How Reading an Email Can Compromise Your Privacy

HTML Email and Web Bugs Sniff Out Your Identity

Creative businessman at his workstation
A man reading an e-mail at his desk. Klaus Vedfelt / Getty Images

When you are reading an email message (and nobody is gazing over your shoulders), no one knows what you are doing. Right?

Unfortunately, this could be wrong.

HTML Return Receipts: Web Bugs

The use of HTML in email messages allows for flexible, pretty and useful formatting. You can even include pictures inline in your message easily.

If these inline images are not attached and sent with the email message but kept on a remote web server, your email client has to connect to the server and download them in order to display the pictures.

So, when you open an HTML email with a remote image in it and your email client loads the picture from the server, the sender of the message can find out a number of things about you:

  • The email address the message was sent to — your email address — is working. This could be exploited by spammers, although they rarely care about whether their messages arrive or not.
  • You have opened the message. If the sender can confront you with such evidence, it will be difficult to claim you never got or read an important message. (Of course, you can argue that what they did invaded your privacy. This will do nothing to negate the fact, though.)
  • Your current IP address. Your IP address can reveal your physical location, and it is a valuable asset to know for malicious attacks.

Distressing, is it not? Before you never open an email again, take a look at the counter-measures you can take, though. They are usually simple and effective (you cannot be forced into revealing your identity). You do not even have to forgo the comfort of pretty HTML emails (including images).

Remote images are a subtle form of privacy infringement and thus not easy to avoid, but there are ways to protect your email privacy.

Go Offline

The most radical approach is also the most reliable. If you are offline while you read your email, your email client might try to fetch the revealing images, but without success. And if no images are requested from the server, there is no log of you reading the message.

Unfortunately, this approach is rather inconvenient and not always feasible (in a corporate environment for example, or at school).

Use a Non-HTML-Capable Email Client

Just as radical and probably carrying even more inconvenience is it to say  goodbye to your HTML-enabled email client.

If your email client can only display text, it won't even get the idea of requesting an image from some remote server (what's an image?).

Today's best email clients all support HTML, though. But you can still protect your privacy.

Configure Your Email Client for Privacy

Even if you do not want to go offline every time your read mail and do not want to switch to Pine, there are some things you can do and settings you can tweak to configure your email client of choice for maximum privacy: