The use of hidden ‘spy pixels‘ in standard emails is now ‘endemic‘, according to an investigation by email service Hey.
Hey analysed its traffic at the BBC‘s request and discovered that nearly two-thirds of emails sent to users contained invisible spy pixels.
Spy pixels, aka web beacons or tracking pixels, are tiny 1×1 images that can be embedded into messages to track a variety of data points. These images, which include .GIFs and .PNGs, are designed in such a way that they easily merge with the email content and remain invisible to the eyes of the recipient.
Spy pixels can let the sender know if and when the receiver opened the email, how many times was it opened, what device was used to see the email, and sometimes even the user‘s approximate physical location.
The way the technique works is very simple: when a user opens the email, the spy image is automatically downloaded on the system. The image request then lets the server know that the user has opened the email. Servers may also record how many times the email was opened, or the IP address linked to a user’s location.
‘On average, every Hey customer receives 24 emails per day that attempt to spy on them,‘ said David Heinemeier Hansson, co-founder of Hey.
‘The top 10 per cent of users receive more than 50.‘
‘We’re processing over 1 million emails a day and we’re just a tiny service compared to the likes of Gmail, but that’s north of 600,000 spying attempts blocked every day.‘
The proponents of this tracking technology argue that it is a standard practice in marketing across all industries. It allows marketers to measure users‘ engagement levels, and potentially to send follow-up messages when they find that the receiver has read the message but not responded.
For Hansson, these tiny images represent a ‘grotesque invasion of privacy‘.
Critics of the technology also argue that its use is not always transparent enough.
The UK’s data protection watchdog, the Information Commissioner’s Office (ICO), uses pixels to track email openings in its newsletter, according to the BBC.
The watchdog told the news outlet that it used the technology to track email openings, but not users’ locations.
‘We’re working with our provider to remove the pixel functionality and this should be completed soon,‘ ICO stated.
Educating yourself and your employees with Cyber Security Awareness Training is best way to start ensuring your business is protected from cyber-attacks.
Learn more about Cyber Security