John Gruber, writing at DaringFireball:
In my piece yesterday about email tracking images (“spy pixels” or “spy trackers”), I complained about the fact that Apple – a company that rightfully prides itself for its numerous features protecting user privacy – offers no built-in defenses for email tracking. A slew of readers wrote to argue that Apple Mail does offer such a feature: the option not to load any remote resources at all. It’s a setting for Mail on both Mac and iOS, and I know about it – I’ve had it enabled for years. But this is a throwing-the-baby-out-with-bath-water approach. What Hey offers – by default – is the ability to load regular images automatically, so your messages look “right”, but block all known images from tracking sources (which are generally 1 x 1 px invisible GIFs).
Typical users are never going to enable Mail’s option not to load remote content. It renders nearly all marketing messages and newsletters as weird-looking at best, unreadable at worst. And when you get a message whose images you do want to see, when you tell Mail to load them, it loads all of them – including trackers. Apple Mail has no knowledge of spy trackers at all, just an all-or-nothing ability to turn off all remote images and load them manually. Mail’s “Load remote content in messages” option is a great solution to bandwidth problems – remember to turn it on the next time you’re using Wi-Fi on an airplane, for example. It’s a terrible solution to tracking. No one would call it a good solution to tracking if Safari’s only defense were an option not to load any images at all until you manually click a button in each tab to load them all. But that’s exactly what Apple offers with Mail. “Don’t get me started on how predictable this entire privacy disaster was, once we lost the war over whether email messages should be plain text only or could contain embedded HTML. Effectively all email clients are web browsers now, yet don’t have any of the privacy protection features actual browsers do,” he adds.