EFF: “There are a lot of different ways to track email, and different techniques can lie anywhere on the spectrum from marginally acceptable to atrocious. Responsible tracking should aggregate a minimal amount of anonymous data, similar to page hits: enough to let the sender get a sense of how well their campaign is doing without invading users’ privacy. Email tracking should always be disclosed up-front, and users should have a clear and easy way to opt out if they choose to. Lastly, organizations that track should minimize and delete user data as soon as possible according to an easy-to-understand data retention and privacy policy.

Unfortunately, that’s often not how it happens. Many senders, including the U.S. government, do email tracking clumsily. Bad email tracking is ubiquitous, secretive, pervasive, and leaky. It can expose sensitive information to third parties and sometimes even others on your network. According to a comprehensive study from 2017, 70% of mailing list emails contain tracking resources. To make matters worse, around 30% of mailing list emails also leak your email address to third party trackers when you open them. And although it wasn’t mentioned in the paper, a quick survey we did of the same email dataset they used reveals that around 80% of these links were over insecure, unencrypted HTTP.

In addition, several of these third-party email tracking technologies will try to share and correlate your email address across different emails that you open, and even across different websites that you visit, further shaping your invisible online profile. And since people often access their email from different devices, email address leaks allow trackers (and often network observers) to correlate your identity across devices.

It doesn’t have to be that way. For users, there are usually ways to “opt out” of tracking within your email client of choice. For mail client developers, including a few simple features can help protect your users’ privacy by default. And if you’re at an organization that does perform tracking, you can take a proactive approach to respecting user privacy and consent. Here are some friendly suggestions to help make tracking less pervasive, less creepy, and less leaky…”