Even without a VPN, when websites (including Apple Store) try to guess my location through IP they get nowhere near.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Putting a Stop to Email Tracking Pixels With Mail Privacy Protection in iOS 15 and macOS Monterey
- Thread starter MacRumors
- Start date
- Sort by reaction score
Even without a VPN, when websites (including Apple Store) try to guess my location through IP they get nowhere near.
This is awesome! Although I have a custom list of email tracking domains I accumulated from years of browsing in AdGuard, it doesn’t not mask one’s IP.
One thing I did notice is that a lot of newsletters eventually unsubscribed me because they see me never open their emails as tracking pixels are not loaded upon opening. A few are quite difficult to opt back in.
One thing I did notice is that a lot of newsletters eventually unsubscribed me because they see me never open their emails as tracking pixels are not loaded upon opening. A few are quite difficult to opt back in.
This doesn't prevent tracking pixels. Ad companies already hash/map your email into the filename of the image, and when you request it, they know exactly which email opened the message. The few that aren't doing this already will make the change LONG before Monterey is released.
I don't allow loading of remote images. It's a pain. For a long time I've wished I could whitelist some of the companies I don't mind knowing when I receive a message.
But this setting ain't gonna achieve much/anything of what it purports.
I don't allow loading of remote images. It's a pain. For a long time I've wished I could whitelist some of the companies I don't mind knowing when I receive a message.
But this setting ain't gonna achieve much/anything of what it purports.
That is what I mean. If you search my IP you get my provider. Comcast.
Roughly the right city, wrong zip code even.
But it still shows them it was opened to spam you more which is wht they want. So how is it better then blocking remote images like before?
It builds a very complete profile of you over time. It would know what time you wake up (when you check your emails), when you go to work (a business IP address accessing).
I could link you some big email marketing companies that have a complete suite of omnichannel profile building tools that combines all data including your browsing history on third party site.
Update: the big ones are SailThru, Klavio, Customer.io. MailChimp is not that bad.
I’m not 100% positive, but I read this line:
“When you receive an email in the Mail app, rather than downloading remote content when you open an email, Mail Privacy Protection downloads remote content in the background by default - regardless of how you do or don't engage with the email. Apple does not learn any information about the content.”
… as meaning that Apple’s service will automatically download remote content through THEIR proxy servers (possibly anonymized), whether the email was ever opened by the user or not. This would result in the sender not having reliable tracking data. If every email they send is automatically loaded by a proxy server with a scrubbed IP, their data is mostly noise and no signal. It could essentially render most remote tracking pixels/images/etc useless to the sender, because it doesn’t tell them anything about the user’s behavior. Including whether the end user actually ever opened the email or not. It may look to the sender as if every email was always opened immediately, but that’s not actually what’s happening. The more widely adopted this feature is, the less reliable the data is for the senders.
I could be misunderstanding, but that’s how I read this.
I dont think anyone is saying it does nothing. Sure its great to stop data collection like that.
But how does it prevent spam? If they can see you opened the email since the images are being loaded, remotely or not, they know you area human to keep spamming you.
But my issues is still the above. Great and all but it still tells the sender- hey thats a real working email address who opened our message- keep spamming them with our emails.
Whitelisting seems a much better solution. I suppose Apple can’t charge for that though since you do it yourself.
I think a lot of you guys are really missing how this works. The remote content IS loaded by Apple and is NOT blocked in an ad blocker fashion. What happens is that 100% of the content is loaded whether or not you eventually open the email. This way the request that says the email was opened is always fulfilled, making the data useless to the advertiser. In addition, since it's going through a proxy, the location the advertiser gets will be imprecise.
But it also sounds like every spammer is sure my address is real. And probably that I use Apple products.
Plus if this behaviour changes in the future they will know to double down on spamming me with Android/Windows products.
Seeing that there are over 2.8 Billion Facebook users who don't give a crap about being followed everywhere and being profiled, there's 2.8 billion people right there who couldn't care less about remote loaded email images revealing their IP address.
Every website on earth records the IP address of each visitor. It's standard stuff in web logs
Every website on earth records the IP address of each visitor. It's standard stuff in web logs
Right but unless everyone on earth does that they are just going to keep spamming people who opened. Rather than it coming back unopened and giving up at some point.
It's really being misrepresented as spam/pixel tracking blocking when it's not if that is the idea to it.
I struggle to see how this is better than disabling remote images still which does both- no open data, no data at all since it was never read.
I get this may be a good middle ground for the average person not to fiddle with images, but they failed to explain the differences completely considering it was a big part of the tech nerdy privacy section in a developer conference of tech nerds.
Last edited:
Trouble is you can't do it yourself now. Last I checked there was no mechanism to automatically load remote images (via rules/automator/etc). Maybe the new Shortcuts will allow this, but I'm not optimistic.
I suppose I could run a rules-initiated AppleScript to press the button, but I've gone down this route in the past and it never works reliably.
Not so long ago (well several years actually) I used an EMail-Client that didn't even support HTML and whenever I got an EMail with only HTML in it I know it was either SPAM or from someone not worth communicating with.
Sadly thats no longer an option.
Sadly thats no longer an option.
Bingo! This is exactly what the feature does.
Surely if Apple had the option to ban all images but allow through any domains that appear in your address book that would immediately resolve 99% of cases.
I agree that this is not a great solution for spam (where the sender is interested to learn if the email address is valid). But for other types of promotional emails it absolutely helps. In that case the sender already knows that the address is valid, and is mainly interested to learn if the user actually opens the email. There are also services that allow creeps to send emails with spy pixels. From what I understand with this feature Apple will always load remote content whether you open the email or not, which will make the information worthless if millions of Apple users use it.
Some trackers are absolutely interested in the IP address since it provides an approximate location. Also, most ISPs these days change IP addresses only very infrequently. My ISP (a big cable provider) hasn't changed mine for months. Even rebooting my modem doesn't change it.
From what I understand the email tracking protection is free (it doesn't seem to be part of the iCloud+ package).
Yes, that is the idea: turn all these tracking pixels into noise eventually by making them all false positives, but someone has to do it first, and that first someone is Apple. Hopefully, Google and others will follow as well, but even then, Apple has a large enough user base to make advertisers nervous, as evidenced by the article referenced here.
I don't think it's misrepresented all that much. If you read Apple's description of the feature, it says what I said.
I think many complaining that this doesn’t do anything have misunderstood what Apple is doing.
First, yes. Advertisers are going to email you something with a uniquely-named image (or whatever). And they’ll know that you got the email as soon as they get the request for that image.
But the key point is that Mail will now auto-download all those images the moment the email is received, and never again.
So the advertisers will know that you received the email…and that’s it. They won’t know if you actually opened it; they’ll just know that it was delivered.
And, if Apple does even the slightest, most-obvious next step…they’re going to cache these images — at a minimum, per user, if not globally. So, if you forward the email and whomever you forward it to also uses Apple Mail, Apple won’t make a new request for that image; your friend will get Apple’s previously-cached copy of the image. And if you first read it on your Mac and later read it on your iPhone, your iPhone will again get Apple’s cached copy.
The worst that happens is that the advertisers know that your email address is “live,” but that’s it.
Cheers,
b&
First, yes. Advertisers are going to email you something with a uniquely-named image (or whatever). And they’ll know that you got the email as soon as they get the request for that image.
But the key point is that Mail will now auto-download all those images the moment the email is received, and never again.
So the advertisers will know that you received the email…and that’s it. They won’t know if you actually opened it; they’ll just know that it was delivered.
And, if Apple does even the slightest, most-obvious next step…they’re going to cache these images — at a minimum, per user, if not globally. So, if you forward the email and whomever you forward it to also uses Apple Mail, Apple won’t make a new request for that image; your friend will get Apple’s previously-cached copy of the image. And if you first read it on your Mac and later read it on your iPhone, your iPhone will again get Apple’s cached copy.
The worst that happens is that the advertisers know that your email address is “live,” but that’s it.
Cheers,
b&
Don't even need it to be that smart. And arguably it isn't that smart, because I'm not going to add every single company I *do* want to whitelist to my address book.
Easy feature is when you click "Load remote content" it turns into "Always load remote content from this address", and adds it to your whitelist.
Or even just add the ability to "Load remote content" as an action the Rules can execute. Then I can manage it myself.
But it doesnt prevent spam like the made it sound. It prevents them from collecting personal data via spam. That's about it.
They also ignored whether this is better or worse than disabling remote image loading. Considering in theory no remote images means zero data for them. So is that ht better way? 🤷♂️
But its not "stopping tracking pixels" as being implied. Just the data from if if you do open the email. Which disabling remote images already did anyway both respects- no open data and no personal data from that open (since never opened)
For a tech nerd developer conference, they really didnt explain it well. I get if it was a more consumer public type of show that this is a good default middle ground, but geez.
The feature is called "Mail Privacy Protection" and this is the description. Where is spam mentioned?
This is exactly why most people disable remote-loaded images.
When a company sends spam and the pixel is loaded, they know the address is live. That's valuable. That's used and resold.
The fact that Apple immediately and automatically confirms the address is live (but this isn't done across the internet for all addresses, it's ONLY done for live addresses) means this feature is actively harmful to anybody who really cares about tracking pixels.
I have domain placeholders that forward to my icloud-managed email. If every single one of those spam messages I get for all the guessed emails are confirmed as live, then my spam is going to grow exponentially. MOST of it is filtered now. But the ones that aren't are going to grow exponentially too.