Your inbox is full of spyware-riddled emails that are both potentially very harmful to you and also very easy to disable

It is routine for companies — and even individuals — to send emails with "beacons," transparent, tiny images that have to be fetched from a server. Through these beacons, companies can tell whether you've opened an email, whom you've forwarded it to, and even your location from moment to moment.


The embedding of full-fledged HTML renderers in email and the growth of browser-based email clients mean that the tracking can also be effected through downloadable fonts or other elements — anything that triggers loading a unique, per-recipient URL from a surveillance marketing company's server.

The surveillance adoption curve means that these techniques have moved from marketing and hackers to individuals, and one analyst's report estimates that 19% of "conversational" email contains trackers.

Wired's Brian Merchant interviewed a "content marketing pro" who said that "it will be a matter of time before either everyone uses them or major email providers block them entirely."

The depth of tracking is especially grave when you're on a mobile device that has apps for social media platforms installed on it: links to Facebook and Twitter don't get pulled through the browser on these device, but through the apps, which hemorrhage unstoppable gouts of your personal information when they communicate with the companies' servers.

Which isn't to say that plain old email tracking isn't also getting more terrible by the second. Individuals may now have widespread access to the kinds of primitive trackers that surveillance marketing companies used a decade ago, but those companies now have even more invasive tools — 85% of email form the web's 14,000 most popular service use trackers, and 30% leak your personal information to third parties when you open their messages.


If you don't want to be tracked when your read email, you can turn off loading external URLs in your email client; browser-based email users can use anti-tracking browser plug-ins like Ugly Mail, PixelBlock and Senders.


Scherck, the marketing consultant, thinks that Google could up and kill email tracking altogether. “I do think public opinion could turn on email tracking, especially if Gmail started alerting users to tracking by default inside of Gmail with pop ups, or some native version of Ugly Email,” he says. “Just look at how consumers have turned on Facebook for their advertising. People absolutely hated that Uber was buying data on who was using Lyft from Unroll.me.” It would only take a strong enough nudge. “Most consumers don’t understand just how much information they are giving up,” he says.

If Google and the other big tech firms won’t budge, though, Seroussi believes the problem is serious enough to warrant government intervention. “If the big companies don’t want to do something about it, there should be a law defining certain kinds of tracking,” he says. And if nothing is done at all, Seroussi thinks it’s only a matter of time before email tracking is used for malign purposes, potentially in a very public way. “I always wonder when a big story is going to come out and say that people broke into a house because they used email trackers to know the victims were out of town,” he says. “It’s probably already happened.”


How Email Open Tracking Quietly Took Over the Web [Brian Merchant/Wired]