Vous êtes régulièrement épié lorsque vous consultez votre boîte mail : deux tiers des emails contiennent un pixel espion. C'est la conclusion choc d'une étude du service Hey commandée par la BBC. Un pixel espion, c'est une méthode permettant à l'expéditeur (ou à un tiers) de voir si son email a été ouvert, et si oui combien de fois, avec quel appareil et à quel emplacement géographique grâce à l'adresse IP.
This information is often used as part of marketing campaigns, in order to judge their effectiveness.In this case, the data is aggregated, but the data collected thanks to the spy pixels can also be used to supply individual advertising profiles.
A spy pixel, also called invisible pixel, takes the form of a tiny image of 1 x 1 pixel inserted in the body of the email.When the email is open, this image is loaded and goes back to the servers the information described above.
The phenomenon is nothing new;In 2015, we already published an article explaining how to identify these curious emails and avoid the flight of its data.What is more surprising is that the protections have hardly evolved since.
We think of Apple, in particular, which however regularly takes measures to improve the confidentiality of its customers.In six years, the protection of privacy has been considerably strengthened in Safari.Same thing on the App Store, with the entry into force of the advertising follow -up very soon.But in email, nothing new.
Mail n'est pas dépourvu de protection contre les pixels espions, seulement c'est une option loin d'être optimale. Dans Préférences > Présentation, il faut décocher la case Charger le contenu distant des messages, ce qui a pour effet de ne plus charger l'intégralité des images stockées sur des serveurs distants. Or, bon nombre de courriels comprennent des images légitimes chargées à distance, ce qui fait que l'on se retrouve avec des messages au mieux incomplets et au pire complètement vides.
Consequently, Mail gives the possibility of loading the remote content for each individual email, but it is not ideal, because it is therefore necessary to repeat the operation for each assigned message and the invisible pixel is loaded as the rest of the content.There is clearly material to improve this.
Some third -party mail customers, such as Airmail, have a dedicated option to block spy pixels exclusively.This is also the case of the Hey email service (which therefore takes advantage of the study to do a little ad), which specifies that in average each of its users receives daily 24 emails containing an invisible pixel - and this, not counting the spam.
But for email, then?There is MailTerckerblocker, a fairly recent plug-in that blocks spy pixels and only them.This plug-in (which requires MacOS 10.11 El Capitan at least) free and open source blocks to around fifty advertisers and specialized services without preventing the loading of other images.When MailTerckerblocker blocks a spy pixel, he signals it in the header by a small blue cross.
Another method for blocking tracking within email is to do so at a higher level, for example by controlling network requests on its Mac thanks to Little Snitch, or even at the DNS level with a Pi-Hole or the NextDNS service.Solutions therefore exist for email, but it is amazing that Apple has not yet been harnessed there.