Dandy Cat

Dandy Cat

The Tracking Pixels Are Coming from Inside the Emails!

It’s become damn hard to find services online that respect both its direct and indirect users.

We all know about the well-documented practitioners of invading your personal privacy—Facebook, Google, and the like. Their actions are so blatant and widespread that it’s almost become commonplace.1 They’re not going to start respecting their users until, probably, a collection of large world governments forces them to do so.

It’s a massive hurdle, and one that should be leapt over sooner rather than later.

What feels like a more manageable feat at this time is turning our attention toward smaller entities. I’m thinking of email marketing services. There’s no shortage of options available to someone who wants to blast out an email to one person or a million people. You’re likely familiar with Mailchimp, Campaign Monitor, Constant Contact, and ConvertKit. That’s just a small drop in the email marketing bucket; there are many other options to choose from.

What’s remarkable about all of them is the sneaky way they turn the use of invasive tracking pixels into a feature. Tracking pixels, spy pixels, tracking images, or whatever you want to call them are bits of code placed inside an email. They tend to be small images created by that code, usually the size of a single pixel, that run when a recipient opens a message and loads the content within. They can track numerous aspects of the email you just received:

  • Did you open the message?
  • How many times did you open it?
  • What links did you click or tap on in the email?
  • What device were you using when you viewed it?
  • Where were you when you opened the email?

All of them offer this ability, and they all describe this feature with jazzy language about its immense benefits. From Mailchimp:

You can easily find out who has interacted with your marketing, and whether they’ve clicked, bought, or downloaded, so you can create more content that resonates with them.

From Campaign Monitor:

Campaign Monitor drives you through the [actionable insights] process with a complete set of reports, giving you the data you need to revise your strategy and exceed your goals.

From ConvertKit:

Understanding how your audience interacts with your emails helps you make better decisions in the future.

What all that boils down to is “we’ve placed invisible code into your email that runs whenever your recipients open them, and all without your or their express consent, because marketing!”

At this point, I should mention that there is at least one email list service that offers the option, and now enables it by default, to turn off its tracking pixels. Buttondown is a service created and “run by a human” named Justin Duke. I’ve enjoyed using it for a while now, and I’ll probably stick with until the end of my days.

I’ve used ConvertKit in the past for Dandy Cat’s email list service. It’s okay. They’re all just… okay. About a year ago, after learning what these tracking pixels are and what they can do, I asked them if it was possible to turn off their pixels. Their official support message was a friendly, but unsurprising “we’re perfectly fine with how our tracking pixels work and will continue making this a feature of our service.”

None of these larger companies have any interest in changing this default behavior, or even giving users an option to turn it off. Why would they? This analytics information is their bread and butter, which is why they’ll never stop using them if they can help it.

In a Daring Fireball post made on September 3, 2020, John Gruber writes:

Just because there is now a multi-billion-dollar industry based on the abject betrayal of our privacy doesn’t mean the sociopaths who built it have any right whatsoever to continue getting away with it. They talk in circles but their argument boils down to entitlement: they think our privacy is theirs for the taking because they’ve been getting away with taking it without our knowledge, and it is valuable.

This was written specifically about ad industries balking at Apple’s use of permission dialogs informing their users that apps may be tracking them. However, I think it also applies perfectly in the case of email marketing services. There’s money to be made from the tracking of their emails, so why wouldn’t they try to grab as much as they can? Nobody’s stopping them. Heck, most people don’t even know they’re doing this!2

They package these tracking features with a neat, clandestine bow and reap the rewards. They sell them as a sorely needed benefit to their users, but it’s really an insidious method of making money. Not only that, but they can get away with it because they include language in their respective privacy policies stating that they collect this information. That in itself is frustrating—“we’re allowed to collect personal and sensitive information about you because we tell you that we’re collecting this information.” Talking in circles is right. You can see this in action in Mailchimp’s privacy policy. Marvel at how dense and filled with legal-ese that thing is.

I can guarantee you that if this technology gets taken from them—the email marketing services, the ad agencies, the social networks—they will collectively cry foul. They would insist that their earning potential, hell, their entire existence, would be in jeopardy because they’re not able to sell our stolen personal information. In fact, Mark Zuckerberg was one of those people that balked at Apple’s decision to implement those tracking permission dialogs in their software. Business Insider reports:

Facebook CEO Mark Zuckerberg took aim at Apple on Thursday over its plans to limit advertisers’ ability to track iPhone users, suggesting the proposed changes could hurt small businesses and, by extension, the broader economy.

During Facebook’s quarterly earnings call, Zuckerberg told investors that “actions planned by platform companies like Apple could have a meaningful negative effect on small businesses and economic recovery in 2021 and beyond.”

I feel we can agree that Zuckerberg’s motivations in this matter are less about the health of small businesses and much more about obscuring Facebook’s boundless tracking of its users. Tracking that has a significant influence on Facebook’s bottom line.

Our private information is currently theirs for the taking, and they sell it off to advertising agencies who use it to display personalized ads on the websites and apps we visit. It’s often said that if you’re not paying for a product, then you are the product. The way the internet has evolved, this saying should be amended to be “if you’re online in any way, then you’re the product.”

It’s all bullshit, none of it should be allowed, and our personal information should be respected far more than it is. I don’t see that happening without powerful intervention, much in the way that GDPR was created intending to protecting citizens of the European Union and the European Economic Area. If that’s what it takes, then I welcome it. Our personal information should be ours alone.


  1. Although, still shitty. However, it’s outside the scope of what’s going to be written here. [return]
  2. And believe me, it’s happening to you, too. [return]