com/2019/7/3/20681655/superhuman-email-... - https://www.theverge.com/2019/7/3/20681655/superhuman-email-...


Email is a fickle technology, what with the state of anti-spam technology and SPF records, and DKIM, etc... The odds of an email going through really aren't as certain as they were 20 years ago!

That said, we use tracking pixels in our support ticket system because we often do have certain clients who simply can't receive email from Zendesk for whatever reason. The read receipt gives us a positive signal that they received it, or conversely if we _don't_ see a read receipt, it's a low quality signal that maybe they didn't receive our response.


Read tracking is a feature of many/most popular chat clients (certainly hangouts, messenger & whatsapp), and anecdotally it seems to be valuable. Of course, everyone would love to see the read status of other people yet be able to control their own read state (there are endless browser extensions promising this for chat apps, a tremendous self compromise vector). Will it ever be possible to offer this in a federated system or will it be limited to the walled gardens?


> everyone would love to see the read status of other people yet be able to control their own read state

This should just be a first-class, front-and-center feature already. Everybody plays this game. It's so stupid.

Just let me skim my messages at midnight without signaling to co-workers that I'm up and that they should feel free to continue bothering me.

Also better that other people do the same to me so I don't keep sitting there like an idiot waiting for a response that isn't going to come.

Remember status messages? Available / away / idle? That you could set manually? Before Google Hangouts decided that everybody who owns a phone should just be green all the time, which EVERY OTHER CHAT APP decided to copy? So fucking stupid.


* Remember status messages? Available / away / idle? That you could set manually?*

Remember AIM away messages that would auto respond to friends with a custom message if you were logged in but AFK or even sitting at keyboard but wanted some quiet?

I miss it.

So much so that I’ve started writing an auto-responder for slack because despite having a “Presence”/Status feature that I use very judiciously (In a Meeting/On a call/Gone to Lunch/PTO) I’ve found-across multiple jobs-people barge right through them, then follow up with emails asking “are you available for a moment?” when I’m really trying and desiring focus (and also because I’m not signing up to someone else’s hosted SaaS service to do this).


Ye ... you quickly forget how good things used to be. Remember talking in voice chat without SaaS anti-echo and -noise filter lag? Or not having everything spam my notice bar in Android so that I miss sms:es and missed calls?

Things are getting out of hand shitty with these adcentered A/B big data UIs.


I adopted a strict need to do policy when it comes to any kind of non-personal communication online. I have zero notifications, I don't open 99% of my email, I just delete them and I certainly don't open anything twice once I'm done with them, I just archive them. I have 12 items in my inbox right now. I also apply this to my phone, and my other desktop stuff. I can live my life more or less like in the '90s. I didn't even know that this feature existed until now because I just annihilate anything that even remotely looks like spam or ad. Another thing I do is I disable javascript on any site where I see anything I don't like (like popups) and if it doesn't work it goes on my personal blocklist and I never see that site again.


Is there a way to always “read” as soon as you receive the email. Then you’ll be hiding in plain sight.


I could never understand how it became so popular to obtrusively track email reading. 70% of the time it works all the time!

You know what, we could prevent maybe like over 75% of all domestic violence by installing surveillance cameras in every home, good idea right?


Thanks for doing this. Love seeing privacy coming up front and center. FYI- if you're using web-based email (e.g. Gmail), a browser extension like PixelBlock will zap most shady trackers. I would love it if there was a Hey-like mobile client for Gmail (and other email providers). It's still hard to block this tracking on mobile.


If you're on Android, FairEmail is worth a look, as a mail client that thinks about privacy. There's blocking of images by default, as well as an option to safely render basic HTML without having to parse full HTML email (if you don't like that). Also has some detection of common tracking parameters or redirect services for hyperlinks, and lets you remove these automatically before visiting a link. Not as shiny as Hey for sure, and a more technically focused email app, but if you want something privacy oriented, it's good and supports IMAP/SMTP nicely. Open source too, which is always nice.

Not affiliated, just a happy user for a few years.


I just go for the bazooka approach and block every single image in my Gmail and only load them on a case-by-case basis. I've been paranoid about email tracking ever since I first saw my father insert a read-receipt via Outlook into a work email sometime in the late 90s or early aughts.


Why would you load them? I have image blocking in Thunderbird since forever and never had a reason to load a single one.


I don't mind emails with actual images, just not trackers masquerading as such. That's why I liked Hey's approach on mobile (with blacklists).


Try using Lockdown for iOS [1] or Blokada for Android [2] to block trackers.

[1] https://lockdownhq.com/

[2] https://blokada.org/


Though this does mean internet RFC822 email doesn't have non repudiation functionality built in.


Hmmm. I wonder if it is legally possible to sue any company/recruiter who sends you emails with a tracking pixel. Since you have not accepted any EULA you can claim surveillance. And depending on the state, if you were not aware of the surveillance it is illegal.

It is stretching an idea, but I want this to happen to stop them.


It's legally possible to sue anyone you want for any reason. So yes, it's very possible.


In Europe, notify the Data Protection officer. They happily apply the 50000 Euro per individual case fine for GDPR violations.


Ugly Email extension[1] can inform and block email tracking pixels on Gmail.

[1]https://uglyemail.com/


Ironically, the Firefox version of this extension requests permissions to inspect all domains, not just Gmail -- indicating that the extension itself may be performing tracking.

I can't tell offhand whether the Chrome version does the same.


I can confirm that in chrome it accesses only gmail.com and in general we can set access permissions to extensions on Chrome[1], for Ugly Email I can see that accessing other domains are disabled by default.

As for Firefox, the reviews seem to tell otherwise, it's not been updated for over 2 years (same for chrome as well).

[1]https://support.google.com/chrome_webstore/answer/2664769?p=...


What about click tracking from email? This is more reliable (server side) and a stronger signal of interest. Of course, you only track clickers and might have false positives if mail clients follow links for some reason but I doubt they do from the data I personally use (Mandrill click tracking). Also, there is a user action which makes tracking a bit less dirty, but still, not opt-in.


One of the so many reasons I use mutt for email. These problems don't exist.


imo the best thing of Hey, the email client from bandcamp, was what seemed like their vendetta against spy pixels and other email tracking


If it only takes "a minimal amount of creativity ... to come up with scenarios where people can misuse read tracking" why did they build the feature in the first place?


GDPR killed read tracking, go EU! Keep flexing as a 27-30 nation bloc! You are built for the 21st century when no other union, regulatory body or country consensus system is!


I wish it was the case, but quite far from it... pretty much all companies that email me keep tracking. I even asked Backblaze —- one of the nicer companies I know —about it[0], but they refused to stop tracking me.

[0] https://blog.gingerlime.com/2020/why-is-backblaze-tracking-m...


report them (or have your EU friends report them) so we get the case law quicker.


Thank you for doing away with this.


[flagged]


Please don't start flamewars on HN. If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and sticking to the rules when posting here, we'd be grateful.

We detached this subthread from https://news.ycombinator.com/item?id=24630925.


Why is marketing a blight?

Netflix is pretty good at getting shows in front of me that I'm likely to like. Unlike generic TV commercials.

Most Spam email is just that, Spam. They don't try to focus on things that might actually be of value to me. It feels like good marketing is finding that would be of value to me and to get it in front of me in a way that is unobtrusive and enables me to take action (eventually at least).


The incentives. Recall that before truth in advertising laws existed snake-oil and magic stones were openly marketed as being working cures for disease. The pure drive of marketing is profit, not the benefit of the end user. (Ultra-orthodox capitalists will say that you can't have one without the other, of course). There is no handbook of marketing ethics that says things like "don't make people afraid" or "don't sell to people who already spend more than they make" or "don't intrude where you're not wanted." It is an industry bereft of moral compass. Not because the individuals lack a conscience, but because the incentives all point them due profit.

Edit: Here's a fun timeline about the history of truth in advertising for the curious

https://www.truthinadvertising.org/timeline/


[dead]


[flagged]


[flagged]


[flagged]


[flagged]


[flagged]


[flagged]


You’re right, that’s a silly comparison.

Human traffickers don’t try to pretend that what they’re doing is ok.


Make a living spying on people, then smugly talk down to them when they don't appreciate being spied on.

The only one attacking strangers online is the marketer who feels entitled to my data without my consent.


Please don't take HN threads further into flamewar. It's nasty and tedious.

https://news.ycombinator.com/newsguidelines.html


[flagged]


Please don't take HN threads further into flamewar. It's nasty and tedious.

https://news.ycombinator.com/newsguidelines.html


Marketing guy here.

75%-80% open rate for many of my campaigns tells me the title is misleading, those pixels are firing in all the major providers.

Putting people in email/SMS funnels based on which emails they read is ENOURMOUSLY beneficial to my clients.

This is something that's really very basic.

Client Sells Widgets. He sends 3 emails to email base on small widgets, green widgets and cheap widgets.

If the client opens one of these but not the other, does it not make sense to send further information that is relevant to their interest? I mean, if they open the green widgets email on my funnel, they will be getting A LOT MORE green widget emails because they will be moved from funnel to funnel based on their activity or lack thereof.

Good email tracking is part of good marketing. Something I do see commonly is tech founders looking down on marketing. This leads to low budgets and attracting low quality candidates. Modern marketing tools are like machine guns. And most marketing people are like chimps. So that's why you see silly emails like 'I see you are opening my email, why don't you answer' - which is insane from a marketing point of view, why creep people out? So silly.

Good open rate data gathering results in you not knowing that it's being tracked. You simply get more targeted stuff and less stuff that is outside your interest.

Back in 01 when I started in digital marketing, good attribution of sales and marketing was something people spent 7 digits creating custom solutions. Now we can string a few SAAS providers together and get amazing details. It just needs to be set up intelligently.

Having said all of this: of course I don't allow images to display by default on my email provider. But I'm privacy minded and most people aren't. Which is fine, the world is diverse and that's a good thing. I love choice.


> Good open rate data gathering results in you not knowing that it's being tracked

At some level you know that people react badly when they know they're being tracked, so it's important to help ensure they are not aware of the tracking.

> Having said all of this: of course I don't allow images to display by default on my email provider. But I'm privacy minded and most people aren't. Which is fine, the world is diverse and that's a good thing. I love choice.

You don't like being tracked. You make a living tracking others, or helping others to do so. You think it's important to not let people discover that they're being tracked. Then you rationalize it as people making the "choice" to be tracked.

There may be an internally consistent case to be made that this is above board and ethical, but you haven't made it.


[flagged]


> The reason I don't mention "I see you are opening my emails" is because it makes people uncomfortable.

Oh, you're so close.

Why does it make them uncomfortable when you mention it?

----

> How dare you sir levy false accusations against me. I NEVER said that. Please don't spread lies about me.

Two comments ago:

> So that's why you see silly emails like 'I see you are opening my email, why don't you answer' - which is insane from a marketing point of view, why creep people out? So silly. Good open rate data gathering results in you not knowing that it's being tracked.


not let people discover that they're being tracked. != not actively disclosing.

One is actively hiding. The other is not actively revealing. The fact that you are pretending they are the same makes me feel you aren't arguing in good faith. You are intelligent enough to understand this without me having to highlight it, twice.


You are similarly intelligent enough to understand that the actual person reading your email doesn't care about the distinction you're making.

If you go to someone and say, "don't worry, I didn't deceive you, I just profited off of your already existing ignorance", they're not going to be happy with that answer. Either you have their informed consent, or you don't.

To repeat, why does it make your customers uncomfortable to discover that they're being tracked?


[flagged]


> The disclosure is there and Snowden made sure no one can declare themselves uninformed.

I don't think I need to offer additional commentary on that claim, I think it kind of speaks for itself.

> I'm not a big player, I don't make the rules, I play within them. Don't like the rules? Work on getting them changed. Don't like my funnels? Don't sign up.

But at least on this one point, both of us seem to be completely agreed.

The advertising industry is incapable of self-regulation, and there's no point in companies like Apple, Mozilla, DuckDuckGo, or Fastmail having a 'dialog' over blocking 3rd-party cookies, auto-denying permission prompts, blocking device IDs, and caching assets serverside in emails.

They just need to push their privacy changes and stop pretending that the advertising industry is interested in holding itself to a responsible standard. There is no realistic scenario where tracking mechanisms are left open and marketers commit to only using them responsibly.

This was Apple's mistake a few weeks ago with device IDs, where they backpedaled just because Facebook was angry. Platforms can't negotiate with advertisers, they just have to change the rules and let them complain.

Ultimately, the conversation we've had here hasn't boiled down to some kind of philosophical disagreement about the nature of privacy or how different concerns should be balanced, your position is just that you're going to do anything you're legally allowed to do, and if anyone feels violated by that, it's their fault for not stopping you.

That's not a philosophy that's worth negotiating or debating with.


The problem is consent. People think of email like regular mail. They don't understand that you're able to track them every time they open a message. The reason people are creeped out by "I see you are opening my email" is because the tracking itself is unexpected and unwanted.


I support organizations like EPIC and EFF. I tell people all the time in my life to support causes like these and get made fun of.

> The reason people are creeped out by "I see you are opening my email" is because the tracking itself is unexpected and unwanted

Yes, but there's no reason to be, tracking is well known for anyone who wants to know it. A google search is not a high barrier to obtaining information. And it's not my clients obligation to inform the public. You can make a case that schools should teach this. That public officials should spread it. That non profits promote it. That the media should mention it more.

To argue that my client producing widgets is not disclosing it further than they already do in the Privacy policy, in the disclaimers in emails and in their terms and conditions... is IMO unreasonable.

The reason I don't mention "I see you are opening my emails" is because it makes people uncomfortable. Which is why this topic isn't in the news. To blame a small business owner producing quality widgets and their marketing guys for the society we create jointly is immature at best.

I do my part on my dime and my time. I'm not going to feel guilty or apologize for providing value to businesses that provide value. I live and work within the constrains of the real world and actively try to make those constrains better. I don't think it's reasonable to expect more of people.


> The reason I don't mention "I see you are opening my emails" is because it makes people uncomfortable.

So you do acknowledge that it is creepy and undesired, and your solution instead of not doing it is just to not mention it but do it anyway. Classy.

> To blame a small business owner producing quality widgets and their marketing guys for the society we create jointly is immature at best.

We're not doing that jointly buddy. You are the one doing it and you only get away with it by trying to hide it as you mentioned just above.


> So you do acknowledge that it is creepy and undesired, and your solution instead of not doing it is just to not mention it but do it anyway. Classy

My solution is to use standard industry practices while supporting non profits and politics that improve the overall ecosystem.

It's what adults do. But I guess attacking strangers on the internet is where true class comes from?

> We're not doing that jointly buddy. You are the one doing it and you only get away with it by trying to hide it as you mentioned just above.

The only reason I'm doing it is because it's industry standard practice and it works. You can't bring a knife to a gun fight. Acting like that can happen just shows me you aren't well engaged with the real world. Insinuating my small business clients should not segment email audiences while their competitors do it is just unrealistic and disconnected from how the world operates.

Real world people who actually care about privacy and not grandstanding or throwing rocks in an effort to virtue signal... they actually sign up at EPIC and EFF and contact senators and congressman about specific privacy legislation. At least that's what I do to improve the situation. What do you do that I should be doing to improve our situation in relationship to privacy?


>And it's not my clients obligation to inform the public.

This is why people don't like marketers.


What if I don’t think Mr. Marketer has a god given right to help me receive more relevant emails, and I would like a way to indicate that preference to my mail client which downloads emails on my behalf from a mail server I pay good money for? How does the current email tracking infrastructure facilitate this preference? What actual choice do users have in this matter today?

Until we actually figure out these questions outside of layering hacks (i.e. “block image subresources entirely”), it seems like we should definitely put a pause on the whole effort.


You're missing the point. Tracking gives you numbers, but they are not accurate numbers. Your clients think they're beneficial because they don't know the numbers aren't accurate. Building funnels on top of bad data is not impressive.


All data is inaccurate to some degree. This is not new.

There are ways to mitigate false positives, and many of the best SAAS work tirelessly to constantly incorporate every new update and every new technique to try and correct data to make it as clean as possible. The techniques are many and I'm generally not on the cutting edge of that particular niche. But I know people who are.

And it only has to be accurate enough to be profitable.

If I get it right 80% of the time and increase CLV by 30% while increasing marketing costs by a small amount, that's an objective win.

We're not sending people to Mars. And even then, every measurement has a margin of error. It's the inherent nature of measurements.


> 75%-80% open rate for many of my campaigns

You don’t actually ever have anything close to that. The big marketing automation platforms apply “correction factors” because most mail clients block images by default.

Create a seed list of 100 emails you control, make sure you open exactly one of your test emails, and watch your “marketing automation” tool lie to you when it comes to open rates.


> which is insane from a marketing point of view, why creep people out

It's just as creepy even if you don't send the dumb email followup.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: