ProtonMail Enhanced Tracking Protection
One of the many reasons why ProtonMail is awesome is how they continuously innovate and improve upon their already stellar product. Case in point, I’ve been using ProtonMail as my primary personal email provider for many years, yet I saw something brand new this week.
Email is sneaky because what appears to be innocuous is often… less so. Due to this, I configure every email client that I use, be it ProtonMail’s web UI for personal use or the macOS Outlook client for work, to avoid downloading images in email automatically. I do this because companies will place tracking pixels in email to notify them when a message is opened, from what IP address, and sometimes even information about the opening system. A quick search will yield all sorts of positive articles from marketing blogs about how to use tracking pixels, but the more privacy-minded view them as just another way for companies to collect a dossier of information about us in the name of “personalization.” In reality, I’m not going to engage with your spam email regardless of how personalized it is, so I’d prefer to keep as much of my information out of the hands of marketing and advertising companies as possible.
Blocking images in email isn’t surgical, though; I can’t tell my client to only blocking tracking images. Blocking tracking pixels means every image is blocked, which frequently renders an email more or less useless. While that’s often fine for spam, occasionally there’s content I’d like to see, and in those cases I’ll opt to download the images in order to see an email properly. I did this recently with an email from Goodreads, and that’s where I saw this new feature of ProtonMail:
Toward the upper-right corner of the email, just below the time, is a small shield icon with a number on it. Hovering my mouse over this told me it was how many trackers had been blocked. Clicking on it provides me with even more detail on the trackers:
Email trackers can violate your privacy. Proton found and blocked 1 tracker.
I figured this had to be a new feature since I’ve never seen it before. I don’t frequently load images in my received emails, but I do it often enough that I don’t think I would’ve missed seeing something like this multiple times. My DuckDuckGo-fu was apparently weak, though, because I couldn’t find anything specific online about it. The closest I came was digging up a thread in the ProtonMail discussion forum about trackers which linked to a tweet from the official account that they’ve been blocking trackers since the beginning.
By default, we already block all trackers in emails, and we have been doing this already for many years 🙂
I also reached out to a friend who uses ProtonMail, and she thought she had seen the same thing for the first time recently but wasn’t absolutely certain. My primary thought was that perhaps showing the information about the trackers blocked was something new, even if trackers have been blocked for years. I do almost exclusively use the beta version of ProtonMail, so seeing new features would be expected. I ended up throwing out my own tweet about it, and a little while later the good folks at ProtonMail replied:
Hello! While we have blocked remote content to mitigate email trackers in the past, we have now added enhanced tracker protection to the beta version of our web client ( https://mail.protonmail.com). You can learn more here: https://protonmail.com/support/knowledge-base/email-tracker-protection/.
Mystery solved! The new enhanced tracking protection is a rather slick feature. The big key to it is that the remote content is loaded via a proxy, with none of the user’s personal information being exposed to the hosting server:
We look for remote image URL references that could be used to track you, and download them on your behalf using a proxy with a generic IP address and geo-location, thus hiding your personal information.
What’s really nice is that this means there’s not really a reason to avoid automatically loading images in email from ProtonMail’s web UI.
Originally published at https://looped.network on December 24, 2021.
