I thought Gmail's solution to this was to always download every image in your email and then proxy the image from their own servers when you view it. This results in a meaningless 100% "open rate" for Gmail and does not reveal an end-user's IP address.

While you're mostly correct, they do not automatically download every image, it only initiates the download when you go to read the email. So they're still letting the sender know when you read the email, but yes they are masking the IP by using their own servers to download it. This can still be disabled if you use the setting to not download images, which is frustratingly unavailable in the gmail for ios app.

Ah, okay. I keep meaning to test this out myself. It's unfortunate that Gmail doesn't mask opens entirely.

This is correct: https://gmail.googleblog.com/2013/12/images-now-showing.html

> This is correct: https://gmail.googleblog.com/2013/12/images-now-showing.html

No, it's wrong. The first time you open the email, the image is retrieved. It's only subsequent views that are cached. So the sender can still see when you read the email; they just can't see how many times you read it afterwards.

Not quite, the sender still doesn't get location and your browser fingerprint. The receipt of email is still received though.

> Not quite, the sender still doesn't get location and your browser fingerprint.

Yes, but the key question was about the open rate.

The statement:

> I thought Gmail's solution to this was to always download every image in your email and then proxy the image from their own servers when you view it. This results in a meaningless 100% "open rate" for Gmail

is incorrect because

a) GMail does not always download every image in your email

b) GMail does not have a 100% open rate.

You are right, but do not trust in Gmail, because they like to store your data on their servers!

Because some idiot thought it was a good idea a long time ago and if they turned it off now there would be a widespread user backlash complaining that every non-human written email they receive is just "blank squares with a click to load button".

They don't necessarily. Thunderbird lately makes me opt-in, or whitelist a particular address if I want. I haven't dug in to ensure that it's 100% rigidly shielded from all possible info leaks (e.g., "blocks img and script but still loads bgsound tags", which is an example of something I've seen before), but it's definitely at least trying to not load by default.

Because more and more emails are HTML and not text and loading the images is critical to make the emails actually readable.

That's mostly true for marketing emails which nobody wants to receive anyways.

And product emails - receipts, product updates that affect you, account status changes, passwords, etc.

Citation needed. Most of these, even if they include images, at least have a text version of the same content in the email because it's actually important for the sender that you can read them regardless of computing environment.

I use mutt, and AFAIK I've never missed anything due to it being in rendered into an image instead of included textually in the email. The images are useless static content, not real information rasterized on demand. Sometimes I do get HTML-only emails, but it's usually not hard to find the important stuff, if there is any, among the tags.

It’s not very hard to configure (neo)Mutt to display html only emails with w3m in the terminal. Makes it even easier to parse/read them

w3m will still fetch external assets, including tracking pixels. You have to use something like socksify to basically cut off network access for w3m.

Apparently big players like Google can preload and cache for others, somewhat mitigating img tracking/attacks.

Maybe clients could use Tor to limit the damage when img are needed but not necessarily trusted.

How would caching work if it is a (uniquely) _tracking_ pixel?

They cache the image when the email is received, not when it is opened.

Which would break tracking because open-rate would be 100% even if the user is on vacation.

Desktop email clients I know don’t load images by default, neither does gmail (well it does but it’s proxified) so this is quite literally not an issue

Does a proxy really help if the url is parametrized? Even if they do some param stripping a wildcard subdomain can easily get around that.

A proxy helps not to expose your IP and user agent which is good enough in most cases.

Not all of them do. Check out FairEmail on Android. It actually shows you the tracking pixels it doesn't load