MacRumors

macrumors bot
Original poster
Apr 12, 2001
53,008
14,749


Tracking when you've opened up an email and what you've read is something that many companies and advertisers rely on for their marketing efforts, plus there are email clients out there designed to let users know when the emails they've sent have been opened up.

ios15-mail-privacy-feature.jpg

Much of this tracking is facilitated by remote images that load when viewing an email, and some of it is even sneakier, with advertisers using invisible tracking pixels. Tracking pixels are hidden graphics that you might not see in an email, but your email client loads them, allowing senders to gather data from you. Senders can see that you've opened an email get other information, such as your IP address.

With iOS 15, iPadOS 15, and macOS Monterey, Apple is putting a stop to email tracking with a suite of Mail Privacy Protection features.

Mail Privacy Protection is not enabled by default, but Apple will highlight it as an option when you upgrade to iOS 15 or iPadOS 15. If you're running one of these updates, you can turn it on in Settings > Mail. Tap on "Privacy Protection" and then toggle on "Protect Mail Activity." In macOS Monterey, open up Mail, go to the Mail Preferences, and then click on Privacy. From there, toggle on Protect Mail Activity.

mail-privacy-protection.jpg

When enabled, Mail Privacy Protection hides your IP address and loads all remote content privately in the background, routing it through multiple proxy services and randomly assigning an IP address.

Here's how Apple describes the feature in full:
Emails that you receive may include hidden pixels that allow the email's sender to learn information about you. As soon as you open an email, information about your Mail activity can be collected by the sender without transparency and an ability to control what information is shared. Email senders can learn when and how many times you opened their email, whether you forwarded the email, your Internet Protocol (IP) address, and other data that can be used to build a profile of your behavior and learn your location.

If you choose to turn it on, Mail Privacy Protection helps protect your privacy by preventing email senders, including Apple, from learning information about your Mail activity. When you receive an email in the Mail app, rather than downloading remote content when you open an email, Mail Privacy Protection downloads remote content in the background by default - regardless of how you do or don't engage with the email. Apple does not learn any information about the content.

In addition, all remote content downloaded by Mail is routed through multiple proxy servers, preventing the sender from learning your IP address. Rather than share your IP address, which can allow the email sender to learn your location, Apple's proxy network will randomly assign an IP address that corresponds only to the region your device is in. As a result, email senders will only receive generic information rather than information about your behavior. Apple does not access your IP address.
It's worth noting that senders will see an IP address that corresponds to the region where you're located, giving them generic information about your behavior that is non-specific and cannot be used for building a profile of your behavior.

You could previously block email trackers by blocking the loading of remote content in the Mail app on iOS and macOS, but Apple's new feature is superior because you can still view all email content as normal while Mail Privacy Protection works in the background with no visual compromises.

Email senders can still monitor your behavior with tracked links that you will need to be mindful of, but the behind the scenes tracking that you might not notice won't happen.

Mail Tracking Privacy pairs well with iCloud Private Relay, a feature that's included in iCloud+. iCloud+ is just Apple's name for its paid iCloud plans, which start out at $0.99 per month. With that $1 per month, all the traffic that leaves your device is routed through two separate internet relays so advertisers can't see your IP address or location, nor can they link your browsing history to this information to build a profile about you.

icloud-private-relay.jpg

iCloud Private Relay is not quite a VPN, but it's similar, and it's an incredible feature for the less technically inclined that would not think to use a VPN or wouldn't know how, such as elderly people who need the most protection from tracking and scams.

Apple's plans for iCloud Private Relay and Mail Tracking Privacy are already worrying advertisers, according to a report earlier this week from The Wall Street Journal. Ad-measurement firm Branch Metrics' CEO Alex Austin said that Private Relay could be "vastly more damaging to the advertising ecosystem than the App Tracking Transparency measures implemented early this year. "If IP were to go away entirely, it would be very challenging for a lot of companies to operate," he said.

As for Mail Privacy Protection, advertisers are "surprised" that Apple blocked tracking in emails because of how much harder it will be for brands to know if their emails are working.

These new privacy features could spur Google to adopt similar measures for Chrome, and a Google spokesperson confirmed that Google is indeed considering similar features for blocking IP addresses.

iCloud Private Relay and Mail Privacy Protection alone are enough reason to upgrade to the newest software when it becomes available this fall, but the rest of the features coming in iOS 15 and macOS Monterey can be found in our roundups.

Article Link: Apple Putting a Stop to Email Tracking Pixels With Mail Privacy Protection in iOS 15 and macOS Monterey
 

mdnz

macrumors 6502
Apr 14, 2010
386
940
The Netherlands
If the email is parsed and loaded by Apple, won’t a sender still know their email has been received and the time it was shown to the user?

It's not loaded and parsed by Apple. It works similiar to an ad blocker but only for this use case. It checks for a tracking pixel and blocks it from loading. If the sender uses other tricks, they'll probably still get through.
 
  • Like
Reactions: Khedron
Comment

Khedron

macrumors 68020
Sep 27, 2013
2,275
4,565
Can someone clarify; if an invisible pixel is associated with my email address then what does it matter how many proxies it goes through? If that image is loaded they know it was my email address that did it. Is this literally just hiding my IP and nothing more?
 
Comment

Khedron

macrumors 68020
Sep 27, 2013
2,275
4,565
It's not loaded and parsed by Apple. It works similiar to an ad blocker but only for this use case. It checks for a tracking pixel and blocks it from loading. If the sender uses other tricks, they'll probably still get through.

What if it’s changed to a tracking banner instead of a single ‘invisible’ pixel?

Will this actually take trackers longer than 5 minutes to circumvent?
 
Comment

ArtOfWarfare

macrumors G3
Nov 26, 2007
9,190
5,182
This really does virtually nothing to improve your privacy.

Tracking pixels are generally unique to the email. They don't care what IP address you open the email from - they care that they sent an email to an address, and it got opened. The person trying to snoop on you has still learned that yours is a valid email address that an actual human looks at and they've also learned what time that human looked at it.

Your IP is already randomly changing - your ISP changes it periodically, and if you're on a mobile device, you likely change between networks entirely periodically, meaning your IP is changing.

Apple seems to be offering something that's of zero value for $1/month, and what's worse is they're advertising it. It's basically snake oil.
 
Comment

Khedron

macrumors 68020
Sep 27, 2013
2,275
4,565
This really does virtually nothing to improve your privacy.

Tracking pixels are generally unique to the email. They don't care what IP address you open the email from - they care that they sent an email to an address, and it got opened. The person trying to snoop on you has still learned that yours is a valid email address that an actual human looks at and they've also learned what time that human looked at it.

Your IP is already randomly changing - your ISP changes it periodically, and if you're on a mobile device, you likely change between networks entirely periodically, meaning your IP is changing.

Apple seems to be offering something that's of zero value for $1/month, and what's worse is they're advertising it. It's basically snake oil.

Yep “Protect Mail Activity” seems like a dangerously hyperbolic way of saying “we slightly limit the information gained through one very specific tracking method”.
 
Comment

axantas

macrumors 6502a
Jun 29, 2015
598
567
Home
If the email is parsed and loaded by Apple, won’t a sender still know their email has been received and the time it was shown to the user?
Good question. As the "tracking pixel" or even the pictures are quite often personalized, the option "do not load pictures" is somewhat more secure. But I think, Apple might have been aware of this, creating that feature.
Nevertheless - how are the pictures de-personalized?

If the image as345aosdifzpqwoez.jpg is parsed it points to my mail address, while the same picture 3497asooidg.jpg points towards someone else.
 
Comment

Carlson-online

macrumors regular
May 27, 2004
168
410
This is easily bypassed though by assigning a unique reference to any of the images. For example, your company logo could be domain.com/<guid>/logo.png, where guid is a reference in your backend database related to the email address you sent it to.
 
Comment

splitpea

macrumors 65816
Oct 21, 2009
1,019
248
Among the starlings
Does this mean they’re removing the option to block images? As pointed out above, this does not block tracking of email opens, since tracking image URLs are specific to the recipient.
 
  • Like
Reactions: tigerintank
Comment

jk1221

macrumors regular
Feb 1, 2021
178
601
Can someone clarify; if an invisible pixel is associated with my email address then what does it matter how many proxies it goes through? If that image is loaded they know it was my email address that did it. Is this literally just hiding my IP and nothing more?

This really does virtually nothing to improve your privacy.

Tracking pixels are generally unique to the email. They don't care what IP address you open the email from - they care that they sent an email to an address, and it got opened. The person trying to snoop on you has still learned that yours is a valid email address that an actual human looks at and they've also learned what time that human looked at it.

Your IP is already randomly changing - your ISP changes it periodically, and if you're on a mobile device, you likely change between networks entirely periodically, meaning your IP is changing.

Apple seems to be offering something that's of zero value for $1/month, and what's worse is they're advertising it. It's basically snake oil.

This.

I couldn't care less, ok a little, if they have my IP. That is really a secondary issue to spam.

If they know I opened the email they are going to keep sending them spam since they see an open.

This is misleading then. It is really a shielding of your IP than "protection"

So if you want to really block them seeing it opened you still ahve to use disable images then and not this feature (cant use both)
 
Comment

4jasontv

macrumors 601
Jul 31, 2011
4,221
4,651
Can someone clarify; if an invisible pixel is associated with my email address then what does it matter how many proxies it goes through? If that image is loaded they know it was my email address that did it. Is this literally just hiding my IP and nothing more?

What if it’s changed to a tracking banner instead of a single ‘invisible’ pixel?

Will this actually take trackers longer than 5 minutes to circumvent?
The only way to fight this, that I can think of, is to mark all emails that have such tracking as read. Combine this with disposable email and spam filters and the reliability of tracking decreases.
 
  • Like
Reactions: Lyoha
Comment

Crzyrio

macrumors 68000
Jul 6, 2010
1,518
968
This really does virtually nothing to improve your privacy.

Tracking pixels are generally unique to the email. They don't care what IP address you open the email from - they care that they sent an email to an address, and it got opened. The person trying to snoop on you has still learned that yours is a valid email address that an actual human looks at and they've also learned what time that human looked at it.

Your IP is already randomly changing - your ISP changes it periodically, and if you're on a mobile device, you likely change between networks entirely periodically, meaning your IP is changing.

Apple seems to be offering something that's of zero value for $1/month, and what's worse is they're advertising it. It's basically snake oil.

You are very much underestimating level of detailed info that is collected about you even from this minor trackers.

And even if your IP Address does change, the profiles that have been built on you by these trackers can very easily associate it with your new IP Address. That is the point of this, to slow down the profile being built and/or linked to you.

It is not solving the problem, but it is progress.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.