Email Required (digital exclusion of people without email) @lemmy.sdf.org evenwicht @lemmy.sdf.org 13h ago

Bank froze my account because I do not trigger the tracker pixels in their email? Not sure what’s going on…

Got an email from a bank saying my account has been put in a restricted state because they have been unable to reach me. Their emails reach me fine. They rarely send paper mail but when they do I can see that they have the correct address on file.

Then I looked closer at their email, examined the HTML, and found that they insert a tracker pixel in their messages. So if I were to use a graphical mail client with default configs, they would surreptitiously get a signal telling them my IP (thus whereabouts) and time of day every time I open my email from them. I use a text client so the tracker pixels get ignored.

Would a bank conclude from lack of tracker pixels signals that they are not reaching a customer, and then lock down their account?

I’m not going to call them and ask.. fuck them for interrupting my day and making me dance. I don’t lick boots like that. I just wonder if anyone else who does not trigger tracker pixels has encountered this situation.

16 comments

You are overthinking this.
Apple’s mail client messes with tracking pixels and has for a few years now, but I have never seen had an issue from that. But I only use a handful of financial institutions so it might not be representative.

In Apple’s implementation, the tracking pixels are all fetched at the server level so every tracking pixels fires as soon as the email hits the server regardless of whether I ever open the email. This is a different take on breaking the tracking than what you are doing, so it might result in a different outcome.
I never even open emails from my credit union, the few I get.

Change banks. Move to a credit union.

I save $500/year in fees because I have multiple accounts and banks change for that.

My credit union doesn't care. Everything works the same, still have an app if I want, can do balance checks and transfers via text (and if I'm Sim-jacked, that's disabled, I've tested it).

If they see unusual transactions I'll get a text and a phone call. I then call the number I have (not the one they give me) or login via the website (which uses 2 verification mechanisms).
Fuck all that noise. I would be switching banks as soon as I feasibly could. Because fuck no.
If there's actually a problem with your account, and you ignore it, the only thing you're accomplishing is putting any money you have in that account at risk. Why are you so bothered by your bank sending you an email using extremely common informatics technology, especially after you already planned for this and literally aren't sending them any of the data you're concerned about? Try calling them
- Yeah I’ll have to deal with it at some point one way or another. I’m sure I will close the account at the first opportunity but it’s impossible to find a non-shitty bank or CU. It’s not something I can do at the drop of a hat. It seems not a single bank or CU targets the market of consumers who have some self-respect and a bit of street wisdom.
  
  Why are you so bothered by your bank sending you an email using extremely common informatics technology,
  
  I don’t give a shit how popular tracker pixels are. It doesn’t justify them being in my comms, so I have a duty to not trigger them and I’m happy to treat pushers of these trackers as adversaries and threat actors. They are being dishonest and sneaky. The honest thing to do is to follow the RFC on return receipts, which is transparent and gives the customer appropriate control over their own disclosures.
  
  especially after you already planned for this and literally aren’t sending them any of the data you’re concerned about?
  
  I use a text mail client for other reasons but incidentally it’s good for avoiding tracker pixels. Actually I have to check on something.. I not 100% that spamassassin does not trigger tracker pixels. SA has some vulns, like the DNS leak vuln. But if SA does not trigger the tracker pixels, then indeed I’m secure enough.
There are so many ways these trackers can break and they are almost always anonymised as aggregate metadata anyway by the tracking service

It is far more likely that they have been trying to call you or have expected some kind of response to the mail they are sending but have not received any contact from you in a long time
- Can you explain why they would want to anonymise the tracker pixels? Doesn’t that defeat the purpose?
  
  One simple one is tracking how many people open an email. This is a really useful metric in of itself.
  
  I don't think most do and for sure don't trust them and block them.
  
  But they're also used to judge campaigns. You take a random, small subset of your mailing list, and a/b test by sending half one email and half a different email. The tracking pixels give you a good approximation of which gets more people to read it, and you use that headline for the rest of the list. You can also do the same thing just to generally keep an eye on what types of messages work best, etc.
  
  But fuck them, I'm not giving up privacy I can protect.
Sounds like scam phishing.
- No that’s not it. My address is unique to the bank, full headers & path match up with other mail from them, and the means to reach them back correct (yes I examine every character for imposters using od -c).
  
  You could go to bank and tell them you want no email communications moving forward.
Go get 'em, tiger

16 comments