There are a lot of different ways to track email, and different techniques can lie anywhere on the spectrum from marginally acceptable to atrocious. Responsible tracking should aggregate a minimal amount of anonymous data,\u00a0similar to\u00a0page hits: enough to let the sender get a sense of how well their campaign is doing without invading users\u2019 privacy. Email tracking should always be disclosed up-front, and users should have a clear and easy way to opt out if they choose to. Lastly, organizations that track should minimize and delete user data as soon as possible according to an easy-to-understand data retention and privacy policy.<\/p>\n
Unfortunately, that\u2019s often not how it happens. Many senders,\u00a0including the U.S. government<\/a>, do email tracking clumsily. Bad email tracking is ubiquitous, secretive, pervasive, and leaky. It can expose sensitive information to third parties and sometimes even others on your network. According to a\u00a0comprehensive study from 2017<\/a>, 70% of mailing list emails contain tracking resources. To make matters worse, around 30% of mailing list emails also leak your email address to third party trackers when you open them. And although it wasn\u2019t mentioned in the paper, a quick survey we did of the same email dataset they used reveals that around 80% of these links were over\u00a0insecure, unencrypted HTTP<\/a>.<\/p>\n Here are some friendly suggestions to help make tracking less pervasive, less creepy, and less leaky.<\/p>\n Read more at\u00a0EFF<\/a><\/p>\n