Foiling Electronic Snoops in Email

His misgivings were sparked late one night last year when he opened a message from an entrepreneur who was asking him to invest in a start-up. Minutes later, Mr. Seroussi's cellphone rang with a call from the same start-up executive.

Coincidence? Not to Mr. Seroussi. "What are the odds that at 10:30 at night, a guy suddenly has a vision that I'm reading his email?" he said. "They must know something that I don't."

It turned out that the start-up executive had planted a tracking mechanism into his message to Mr. Seroussi, a trend that is increasingly afflicting all of our email. Trackers, which come in many forms including a single invisible pixel inserted into an email or the hyperlinks embedded inside a message, are frequently being used to detect when someone opens a message and even where that person is when the email is opened. By some estimates, trackers are now used in as much as 60 percent of all sent emails.

The trackers are traditionally offered by email marketing services like GetResponse and MailChimp. They have a legitimate use: to help commercial entities send messages tailored for specific types of customers. The New York Times, too, uses email trackers in its newsletters. The Electronic Frontier Foundation, a nonprofit that focuses on digital rights, estimates that practically every marketing email now contains some form of a tracker.

Yet, the prevalence of these trackers raises consumer questions. Because trackers are invisible, many people are unaware of them and have no inkling of how to dodge them. "It's definitely a privacy concern," said Cooper Quintin, a technologist and privacy advocate for the Electronic Frontier Foundation. "There's no mechanism for people to opt out."

A basic method for thwarting some email trackers involves disabling emails from automatically loading images, including invisible tracking pixels. But that doesn't defeat all trackers, which are also hiding in other places like fonts and web links.

I recently put a handful of free email tracking services and tracker detectors to the test to assess whether there was a viable method for identifying and removing the invisible snoopers. I tried the trackers and detectors on the most popular email service, Gmail.

My conclusions aren't heartening. I found that the available solutions for combating trackers were far from ideal. Some failed to ferret out many trackers, while others required major trade-offs.

I began by testing the email trackers themselves. One was MailTrack, which is a plug-in for Google's Chrome browser that can quickly insert a hidden tracking pixel into a message. Setting it up is simple. You install the plug-in and enable a Google mail account to use the service. After typing an email, you hit a double check mark icon to embed the invisible tracker. When the recipient opens the email, you receive a notification and an email alerting you that the message has been opened.

Advertisement

Continue reading the main story

I also tried a better-known email marketing service, MailChimp, which includes tracking as part of a suite of features. The service is tailored for small businesses to compose and send email campaigns for their products. The company says its trackers can see when specific recipients open email and also pull data on where they are and what devices they are using.

"People want to be spoken to as a snowflake, an individual," Eric Muntz, MailChimp's vice president for product, said in an interview. "Our tools help our users talk to their customers in a very specific way."

In my experiment, I was able to create an email newsletter on MailChimp in 10 minutes with trackers embedded into the email itself, as well as inside buttons for sharing on social media and buying an item. After I sent the newsletter to myself, MailChimp showed when I opened the email and that I clicked on all the buttons. It also showed that I opened the message in the United States, though it could not pinpoint my precise location.

I then tried two tracking detectors that aim to help people identify whether the trackers have invaded your messages. One is called Ugly Email and the other is Trackbuster, a company that Mr. Seroussi founded last year after receiving the suspiciously well-timed email from the start-up.

Ugly Email works as a Gmail plug-in. When a tracker is detected, it shows the icon of an eyeball in the subject line to alert you that a tracker is hidden inside the email. The software notified me about some marketing emails containing trackers, including trackers from MailChimp. But after I sent myself test emails with trackers using MailTrack, Ugly Email failed to flag those.

Sonny Tulyaganov, the web engineer who created Ugly Email, said he manually added different email tracking pixels to a list for his detector to look for them. He added MailTrack after I shared my test results. But Mr. Tulyaganov said Ugly Email was a hobby project and was not a fully staffed organization with the resources to catch every new mail tracker.

Trackbuster was more thorough, though it also wasn't ideal. The service, which works with Gmail, connects with your inbox, scans all your messages for trackers in a temporary folder and purges trackers before spitting the scrubbed messages back into your inbox. Trackbuster also sends weekly reports on the number of emails it found to have trackers.

In testing the service over two weeks on my work email account, I learned that about 280 of my 1,400 emails, or 20 percent — including many from public relations professionals pitching me their products — contained hidden trackers. (I deleted their emails without opening them.)

But there is a major trade-off with Trackbuster. You have to grant the app access to your messages. The start-up's privacy policy says it won't store your emails and it won't read them except in cases where a user requests technical support or to comply with laws. But that is a big leap of faith for a consumer to take, especially for a young and relatively unknown company.

What responsibility do email providers like Alphabet's Google have in all of this? In a statement, Google said that for two years, it has taken steps to prevent users from having their locations, browsers, devices or apps tracked through emails.

For example, when you read email on Gmail.com or the official Google Mail apps for iPhone or Android, images are intercepted and rewritten on a server between the sender and the recipient. That makes it impossible for the sender to receive detailed information like the recipient's location, device or app used.

"Since we launched Gmail we've worked to make it the most secure email service available," the company said in a statement.

Some privacy advocates have gotten enterprising about circumventing email trackers. Mr. Quintin of the Electronic Frontier Foundation says he sets up his devices to dodge the trackers in two ways. Inside Gmail.com, there is a setting that requires Gmail to ask for your permission before displaying images in an email. Clicking "no" to that request will prevent images, including invisible tracking pixels, from loading.

For another, he sets up his email apps — the desktop client Thunderbird and the Android app K-9 Mail — to disable HTML, the standard web language that trackers use to ping external servers. That can prevent the loading of other components, like fonts, that contain tracking code, according to Mr. Quintin.

Those two solutions combined aren't foolproof against trackers. If you visit any web links inside an email, chances are that they will still detect that you clicked on them. Taking these steps also makes it likely that your emails end up looking ugly.

I opted to disable Trackbuster because of the sensitivity of my work emails. I also turned off Ugly Email because it did not appear to detect many trackers. Then I heeded some of Mr. Quintin's advice and configured Gmail to ask for permission before loading an image, and I also set up the iPhone's built-in mail app to prevent images from loading automatically.

It's not perfect, but it was the best I could do without ruining my email experience.