I don’t load remote images by default, so this already doesn’t work for me. However, basically every mail platform creates tailored links to track click engagement. So you’re screwed anyway, just maybe a little later.
Yep, even financial institutions do this and half of them don’t even use domains they own for the tracking links.
Years and years of “don’t click on suspicious links” out the window because bank.example.com/creditcard is turned into 4828fjfneo848.totallyfine.adtracker.thirdparty.example.org
I hate all of it but nobody seems to give a shit (nor do they care to implement proper 2FA to effectively guard against phishing) so whatever. If people have their accounts drained because marketers gotta get that sweet engagement metric, what does it matter any more?
And I can't actually read it.
This sucks when the link is a one-time-use only code.
To be honest the original process we had maybe wasn't 100% perfect - users can double click links for example, and would see a message that the link had "expired". So from a UX perspective we maybe should've had the extra confirmation step before activation/reset to begin with. But I'm in two minds over email providers following all the links in your emails, it feels a bit creepy
Isn't that pretty much the definition of "confirming your email address" transactional emails? Wouldn't really call this "sneaky".
However, the absence of a bounce probably also does that, albeit less reliably.
Those are meant to load a page with a confirmation form that makes a POST request. The GET link can still expire over time, but must never be expired from a GET request: you never know when a link preview bot is going to follow links.
That's got be by design.
I hope this will change. More companies need to make some noise about it.
I got an email from my bank (Barclays) a couple of months ago that literally took me several minutes to determine whether or not it was a phishing email.
It wasn't, but it used badly compressed jpegs for the Barclays logo and the call-to-action button, the link attached to the button had no verifiable connection to Barclays, and for some reason it used backticks instead of apostrophes in the copy.
When I finally did click the link I was half expecting to be taken to a page saying "you moron, this is obviously a scam" in 96pt font.
Rule of thumb: never click on the link.
Proper MFA, like U2F/FIDO2/whatever-it-is-called-today, will protect against phishing because the visited site won't match the hash needed to complete the second-factor-auth-flow.
The more often subscribers open + click a link, the more likely the mail server will let it in the inbox.
If you blast 10,000 emails, and noone clicks or engages with your email - you'll kill your domain's delivery rate.
One of the methods email marketers use to keep their email delivery rates high is by removing subscribers that don't engage with their email.
Preventing email tracking prevents marketers from removing uninterested or unengaged subscribers from their lists.
Email marketers can still track when a user clicks a link, which is the proper signal for them to be using anyways.
Given that AFAIK Apple Mail downloads entire messages regardless of whether they're opened, Apple's change here doesn't seem likely to affect delivery rates in this way anyway.
If you use IMAP (or basically anything else than POP) then your email client reports the read status back to the server.
Also an IMAP server's read status doesn't mean someone manually interacted with an e-mail. If you mark messages as read in bulk, even if the provider reported that status to an advertiser, says nothing about engagement.
Even MS Outlook.
(I use email software that is not even capable of HTML email, and I don't want HTML email.)
it also suffered as a discussion medium because of the decentralized unauthenticated measure, for sure - I don’t think the global hierarchy would have done much better than it did.
But two companies I was consulting for around 2000 had very effective NNTP internal servers, and both switched them off around the same time because Outlook didn’t support them (Outlook Express did, but that’s not helpful)
One just went the “reply all” route. One used a mailing list (majordomo, iirc). Neither worked remotely as well as NNTP did.
You could use a mailing list and/or web forum with the same messages as the NNTP. I have my own NNTP server software with partial implementation of a web forum but none of a mailing list yet; I would hope to fix this. Other software might already do this, I don't know. (I know there are programs that can duplicate the messages and make them available, but I don't know if there are those that will use the same message database for all three and/or that will use NNTP as the "main format".)
Synchronet might be able to do it; I know it has many functions, including Telnet, NNTP, email, IRC, FidoNet, HTTP(S), SSH, Gopher, PETSCII, etc. There is a web forum too. (As far as I know, it doesn't have Gemini yet.) However, Synchronet is a complicated software, and is designed for a BBS and might not be what you wanted, so having other software can be good if a BBS is not the kind of service you intended to run, I think.
Gmane did bidirectional nntp to mailing-list in 2002; But there's a mismatch, both technical and cultural, with these gateways.
Also, in an internal system, the IT department has to be willing to support them, and they weren't in my cases.
It's now water under the bridge. NNTP is essentially dead except for legally questionable video distribution.
E.g. why would Fastmail have any metrics on how their users interact with the mail they receive?
I see everybody calling out that one should keep a clean subscriber list (e.g. only keep engaged users) but I fail to see this is relevant to the actual mail acceptance/inbox delivery.
Or are you saying you want to read it, but take no related actions on it?
I would absolutely love to be automatically unsubscribed from everything I don't engage with.
I get tons of kinda-sorta-legit marketing emails due to a very old generic gmail address, and people being bad (or lazy) at entering addresses everywhere.
(Also tons of actual email meant for other people, but that's another story)
Good newsletters often have lots of valuable content in the email. Sometimes there are interesting links, sometimes there aren't. If I don't want it anymore I'll unsubscribe.
It feels a lot like why we can't have nice things. If people just hit "Spam" instead of unsubscribing than this overly-cautious defense of senders becomes necessary. Luckily GMail at least has started pushing the unsubscribe feature somewhat, so maybe that will help out. But for now I am being punished because a lot of people mark things that they asked for as spam.
I don't really mind someone knowing I opened an email, just like I'm fine with a website knowing I visited (say using plausible.io rather than google analytics). I get that that's useful to them for non-nefarious reasons.
The reason businesses don't rely on them is supposedly because "too many users disabled or rejected them during the past decade".
Even MS Outlook lets end users decline to send read receipts. There's probably some awful group policy system to force it, though.
<img src="https://example.com/cd726f02-d2f4-4c0e-a717-e69044180c59.gif" height="1" width="1">
The image filename is a UUID. The UUID is of course unique for each email sent, but the Web server is configured to serve the same image for any given UUID (after recording the UUID as an "open" into a database).
There isn't a way for an email client to be certain that the image is or isn't a tracking pixel.
Right, but I don't mind if companies I'm actually doing business with track my engagement. For newsletters I've actually signed up for, clicking the "load remote images" and/or on personalized links helps them with their business model, so why not? If I don't trust them with the data, I probably wouldn't sign up for their list anyway.
I'm more worried about randomly being tracked by who knows what person or organization. With the "don't load remote content by default", I have control over when and how I get measured.
That doesn’t threaten email newsletters that are legitimate and of interest to real subscribers. Communication should never rely on espionage tactics even for the sake of metrics. Forgo monitoring people, customers, or would-be customers, and save a ton of time as a result.
Marketing experts will start talking about how two ways conversation is the ultimate email strategy that works. Send a non-tracked email, let them hit reply. Brands and consumers, united in conversation, finally. That is as horizontal as it gets.
Also, a sizeable chunk of people refuse to click unsubscribe links and instead hit the spam button. This can be a sensible response, as a lot of spam senders ignore unsubscribe. But it is also hard for legit newsletters.
So what is the best practice? Pruning your list of people who never open it. This improves open rates, makes gmail like you, and unsubscribes people who already would prefer not to read your letter.
Now it will be much harder to know who is inactive so you’ll end up sending more mail to people who don’t want it. And no double opt in doesn’t solve this.
There are other ways around the problem, but you seem to be in complete ignorance of what newsletter senders use tracking for.
Open rates also let you diagnose deliverability issues.
I’ve had to deal with customers angry they did not get emails they wanted, and we tracked it back to a security service at their employer that auto-clicks all email links to check them. We had to add a confirm step to unsubscribe to keep it from happening. We’re B2B and I suspect it’s a much bigger issue than B2C because so many companies run custom email setups.
There's always the chance that they use a browser's user agent to disguise themselves but that should be easy to check.
I’ve even done it myself on occasion when I’m pretty sure I HAVE unsubscribed but I keep getting mail (from things I likely signed up for)
It happens. You have people in this thread explaining they hit the spam button when unsubscribe has a confirm step, even if they know they signed up.
There has also been long-standing advice not to hit unsubscribe on spam because all it does is confirm you’re there. A surprising number of people think that means never hit unsubscribe links at all, even in things you signed up for.
This is also not a user problem.
I admit I haven't managed a newsletter, but if I would either sign up people that don't want to either through lying or dark patters, or make it hard for them to unsubscribe, meaning any step other than link click (and maybe a yes/no confirmation), then I don't expect not to be treated as spam.
It’s to solve a particular user problem.
If you indeed meant a simple "Yes I'm sure" confirmation button, then I agree.
We’re talking about newsletters that only add people who sign up after a double opt in. We still have to manage this user behaviour.
Proactive pruning is the best tool that exists now. So we’ll have to figure out something new. One likely result is more paid newsletters and more moves to centralized platforms like substack which can deal with this.
I was paying attention, I was commenting on specifically:
> they hit the spam button when unsubscribe has a confirm step
Even if I've signed up for a newsletter, if I have to jump through (varying degrees) of hoops to unsubscribe, you are spam.
Where "required signup" may simply mean missing the tiny checked-by-default "don't not subscribe me" checkbox.
I have zero sympathy for complaints about marking "legitimate" newsletters as spam, when many of their ideas of "signed up" involve not unchecking a checkbox during a transaction. If you can't get someone to knowingly and enthusiastically agree to receive your newsletter, without any kind of subterfuge or dark pattern, it deserves to get marked as spam and end up in people's spam folders.
That’s the deal you made. Don’t get pissed if they keep their end of the bargain.
> workflow may be something like 1. Free music 2. required signup for band newsletter 3. Why am I receiving this newsletter? 4. Mark as spam
So as I said, the deal is clear: Free music in return for signing up for the band’s email list. Don’t get pissed at the band for holding up their end of the deal and putting you on their email list.
And if the deal is "free music! Also, check this clearly identified box that's currently not checked if you want to subscribe to our newsletter", that's also a legitimate subscription; some people will still mark that as spam, and that's just something newsletters have to deal with, but I have marginally more sympathy for that case because spammers have somewhat ruined the concept of expecting reasonable unsubscribe links in unexpected mail.
But if the deal is "free music! (well-hidden fine print: leave this box checked to subscribe to our newsletter)", and someone misses unchecking the box, that's spam, and it should get marked as spam, and that newsletter should have serious deliverability problems; that's spam filtering working exactly as it should work.
People will mark spam as spam, but they also have no hesitation about marking legitimate bulk e-mail they willingly signed up for but are no longer interested in as spam as well.
It is spam unless they signup because they want the actual newsletter.
To me this seems like the only actual negative impact could be on LE, who sometimes use this technology to find missing persons.
Edit: I was wrong, upon further reading they do get the images for every email, even ones that weren't opened. Seems wasteful (the majority of my email never gets opened), but it's a great implementation. Guess it's time to give Apple Mail another try.
The problem is, the same tactics that they want to use, that I might put up with for a slightly-trusted sender, are used by spammers for mostly the same reasons.
And I am not willing to put up with the repercussions of that for the benefit of some newsletter operators who are not me.
So there's the problem to be solved.
I’ve seen cases of “I very carefully opted out of your dark pattern, and then your automatically opted in my account after the fact”.
Unfortunately a lot of companies that will take your email for verification/password resets don’t keep that list away from their marketing department.
The question is, will it hurt the indie newsletter guys and gals, the people sending stuff you actually want? Certainly yes. They won't know if they're still giving their audience something of value.
The bigger problem, in my mind, is the unintended consequences of this. Will blocking tracking pixels actually cause those scummy marketers to send even more emails? My guess is, absolutely yes.
Post-tracking, nobody can prove the marketing department emails are ineffective or hurting deliverability by oversending, so let's blanket inboxes with as many as we can!
The immediate impact of Apple’s new feature is going to be a big increase in open rates. It’s going to be so hard to explain why that is not necessarily good.
Almost all newsletters are spam and should be treated as such.
Over the past few years we’ve seen that change, to where entire businesses have been built around putting the content directly into the email (The Skimm, Substack, Axios, etc). It will be interesting to see if it switches back, if clicks are the only thing senders can measure.
It doesn't have to be every month - each time someone reconfirms their interest, you could wait longer before asking again.
“Why did you stop sending it to me?”
“You didn’t say you it.”
Yes I did! 15 times!
Well, not this month.
It’s like consent for sex is supposedly supposed to be like today for some inexplicable reason.
Most spammers use that to make sure that an email is still active.
Which is of course the economic incentive that a company like Apple has to introduce these measures, it creates an asymmetry where Apple has all kinds of user information, but competitors don't.
And if you want to see the effect that declining ad revenue has on journalism you can just look at the decline of local journalism across the US as revenue shifted from advertisers to digital platforms.
It's completely fair to speculate that this is Apple's true goal, but I actually do feel a little bit better about Apple doing this than, say, Facebook, or Google. The reason I feel a little bit better is that Apple at least still has an actual business model where people give them money in exchange for a product. I'm willing to be charitable and speculate that at least some of the reason Apple releases services like this is that it will cause people to continue to buy iPhones (which are wildly profitable).
If that means journalists lose revenue, they should look for other ways. Using intrusive ads as an excuse for “otherwise we don’t have money” is just dumb. They’re free to think of other ways.
The best journalism I’ve read (ftm.nl, dutch) is a subscription service and they don’t rely on ads or tracking. The sites that do this kind of tracking, in my anecdotal experience, produce shitty journalism.
If this is bad for journalism, we’ll end up in that crisis and figure out a way that doesn’t use these methods.
You want the service, you don't necessarily need it from Apple though. That's the crux of this entire argument: Apple's black-box model is terrible for the industry. Apple is opposed to any roads that don't run through taxable lands, so it should come as no surprise that they want to tear down everything that keeps the web currently working. The less functional the internet becomes, the higher pressure there is to use native apps: that's likely part of why Safari is woefully broken and outdated compared to Chrome and Firefox.
> If this is bad for journalism, we’ll end up in that crisis and figure out a way that doesn’t use these methods.
We are already in that crisis. Whenever a paywalled link crops up on Hacker News, the first comment is always an archived version for the 99% of readers who would otherwise be unable to read that. Compared to the past 15 years of reporting, that's a direct downgrade. Adding synthetic friction to the flow of information never works: games get cracked, movies get shared, shows get ripped and music gets leaked. It's nothing new, and pretending like it's somehow not going to affect the next decade of reporting seems a little disingenuous to me.
That is true only if Apple competes with them, which is not the case at all.
They are a news aggregator and distributor, they are a customer of media and news agencies. Or a parasite, depending on point of view. Still not a competitor. They also still don’t compete with ad brokers and don’t do any targeted advertising.
> increasingly in the ad business itself (revenue is expected to rise to 11 billion in 2025, growing quickly)
These ads are in the Stores and keyword-based. Which is distasteful, but not quite the same level. Again, they don’t distribute ads, and are not in the market for targeted advertising. They don’t compete with ad networks, and if they weren’t doing that there would just be no ads on the store. Like it was not that long ago.
> in the exact same way digital platforms overall benefited from laying waste to the small and mid-sized ad-industry.
If the mid-sized ad industry does not rely on tracking, blocking invisible pixels in newsletter won’t affect it. If it does rely on tracking, then it can’t die soon enough.
Note: I'm not claiming that Apple is somehow a particularly bad actor in that regard. But their ads are not just keyword based. They track you, and sell access to you based on the information they collected, just like other adtech companies. Does that change your conclusions?
so it seems that the current revenue is a guess and the projection is a guess.
These small steps taken under the banner of "preserving the users' privacy" are also steps to make sure that all those clumsy users don't get offered something without giving Apple the opportunity to profit from it first.
And the only disarming response to this so far is "yeah, but that's fine for me. I WANT Apple to take control, they're the good guys with the cool products!"
But, people don't mind targeting when it is context-based, rather than user-based. Tracking is following a user or device. Context is, well, this is a website about camping, I'll pay for ads for my sleeping bags. The user isn't really part of the process, there is no tracking, just targeting which I am sure everybody is fine with if it doesn't cross the "tracking" line.
I mean good? Like you, I struggle to see the downside of this, really. Probably the only risk in the bigger picture is the degree to which wealthy billionaires fund free lies such as Brietbart or the Murdoch papaers, while actual research and journalism is pay-for. But the wealthy billionaires are doing that anyway, so it's hard to see much change.
I don't know about journalism per se, but for journalists, they presumably arrived at the status quo as the profit maximizing option, and removing it will, to varying degrees, impoverish them.
It is quite conceivable, for example, that every single journalist is better off if they make click-bait listicles instead of investigative journalism, but the profession as a whole suffers.
Maybe it's called for and in the consumer's best interest, but let's not pretend Apple is doing this for industry's bottom line.
I actually think there is a nice middle ground for something like a basic view counter, and some open rate data to be available in an aggregated, anonymous way.
Now I downright hate it. What does 'engaged' even fucking mean? One definition is that you're 'locked', so your attention is locked with them and not someone else. A public toilet cubicle will say 'engaged' when someone is in it.
For an email newsletter, you can see how well it's doing both by the number of subscribers on the list, and also by how many people click through and read the full article on your site. No tracking involved, you just send out an email and look at your logs for an uptick in traffic.
How is it any more happiness-centric to force people to “click through” again and again to read the full article? This is borderline reader-hostile in 2021.
The big revolution in email recently has been that the email itself is the product. Put all the content there; deliver 100% of the value with one click (the click that opens the email).
This is way better for the reader than having to click 12 separate times just to read a bit.
You can just have a link that you could log and rewrite in nginx/apache/caddy -> https://mysite.com/mailer/thepost --> https://mysite.com/thepost
Or just forget about all of that and just _ask_ people and make your decisions on that instead of extrapolating meaning through espionage.
Compare this with Apple Mail which proxies emails from a different, presumably non-Google IP address and which does so only when an email is downloaded in the background. So while you can't track IP address, yes, and you never could set cookies that I'm aware of without clicking a link first, this means you can still track "downloads" of your email to a local client, just not "opens" - and if your Mail app already downloaded images when the email was downloaded, then it's possible it won't even change that - you might not have been tracking opens this whole time... maybe.
I searched around and found some articles that makes the same claim, but in my own testing that doesn't seem to be the case (ie. I had to click on the email before image would start loading).
Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0 (via ggpht.com GoogleImageProxy)
A lot of people assumed this is what Gmail did, but it wasn’t actually the case.
(And no, I don't trust Apple not to associate this data with a user's Apple ID and datamine it in the future - if your country has lax privacy laws Apple will exploit it till the law says otherwise.)
Here's another perspective - now, even if I don't use Apple's iCloud backup or email services, Apple has found another clever way to learn about some of the marketing emails I receive. That information is very valuable.
Given the wretched state of privacy laws in the U.S. that seems an uncharitable position. Apple has far more business motivation to treat its customers well in that regard than to try to squeeze money out of their data.
Although you’d think they’d have motivation to treat developers better than demanding a 30% cut, so there’s that.
When Gmail first introduced this image proxy feature in 2013 it started showing images in emails by default, which is great. I researched blog posts from then and apparently a workaround that still worked was to serve a fake HTTP Content-Length header of "0" and Gmail's proxies wouldn't cache the image. It's unclear if this bug has been fixed or not, or if similar bugs affect Outlook's proxies, for example.
The rest of this post is speculation -
I wonder if it won't affect Apple's Mail app because Apple isn't loading images directly from a proxy, instead, the original URL is sent to the Mail app over IMAP or Exchange and then Apple will download the image by asking the Apple proxy for the unmodified URL. This means even if an existing Gmail or Outlook image proxy server can be tricked, it shouldn't affect the Apple Mail app.
That's not to say Apple Mail won't have other issues - for example, it shouldn't stop at images. Apple Mail supports CSS and web fonts, so theoretically all network traffic not destined to hit the IMAP server should go through the proxy if complete privacy is desired. I think the wording of the Mail app suggests it's more than just images.
And the way it's implemented, because it's not server-side, it does indicate that an email address checked using Apple Mail downloaded your email, so you know it's pretty likely there's a human at the other end and they use Apple Mail even if they don't know exactly when you opened the email for the first time, they know when your Mail app downloaded it and possibly when you received a push notification about it. Unless it caches content with every request, which it might, you might also know how many different Apple Mail clients downloaded the message and when which might still indicate patterns of use especially if you can create a network of tracking pixels across different email messages. Finally, nothing about the feature actually anonymizes links or prevents specifically tracking pixels, but that's probably a good thing until we invent local Content Blocker extensions for Mail app, for example.
You signed up for my private email list at https://sive.rs/
... but since you've never replied, I can't tell if you're a real person.
Please reply to this email and say anything, ideally something about yourself like where you are in the world. Or feel free to ask any question.
(I read and reply to all. This part isn't automated. It's just me.)
If you don't reply, I'll assume you're not getting this, and delete this email (redacted) from my system.
This person found that substack was ballooning a 59 character url to over 400 characters.
(same author, more detail): https://twitter.com/ShortFormErnie/status/133992146683031961...
I was hoping this incident would cause substack and others to pull back on the reins a little bit. The urls on these emails are redonk, and clearly the authors aren't happy about users missing out on content.
I agree that the amount of tracking going on in the Substack links is a bit aggressive, but I want to be careful to not put too much of the blame on them for the long links. Part of the problem is the service that Substack is using, Mailgun, is intended for transactional emails, rather than the newsletters that Substack is sending. My feeling is that Substack ramped up using Mailgun but probably needs to start building their own tech for doing this, because it’s clearly not suited for the Substack use case.
Thanks for sending the link—it is super-relevant to this issue.
Thank you for figuring out that character limit. We redesigned and recoded a template to get under it.
And tables and in-line styling are industry standard for one reason: Microsoft Outlook. It still uses the ancient and horrible HTML rendering engine from MS Word, instead of a modern HTML engine like literally everybody else uses. And a ton of senders care about Outlook because so many high-value subscribers use it (e.g. corporate staff at big companies).
The other factor is that the use of email to send long-form content is pretty recent. For a long time before, emails were either personal, marketing, or publishing with “click to read full article.” All pretty short.
The situation with Outlook should hopefully improve in the next year, as Microsoft is planning to make different versions of Outlook work basically the same, with the web version as the baseline: https://www.techradar.com/news/microsoft-wants-to-unite-all-...
The downside of this whole saga with Apple is that other than this Apple basically renders emails better than just about every other service—rendering essentially using the Safari engine. Gmail has improved but inlining CSS is still required because of it.
If everyone was working to a unified standard life would be easier for email senders … possibly even recipients.
2. The actual threat to the newsletter boom is that advertisers realise that, just like every other fad format before, newsletters aren’t a particularly better way to reach audiences, and so they will stop paying so much for the ad space. Or they will move on to some other fad format and demand will fall off a cliff.
Not possible without tracking.
This doesn't seem true -- I imagine that most tracking providers will start to simply ignore all link opens from Apple's proxy (I assume they'll be using Apple's IP ranges or otherwise be 'detectable').
DHH doesn't seem to recognize that Apple opens the link irrespective (the spy pixel will /always/ trip, not /never/ trip), so it should even be really easy to figure out which users are using Apple Mail.
That being the case, folks will only lack open data for Apple customers, without polluting the rest of the dataset.
58% of desktop opens just seems extreme given proportion of Mac vs PC use.
Also Hacker News: small independent publishers leveraging email for publishing shouldn't get engagement data on their independent newsletters.
Aggregate open rate data is vital to a newsletter. It makes it easy to spot delivery issues. It's an early indication of content quality, and important feedback loop.
I'm fully for blocking identifiable tracking. But isn't there room for a solution for anonymous engagement metrics?
Email newsletters are a great way for individuals to control their distribution channel built on top of federated, decentralized technology.
Adtech is the enemy.
No, it's not. Mine exists without it, and yours can too.
Senders that are using these pixels to measure engagement (as opposed to building user profiles) shouldn't have much to worry about.
They're "reading your emails" for functionality like spam filtering anyway. This seems like it would work on basically the same level as that kind of stuff.
This is how Gmail started as well, and now Gmail is a big source of profiling info for Google advertising.
So it will be interesting to see how Apple inserts itself into that setup to implement the image proxy.
Except for iCloud addresses, I'm pretty sure that that's not true for Apple Mail.
If you have the material for one, why not just put it up as a website? Provide people with RSS feeds? Maybe link the posts to FB/Instagram/TikTok whatever.
Why do I need to get that stuff as an email?
People sign up for email newsletters, people dont subscribe to RSS feeds. They do visit websites, which is how I read the couple substack authors that I do; but if you've already got the content why not email as well?
Email is not a thing I use to read long-form content like newsletters. It just doesn't match my workflow at all.
When I receive an email I expect it to be something actionable, something I need to react to, not "Hey, here's some cool stuff for you to read and a bunch of links". I have Twitter, RSS and other platforms for that.
But why would heavily technical people want to clutter their inbox voluntarily with newsletters? Do some people enjoy reading long-form newsletter content in their email client that much?
It does load all the images independently of the user opening it.
My guess is that the server will pull a copy of everything as soon as the email is received and bundle it all into an inline blob that goes to the client.
The general assumption of many people seems to be that Apple is taking effort to make their user Anonymous.
But quite clearly it can not be in their interest to make them Anonymous to Apple.
To be quite blunt: If Apple's strategy serves them right, their future user should be free to choose in all areas of his life from the options Apple curated for him.
I use mutt. And this is proof that it does the job.
I thought the only ones loaded were ones embedded as an attachment. Is that not the case?
But the purpose of the proxy is to shield the end-user's IP address, and probably their user agent, too. Some email providers already do this. If you load an image from a Yahoo mailbox, for example, the reported user agent is "YahooMailProxy; https://help.yahoo.com/kb/yahoo-mail-proxy-SLN28749.html".
If it’s loaded from an Apple ip you know Bob has an Apple device.
But if you do download a tracking pixel, email marketers already know you are using an Apple device. I see the Mail Privacy Protection feature as being primarily for people who want to automatically download images while sending less PII.
In the upcoming mail client changes, the mail client will be able to background-load those "unloaded images" through a proxy at Apple.
We don't yet know how that new behavior will intersect with the "don't load images until i permit it" behavior that you have enabled today, but presumably they can coexist peacefully as two options (that I'll be expecting and checking for, later on in the beta cycles):
"Background-load images when new mail arrives" Y/N
"Use Apple's privacy protecting proxy to load images" Y/N
I also understand that you want to collect some data on how your newsletter is doing, it's just because mail isn't really designed for this that we can't separate between anonymized data collection and user tracking. That's maybe something RSS is better suited for.
It is the best.
We don’t owe advertisers a viable business. If their business plan depends on them sucking in private information without my consent, well, fuck them.
Usually you are dealing with the actual company sending the newsletter, at that point, and not the advertising industry.
Better to think of marketing engagement tracking through these dark patterns as being a form of forcibly getting you to fill out a comment card at a restaurant than to think of it as having anything to do with advertising.
And Apple can respond “nothing” until it sees the UUID at least X times or something.
Which is really fun when a sender uses only HTML eMail, and has nothing at all for the plain-text portion. Those tell me that this is a particularly crappy marketer that is really only going for the low-hanging fruit, much like what Nigerian Princes do in their scams.
But then again, I have a very dim view of marketing eMails anyhow. If I have a need, I’ll research it. Wait until I explicitly reach out; don’t call me, I’ll call you.
It will hide your IP and open status from the sender, but not the fact that that sender emails you from Apple.
Android users are more likely to use Gmail which proxies the images so you can't tell what device it was opened on.
If Google is already doing something similar for gmail then android statistics would be ignored or worthless.
Yes I'm reading your emails. Your email vendor is simply lying to you when they say they know when emails are not being read. Quit believing them.
Maybe this move by Apple will finally get the message across.
Aren't images in HTML emails initially disabled in most "proper" mail client (like Outlook), exactly to prevent tracking through things like tracking pixels? I thought that's standard practice since at least a decade.
If I’m correct then how this is going to hurt newsletter publishers?
(I'm honestly curious)
Needle in the haystack:
> But after conversations with newsletter writers and media executives today, I’m not sure that people doing email-based journalism have all that much to worry about from the shift.