Beautiful Virgin Islands

Tuesday, Jun 24, 2025

'Spy pixels in emails have become endemic'

'Spy pixels in emails have become endemic'

The use of "invisible" tracking tech in emails is now "endemic", according to a messaging service that analysed its traffic at the BBC's request.

Hey's review indicated that two-thirds of emails sent to its users' personal accounts contained a "spy pixel", even after excluding for spam.

Its makers said that many of the largest brands used email pixels, with the exception of the "big tech" firms.

Defenders of the trackers say they are a commonplace marketing tactic.

And several of the companies involved noted their use of such tech was mentioned within their wider privacy policies.

Emails pixels can be used to log:

*  if and when an email is opened

*  how many times it is opened

*  what device or devices are involved

*  the user's rough physical location, deduced from their internet protocol (IP) address - in some cases making it possible to see the street the recipient is on

This information can then be used to determine the impact of a specific email campaign, as well as to feed into more detailed customer profiles.

Hey's co-founder David Heinemeier Hansson says they amount to a "grotesque invasion of privacy".

Without special software, it is not easy to spot which emails contain a tracking pixel
And other experts have also questioned whether companies are being as transparent as required under law about their use.
Invisible beacons


Tracking pixels are typically a .GIF or .PNG file that is as small as 1x1 pixels, which is inserted into the header, footer or body of an email.

Since they often show the colour of the content below, they can be impossible to spot with the naked eye even if you know where to look.

Recipients do not need to click on a link or do anything to activate them beyond open an email they are embedded in.

British Airways, TalkTalk, Vodafone, Sainsbury's, Tesco, HSBC, Marks & Spencer, Asos and Unilever are among UK brands Hey detected to be using them.

But their use was much more widespread despite many members of the public being unaware of it, said Mr Hansson.

"It's not like there's a flag saying 'this email includes a spy pixel' in most email software," he added.

Hey does offer such a facility, but users must pay an annual subscription.

Hey alerts its customers to the use of pixel trackers and automatically blocks them

Alternatively, users can install free plug-ins into other email programs to strip out many pixel trackers. Other options are to simply set their software to block all images by default, or to view emails as plain text.

"On average, every Hey customer receives 24 emails per day that attempt to spy on them," Mr Hansson said.

"The top 10% of users receive more than 50.

"We're processing over one million emails a day and we're just a tiny service compared to the likes of Gmail, but that's north of 600,000 spying attempts blocked every day."

The BBC also uses email pixels in some of its communications, although this was not picked up by Hey.

Follow-up phone calls


Tracking pixels are a standard feature of automated email services used by large and small businesses, and in many cases the facility is difficult to turn off.

Two years ago Superhuman, a consumer-focused email client, tried to extend their use to the public as a default feature of its own, but reversed course after a public outcry.

That had little impact on the marketing industry's continued reliance on the tech.

Clients can use them to track how many emails in a specific campaign are opened in aggregate, as well as to automatically stop sending messages to customers who ignore them.

But a study by Princeton University also indicated the data gathered was sometimes linked to a users' cookies. This allows an individual's email address to be tied to their wider browsing habits, even as they move from one device to another.

"The resulting links between identities and web history profiles belie the claim of 'anonymous' web tracking," the paper warned.

In addition, trackers can also lead to personalised follow-ups.

Danish technologist David Heinemeier Hansson co-created the premium email service Hey in 2020

"Particularly with salespeople or consultants, they can go: 'I saw you open my email yesterday, but you haven't replied yet. Can I call?'" said Mr Hansson.

"And in some cases they get outright belligerent when they see you've opened it three times but have still not replied."

Privacy laws


Use of tracking pixels is governed in the UK and other parts of Europe by 2003's Privacy and Electronic Communications Regulations (Pecr) and 2016's General Data Protection Regulation (GDPR).

They require organisations to inform recipients of the pixels, and in most cases to obtain consent.

One privacy consultant said the Court of Justice of the European Union (CJEU) had previously ruled that such consent must be "unambiguous" and "a clear affirmative act".

"Solely placing something in a privacy notice is not consent, and it is hardly transparent," said Pat Walshe from Privacy Matters.

"The fact that tracking will take place and what that involves should be put in the user's face and involve them opting in.

"The law is clear enough, what we need is regulatory enforcement. Just because this practice is widespread doesn't mean it's correct and acceptable."

Mr Walshe noted that the ICO had used a pixel within its own e-newsletter.

The ICO tells users their interactions with its newsletter will be tracked on the sign-up form

The watchdog told the BBC it was used to track email openings, but not users' locations, adding: "We're working with our provider to remove the pixel functionality and this should be completed soon."

The BBC asked some of the companies identified by Hey for their own response.

British Airways said: "We take customer data extremely seriously, and use a cross-industry standard approach that allows us to understand how effective our customer communications are."

TalkTalk said: "As is common across our industry and others, we track the performance of different types of communications to understand what our customers prefer. We do not share this data externally."

Newsletter

Related Articles

Beautiful Virgin Islands
0:00
0:00
Close
Airlines Evaluate Flight Cancellations Amid Escalating US-Iran Tensions
Starmer Invites Innovators to Join Government Talent Scheme
UK Economy’s Strong Opening Quarter Shows Signs of Cooling
Harrods Seeks Court Order to Secure Al Fayed Estate for Victims
BA and Singapore Airlines Cancel Dubai Flights Amid Middle East Tensions
Trump Faces Backlash from MAGA Base Over Iran Strikes
Meta Bets $14 B on Alexandr Wang to Drive AI Ambitions
WATCH: Israeli forces show the aftermath of a massive airstrike at Iran's Isfahan nuclear site
FedEx Founder Fred Smith, ‘Heart and Soul’ of the Company, Dies at 80
Chinese Factories Shift Away from U.S. Amid Trump‑Era Tariffs
Pimco Seizes Opportunity in Japan’s Dislocated Bond Market
Labubu Doll Drives Pop Mart to Status as China’s Most Valuable Toy Maker
Global Coal Demand Defies Paris Accord Goals
We have new information and breaking details to share about what is shaping up to be a historic air campaign tonight
Six Massive Bombs Dropped on Fordow; Trump: 'A Historic Moment for the U.S., Israel, and the World'
Fordow: Deeply Buried Iranian Enrichment Site in U.S.–Israel Crosshairs
United States Conducts Precision Strikes on Iran’s Nuclear Sites
US strikes Iran nuclear sites, Trump says
Pakistan to nominate Trump for Nobel Peace Prize.
BBC Demands Perplexity AI Immediately Stop Using Its Content
Telegram Founder: I Will Leave My Fortune to Over 100 of My Children
Political Turmoil Resurfaces in Belgium Amid Economic Concerns
Fed policymakers divided on timing of interest rate cuts
Trump signals imminent agreement with Harvard University
Inheritance tax referendum alarms Swiss billionaire community
Japan cancels bilateral security meeting amid US defence demands
AI skeptic Emily Bender warns that ‘the emperor has no clothes’
Israel Confirms Assassination of Quds Force Commander in Tehran
16 Billion Login Credentials Leaked in Unprecedented Cybersecurity Breach
Senate hearing on who was 'really running' Biden White House kicks off
Iranian Military Officers Reportedly Seek Contact with Reza Pahlavi, Signal Intent to Defect
FBI and Senate Investigate Allegations of Chinese Plot to Influence the 2020 Election in Biden’s Favor Using Fake U.S. Driver’s Licenses
Vietnam Emerges as Luxury Yacht Destination for Ultra‑Rich
Plans to Sell Dutch Embassy in Bangkok Face Local Opposition
China's Iranian Oil Imports Face Disruption Amid Escalating Middle East Tensions
Trump's $5 Million 'Trump Card' Visa Program Draws Nearly 70,000 Applicants
DGCA Finds No Major Safety Concerns in Air India's Boeing 787 Fleet
Airlines Reroute Flights Amid Expanding Middle East Conflict Zones
Elon Musk's xAI Seeks $9.3 Billion in Funding Amid AI Expansion
Trump Demands Iran's Unconditional Surrender Amid Escalating Conflict
Israeli Airstrike Targets Iranian State TV in Central Tehran
President Trump is leaving the G7 summit early and has ordered the National Security Council to the Situation Room
Taiwan Imposes Export Ban on Chips to Huawei and SMIC
Israel has just announced plans to strike Tehran again, and in response, Trump has urged people to evacuate
Netanyahu Signals Potential Regime Change in Iran
Juncker Criticizes EU Inaction on Trump Tariffs
EU Proposes Ban on New Russian Gas Contracts
Analysts Warn Iran May Resort to Unconventional Warfare
Iranian Regime Faces Existential Threat Amid Conflict
Energy Infrastructure Becomes War Zone in Middle East
×