In February 2021, the BBC reported that spy pixels in emails had become endemic, and most people are oblivious to the tiny trackers. Used primarily by marketing companies, tracking pixels represents a gross invasion of a person’s privacy. Yet, despite the recent toughening of privacy legislation, little has been done to reign in the practice leaving it up to the individual to look for their own solutions. Spy pixels are a key tool in understanding email engagement, but they raise privacy concerns. To navigate this complexity, businesses need a strong first party data strategy that balances valuable insights with ethical data collection practices. This strategy should prioritize transparency about tracking methods and offer clear opt-out options for recipients, fostering trust and responsible data usage.v

What Are Spy Pixels?

Spy pixels are usually a GIF or PNG picture that is inserted into the email and automatically downloads when an email is received. Often they are as small as one pixel by ône pixel and hidden in the header, body, or footer of the email as html code. Because the picture is so small, it is typically invisible to the naked eye.

There is no need for the email recipient to click on the link; the pixel trackers will be activated when the email is opened and automatically send information to the sender. Similar to read receipts, the sender will know exactly when you’ve read the email. The practice is widespread in the marketing industry, with some of the biggest companies globally using this email tracking practice. This includes the likes of British Airways, Unilever, Vodafone, HSBC, and the BBC.

What Do Spy Pixels Track?

Data obtained by the trackers include if and when the email was opened, the number of times it was opened, the devices it was opened on, the email client it was opened with, and location information based on the IP address. However, a concerning trend has developed whereby the spy pixel links to the recipient’s cookies, tying the email address to the browsing history.

Why Do Companies Track Emails?

Marketing is all about reaching the target audience and tracking open rates when companies send you an email. By tracking these metrics, marketers can monitor whether a particular email campaign is resonating with the audience. In addition, it provides information that will inform feature campaigns.

The trend toward embedding these web beacons and cookies provides vital data on consumer habits. Moreover, as different tracking pixel images can be used to distinguish different consumers or consumer groups, this practice has the potential to allow marketers to develop very specific profiles of consumers just by knowing when they open the message.

Is This Legal?

Most legislation, such as the General Data Protection Regulation and the California Consumer Privacy Act, consumers should be informed of these pixels, and unambiguous consent should be obtained. Unfortunately, in reality, this is not happening, placing a number of major companies in breach of the law.

There has been an argument made that most of the companies utilizing these trackers have disclosed the practice in their privacy notice, bringing the practice within the legislation. This is incorrect. Recent laws, such as those mentioned above, require explicit consent.

Marketers are largely unrepentant, appearing to adopt a “strength in numbers” type defense and pointing to the widespread use in the email marketing industry. Others have defended themselves on the basis they do not share the information externally. The reality is neither position is credible.

Unfortunately, there seems little chance of enforcement action being taken against the culprits, and as such, it appears the practice will go unchecked, at least at the current time. This means it is up to individual users to employ tactics to prevent their data from being shared.

Protecting Yourself From Spy Pixels

One of the main reasons that spy pixels have been so successful is through a lack of awareness. However, once consumers become aware of spy pixels, they can prevent them from becoming an issue in several ways. If you are not using Thexyz for email, here are some other ways to stop tracking with spy pixels.

Image Blocking Software

Many private email providers now offer image-blocking abilities within their email hosting plans. The user will typically have the option of turning the feature on or off. Image-blocking software will typically be incorporated into the app or program and controlled through the settings or preference panel, as it is with Thexyz.

Alternatively, image-blocking capabilities may be provided in the form of an extension. The most popular Chrome extensions include PixelBlocker and Email Privacy Protector. Many of these browser extensions will also notify the user of the emails that contain spy pixels.

Unfortunately, image-blocking software may prevent remote images contained in the email from loading as well. To overcome this issue, most image-blocking software includes an option within the email that enables the remote loading of images for a specific email.

Ways to Avoid Detection

As consumers became aware of the issue and started looking for and employing solutions to stop companies from exploiting spy pixels, those using spy pixels also upped the ante and looked for ways to avoid detection.

Some of the most common ways companies avoid spy pixels from being detected include:

  • Not setting the height and width attributes of the spy pixel. This will cause it to register as an open image, which means blockers can’t use size to determine if an image should be blocked.
  • Removing query parameters from the image, so it looks like every other image.
  • Encrypting the parameters of spy pixels, so they are different lengths making detection harder.

Be Aware

Treat links to external websites contained in emails with extreme caution. Only click on those links if you are happy with the sender, knowing that the email has been opened.

Protecting Yourself

Some of the ways that you can protect yourself and reduce the likelihood of being tracked with spy pixels include:

  • Unsubscribing from mailing lists, you are no longer interested in.
  • Getting rid of spam
  • Using an email alias so it is easier to block certain companies

Thexyz Image Blocking

At Thexyz, we take privacy seriously and believe individuals should have a choice whether their information is sent to a marketer. It should never be sent without permission. As a result, we have implemented protection that will stop external image tracking in webmail. You will not see any images by default, unless you specify otherwise.

Image blocking

When using Thexyz, email users are given the option of whether or not they want to use the image-blocking feature. Image blocking is set to on by default.

If you would like to know more about Thexyz and the private email service they offer, check out our secure and private email services today.