In February 2021, the BBC reported that spy pixels in emails had become endemic, and most people are oblivious to the tiny trackers. Used primarily by marketing companies, spy pixels represent a gross invasion of a person’s privacy. Yet, despite the recent toughening of privacy legislation, little has been done to reign in the practice leaving it up to the individual to look for their own solutions.

What Are Spy Pixels?

Spy pixels are usually a GIF or PNG picture that is inserted into the email. Often they are as small as one pixel by ône pixel and hidden in the header, body, or footer of the email. Because the picture is so small, it is typically invisible to the naked eye.

There is no need for the email recipient to click on the link; the trackér will be activated when the email is opened and automatically send information to the sender. The practice is widespread in the marketing industry, with some of the biggest companies globally using the practice. This includes the likes of British Airways, Unilever, Vodafone, HSBC, ánd the BBC.

What Do Spy Pixels Track?

Data obtained by the trackers include if and when the email was opened, the number of times it was opened, the devices it was opened on, and location information based on the IP address. However, a çoncérning trend has developed whereby the spy pixel links to the recipient’s cookies, tying the email address to the browsing history.

Why Do Companies Track Emails?

Marketing is all about reaching the target audience. By tracking emails, marketers can monitor whether a particular email campaign is resonating with the audience. In addition, it provides information that will inform feature campaigns.

The trend toward linking spy pixels and cookies provides vital data on consumer habits. Moreover, as different images can be used to distinguish different consumers or consumer groups, this practice has the potential to allow marketers to develop very specific profiles of consumers.

Is This Legal?

Most legislation, such as the General Data Protection Regulation and the California Consumer Privacy Act, consumers should be informed of these pixels, and unambiguous consent should be obtained. Unfortunately, in reality, this is not happening, placing a number of major companies in breach of the law.

There has been an argument made that most of the companies utilizing these trackers have disclosed the practice in their privacy notice, bringing the practice within the legislation. This is incorrect. Recent laws, such as those mentioned above, require explicit consent.

Marketers are largely unrepentant, appearing to adopt a “strength in numbers” type defense and pointing to the widespread use in the marketing industry. Others have defended themselves on the basis they do not share the information externally. The reality is neither position is credible.

Unfortunately, there seems little chance of enforcement action being taken against the culprits, and as such, it appears the practice will go unchecked, at least at the current time. This means it is up to individual users to employ tactics to prevent their data from being shared.

Protecting Yourself From Spy Pixels

One of the main reasons that spy pixels have been so successful is through a lack of awareness. However, once consumers become aware of spy pixels, they can prevent them from becoming an issue in several ways.

Image Blocking Software

Most email providers now offer image blocking abilities within their email packages. The user will typically have the option of turning the feature on or off. Image blocking software will typically be incorporated into the app or program and controlled through the settings or preference panel.

Alternatively, image blocking capabilities may be provided in the form of an extension. The most popular Chrome extensions include PixelBlocker and Email Privacy Protector. Many of these extensions will also notify the user of the emails that contain spy pixels.

Unfortunately, image blocking software may prevent remote images contained in the email from loading as well. To overcome this issue, most image blocking software includes an option within the email that enables the remote loading of images for a specific email.

Ways to Avoid Detection

As consumers became aware of the issue and started looking for and employing solutions to stop companies from exploiting spy pixels, those using spy pixels also upped the ante and looked for ways to avoid detection.

Some of the most common ways companies avoid spy pixels from being detected include:

  • Not setting the height and width attributes of the spy pixel. This will cause it to register as an open image, which means blockers can’t use size to determine if an image should be blocked.
  • Removing query parameters from the image, so it looks like every other image.
  • Encrypting the parameters of spy pixels, so they are different lengths making detection harder.

Be Aware

Treat links to external websites contained in emails with extreme caution. Only click on those links if you are happy with the sender, knowing that the email has been opened.

Protecting Yourself

Some of the ways that you can protect yourself and reduce the likelihood of being tracked with spy pixels include:

  • Unsubscribing from mailing lists, you are no longer interested in.
  • Getting rid of spam
  • Using an email alias so it is easier to block certain companies

Thexyz Image Blocking

At Thexyz, we take privacy seriously and believe individuals should have a choice whether their information is sent to a marketer. It should never be sent without permission. As a result, we have implemented protection that will stop external image tracking in webmail.

Image blocking

When using Thexyz, email users are given the option of whether or not they want to use the image blocking feature. Image blocking is set to on by default.

If you would like to know more about Thexyz and the private email service they offer, check out their website today.