Secure email provider ProtonMail launched a new protective feature called Tracking Protection recently. The feature aims to protect users of the service better against tracking attempts.
ProtonMail users who use the web interface of the service will notice that Tracking Protection is enabled by default for their accounts. Tracking Protection blocks tracking pixels and hides a user’s IP address in the default configuration.
Companies and individuals may add tracking components to emails. Tracking pixels are a common form. A small pixel image is added to the email, and it is loaded when the email is opened. The server the image is loaded from gets information such as the location and IP address of the user and date/time information from the request.
ProtonMail removes tracking pixels from emails automatically. Users are informed about this in the interface. Check the right side of the email header; ProtonMail displays a number there that indicates the number of trackers that it blocked in that email.
A click on the icon in the email header on ProtonMail displays information about the trackers that the service blocked. Each tracker is listed with its full address and grouped by domain name.
Tracking Protection changes how remote images are downloaded in emails. The default behavior uses a proxy with a generic IP address to download remote images; this is done to protect the IP address of the user.
Google’s Gmail service has a similar feature. Remote images are downloaded by Google servers and not by the user when emails are opened. The feature protects the user’s email address, but it has a downside for some users. Gmail displays the remote content automatically in the email, which means that unwanted content may be displayed automatically.
ProtonMail blocks remote content from being loaded automatically by default, but there is an option to switch the behavior to automatic.
ProtonMail users may configure the two protective features in the following way:
- Go to Settings > Go to Settings > ProtonMail > Email Privacy
- Toggle “Ask before loading remote content” and “block email tracking”.
The first option blocks remote content from being loaded automatically by the company’s proxy. Users who want content to be displayed automatically need to toggle “Ask before loading remote content” to off to do so. Note that the setting applies to the web interface and the mobile apps. If you turn it off, remote content is loaded automatically in the web version and in the mobile apps.
You can read more about the new privacy features here.
Now You: how do you handle remote content in emails?