[HN Gopher] Will Apple Mail threaten the newsletter boom?
___________________________________________________________________
Will Apple Mail threaten the newsletter boom?
Author : danso
Score : 78 points
Date : 2021-06-09 14:25 UTC (1 days ago)
(HTM) web link (www.platformer.news)
(TXT) w3m dump (www.platformer.news)
| kergonath wrote:
| I doubt it. However, it might help reining in advertisers and
| close a gaping leak of private information that is quite
| difficult for a random user to plug. I wish, anyway.
|
| We don't owe advertisers a viable business. If their business
| plan depends on them sucking in private information without my
| consent, well, fuck them.
| 9wzYQbTYsAIc wrote:
| I think you may be mixing things up between advertising and
| marketing. Marketing is where things like newsletter click
| engagement tracking happens.
|
| Usually you are dealing with the actual company sending the
| newsletter, at that point, and not the advertising industry.
|
| Better to think of marketing engagement tracking through these
| dark patterns as being a form of forcibly getting you to fill
| out a comment card at a restaurant than to think of it as
| having anything to do with advertising.
| ljm wrote:
| You know, I had some beef with the word 'engaged' a few years
| ago, especially because I worked for a startup that cared about
| happiness instead (an active question rather than passive
| inference). In that context, we realised it was ridiculous to ask
| if you were engaged with your job, we wanted to know if you were
| _happy_ and so we asked the questions instead of trying to
| secretly gather the data by spying on your activity.
|
| Now I downright hate it. What does 'engaged' even fucking mean?
| One definition is that you're 'locked', so your attention is
| locked with them and not someone else. A public toilet cubicle
| will say 'engaged' when someone is in it.
|
| For an email newsletter, you can see how well it's doing both by
| the number of subscribers on the list, and also by how many
| people click through and read the full article on your site. No
| tracking involved, you just send out an email and look at your
| logs for an uptick in traffic.
| 9wzYQbTYsAIc wrote:
| Click through detection requires inclusion of at least a
| newsletter id in a query parameter, or something along those
| lines, for the links provided within the newsletter. Without
| that, there's not enough specificity to get anything other than
| a rough idea of how many people might have clicked the link
| right after you sent the email.
| ljm wrote:
| You can make a case for it not being tracking if it's not a
| link masked behind 2 or 3 redirects through ad or link
| tracking services.
|
| You can just have a link that you could log and rewrite in
| nginx/apache/caddy -> https://mysite.com/mailer/thepost -->
| https://mysite.com/thepost
|
| Or just forget about all of that and just _ask_ people and
| make your decisions on that instead of extrapolating meaning
| through espionage.
| loloquwowndueo wrote:
| Guess since I never click on those annoying "subscribe to our
| newsletter" pop ups, I missed out on the whole "newsletter boom"
| - but really if the whole complaint is about how they will no
| longer be able to track my behaviour so closely, I'm not too
| concerned about the "boom" becoming a bust.
| theshrike79 wrote:
| I never understood the idea of newsletters.
|
| If you have the material for one, why not just put it up as a
| website? Provide people with RSS feeds? Maybe link the posts to
| FB/Instagram/TikTok whatever.
|
| Why do I need to get that stuff as an email?
| dqv wrote:
| Some newsletters are purely informational. I like to update
| my customers on upcoming holidays because it affects how we
| do business. I also like to update them to remind them of
| where they can get our W-9 form for tax filing. They're not
| really the type to use RSS or check the website.
| frankydp wrote:
| Just to add a alternative voice.
|
| Open rates are an important metric for ESPs to track bad actors
| on their platforms. If this implementation is a 100% preload
| those metrics then have no value.
|
| IP anonymized pixel loads are a good compromise.
|
| But, 100% preloads would actually make email list management best
| practices harder to implement. Specifically unsubing subscribers
| that do not open over a time period. Which many ESPs do in the
| backend to maintain list quality and minimize spam complaints.
| Some level of engagement feedback at the subscriber level does
| have value in the spam/unwanted email workflow.
|
| Assuming you have a preexisting relationship with a business, it
| is not crazy on the privacy side of things to have an engagement
| feedback loop.
|
| Assuming you are dealing with a spammer/list buyer ip
| anonymization provides an appropriate level of privacy, and any
| additional protection should be expected by the email provider
| not delivering the mail.
| tekacs wrote:
| > Given Apple's monopoly advantage with their preinstalled Mail
| app, we don't need much of an uptake from what they're calling
| Mail Privacy Protection to break the dam on spy pixels. You can't
| really say anything authoritatively about open rates if
| 5-10-30-50% of your recipients are protected against snooping, as
| you won't know whether that's why your spy pixel isn't tripping,
| or it's because they're just not opening your email.
|
| This doesn't seem true -- I imagine that most tracking providers
| will start to simply ignore all link opens from Apple's proxy (I
| assume they'll be using Apple's IP ranges or otherwise be
| 'detectable').
|
| DHH doesn't seem to recognize that Apple opens the link
| irrespective (the spy pixel will /always/ trip, not /never/
| trip), so it should even be really easy to figure out which users
| are using Apple Mail.
|
| That being the case, folks will only lack open data for Apple
| customers, without polluting the rest of the dataset.
| Vomzor wrote:
| I've been toying with the idea of starting a newsletter. How can
| I measure the opening rate without tracking pixels?
| criddell wrote:
| I think articles like this one are being a little dishonest. They
| can still put all the ads they want in newsletters. What they
| can't do (at least not like they used to do) is spy on their
| readers without consent.
| smoldesu wrote:
| I find it pretty ironic that Apple also seems to be one of the
| largest buyers of targeted ads. When the M1 iMac released, I
| couldn't visit a single website without their grating "Colors" ad
| puttering along on the side. If Apple considers privacy a human
| right, can they at treat me like a human too?
| rickdeckard wrote:
| Not popular here, but Apple might only be against targeted Ads
| if its done without Apple's participation.
|
| The general assumption of many people seems to be that Apple is
| taking effort to make their user Anonymous. But quite clearly
| it can not be in their interest to make them Anonymous _to
| Apple_.
|
| To be quite blunt: If Apple's strategy serves them right, their
| future user should be free to choose in all areas of his life
| from the options Apple curated for him.
| tyingq wrote:
| This doesn't prevent creating unique names for the same image and
| sending a unique name per email. Apple's new approach hides the
| IP, but Gmail already does that[1], and they have more email
| market share, don't they?
|
| [1] https://gmail.googleblog.com/2013/12/images-now-showing.html
| macintux wrote:
| Apple will apparently always retrieve the images independently
| of the user's actions, so the metrics become worthless.
| [deleted]
| tyingq wrote:
| It's not specifically mentioned in the article I linked, but
| Gmail does this, and has for years.
| [deleted]
| villasv wrote:
| TL;DR: No
|
| Needle in the haystack:
|
| > But after conversations with newsletter writers and media
| executives today, I'm not sure that people doing email-based
| journalism have all that much to worry about from the shift.
| midasuni wrote:
| I'm confused. When I open a mail in iOS, I get a banner saying
| "this message contains unloaded images"
|
| I thought the only ones loaded were ones embedded as an
| attachment. Is that not the case?
| floatingatoll wrote:
| Your interpretation of the current mail client behavior is
| accurate.
|
| In the upcoming mail client changes, the mail client will be
| able to background-load those "unloaded images" through a proxy
| at Apple.
|
| We don't _yet_ know how that new behavior will intersect with
| the "don't load images until i permit it" behavior that you
| have enabled today, but presumably they can coexist peacefully
| as two options (that I'll be expecting and checking for, later
| on in the beta cycles):
|
| "Background-load images when new mail arrives" Y/N
|
| "Use Apple's privacy protecting proxy to load images" Y/N
| symfoniq wrote:
| You're not wrong. Not loading images will block tracking pixels
| completely. Apple is just adding a way to send less PII while
| still loading images.
| midasuni wrote:
| I rarely want images on my mails. Won't this method show that
| I access my mail on an Apple device - this leaking
| information that might not be leaked otherwise?
| symfoniq wrote:
| Leaked to who, though? If you use this feature, then sure,
| Apple will know that you're using an Apple device.
|
| But the purpose of the proxy is to shield the end-user's IP
| address, and probably their user agent, too. Some email
| providers already do this. If you load an image from a
| Yahoo mailbox, for example, the reported user agent is
| "YahooMailProxy; https://help.yahoo.com/kb/yahoo-mail-
| proxy-SLN28749.html".
| midasuni wrote:
| Send a mail to bob@bob.com with an image of
| eztrack.com/bob123.jpg
|
| If it's loaded from an Apple ip you know Bob has an Apple
| device.
| toxik wrote:
| Difficult to feel pity for business models built on abusing HTML
| capabilities to track email viewing.
|
| I don't load remote images by default, so this already doesn't
| work for me. However, basically every mail platform creates
| tailored links to track click engagement. So you're screwed
| anyway, just maybe a little later.
| techsupporter wrote:
| > However, basically every mail platform creates tailored links
| to track click engagement.
|
| Yep, even financial institutions do this and half of _them_
| don't even use domains they own for the tracking links.
|
| Years and years of "don't click on suspicious links" out the
| window because bank.example.com/creditcard is turned into
| 4828fjfneo848.totallyfine.adtracker.thirdparty.example.org
|
| I hate all of it but nobody seems to give a shit (nor do they
| care to implement proper 2FA to effectively guard against
| phishing) so whatever. If people have their accounts drained
| because marketers gotta get that sweet engagement metric, what
| does it matter any more?
| kergonath wrote:
| > I hate all of it but nobody seems to give a shit
|
| I hope this will change. More companies need to make some
| noise about it.
| lttlrck wrote:
| A pet peeve is unsubscribe links are frequently on an obscure
| domain that has found it's way onto Adblock lists.
|
| That's got be by design.
| wlesieutre wrote:
| If something makes itself difficult to unsubscribe you
| could always feed it to the spam filter
| ssharp wrote:
| It's not uncommon for the unsubscribe links to live on the
| same domain as the link tracking and other features of
| whatever email or marketing automation platform they are
| on, so if those are blocked to prevent tracking, the
| unsubscribe links would be as well.
| hsbauauvhabzb wrote:
| MFA won't protect against phishing.
| techsupporter wrote:
| The MFA we commonly use _right now_ won 't protect against
| phishing because, as I suspect you mean, the codes are not
| protected against being entered into the "wrong" site.
|
| Proper MFA, like U2F/FIDO2/whatever-it-is-called-today,
| will protect against phishing because the visited site
| won't match the hash needed to complete the second-factor-
| auth-flow.
| gleenn wrote:
| Yes it does, maybe not directly. Two examples, both
| 1Password and my Yubikey only autofill passwords based on
| the domain. I immediately get a tingle when I go to
| autocomplete a commonly visited website and it doesn't fill
| ... time to immediately inspect the URL for phishing etc.
| Those tools have definitely saved me multiple times.
| jonplackett wrote:
| Why can't apple just allow some kind of pixel that doesn't
| reveal user identity, or strip user identity from what's
| already being used.
|
| I don't really mind someone knowing I opened an email, just
| like I'm fine with a website knowing I visited (say using
| plausible.io rather than google analytics). I get that that's
| useful to them for non-nefarious reasons.
| gnicholas wrote:
| Apple can't strip identity from the existing trackers because
| there's not a separate and distinct part of the tracker that
| encodes the user identity. It's integral to the tracker
| itself, which makes this an all-or-nothing proposition.
| jonplackett wrote:
| I guessed it would just be some url variables on the end of
| each image, is that not how it works?
| pavel_lishin wrote:
| Sure. But if you strip those out, then the pixel itself
| no longer has any value to anyone.
| nickfromseattle wrote:
| Delivery rates, AKA staying out of spam and getting into the
| inbox are correlated to subscriber engagement on your emails.
|
| The more often subscribers open + click a link, the more likely
| the mail server will let it in the inbox.
|
| If you blast 10,000 emails, and noone clicks or engages with
| your email - you'll kill your domain's delivery rate.
|
| One of the methods email marketers use to keep their email
| delivery rates high is by removing subscribers that don't
| engage with their email.
|
| Preventing email tracking prevents marketers from removing
| uninterested or unengaged subscribers from their lists.
| bjustin wrote:
| Clicking links doesn't sound like the sort of thing that
| email servers would know about one way or the other. Likewise
| for engaging (or not) with emails at all. What setup do you
| have in mind where this is the case?
|
| Given that AFAIK Apple Mail downloads entire messages
| regardless of whether they're opened, Apple's change here
| doesn't seem likely to affect delivery rates in this way
| anyway.
| Nullabillity wrote:
| > Likewise for engaging (or not) with emails at all. What
| setup do you have in mind where this is the case?
|
| If you use IMAP (or basically anything else than POP) then
| your email client reports the read status back to the
| server.
| giantrobot wrote:
| Your IMAP server doesn't report read status back to the
| sender. Unless your e-mail provider _is_ an advertiser
| *cough* Google *cough* the advertiser doesn 't know if
| you read a message just because the IMAP server marked it
| as read.
|
| Also an IMAP server's read status doesn't mean someone
| manually interacted with an e-mail. If you mark messages
| as read in bulk, even if the provider reported that
| status to an advertiser, says nothing about engagement.
| toxik wrote:
| This could be done without duping the receiver's email client
| into revealing that the email has been viewed.
| hermanradtke wrote:
| > One of the methods email marketers use to keep their email
| delivery rates high is by removing subscribers that don't
| engage with their email.
|
| Email marketers can still track when a user clicks a link,
| which is the proper signal for them to be using anyways.
| seumars wrote:
| Every privacy-focused push by Apple - or anyone, really - forces
| publishers to find less invasive methods for engaging with their
| audience, without having to rely on skewed data and grotesque
| tracking. How could that be bad for journalism? We got rid of
| blinking text and popup ads for a reason, and this is just the
| next step.
| jldugger wrote:
| > How could that be bad for journalism?
|
| I don't know about journalism per se, but for journalists, they
| presumably arrived at the status quo as the profit maximizing
| option, and removing it will, to varying degrees, impoverish
| them.
| FabHK wrote:
| That is a sensible first hypothesis, but it rests on many
| assumptions, in particular that the market doesn't have any
| prisoner-dilemma/tragedy of the commons aspects to it.
|
| It is quite conceivable, for example, that every single
| journalist is better off if they make click-bait listicles
| instead of investigative journalism, but the profession as a
| whole suffers.
| layble wrote:
| Exactly the opposite actually.
| midasuni wrote:
| Please elaborate
| throwaway3699 wrote:
| It forces publishers into closed gardens. I am willing to
| bet Apple's work here will have the same effect that
| advertising did on RSS, which is that newsletters will turn
| into truncated notifications designed to bring you to a
| website where they _can_ get the business metrics they
| "think" they need.
|
| I actually think there is a nice middle ground for
| something like a basic view counter, and some open rate
| data to be available in an aggregated, anonymous way.
| rodgerd wrote:
| > "This is another sign that Apple's war against targeted
| advertising isn't just about screwing Facebook," Joshua Benton
| wrote in Nieman Lab. "They're also coming for your Substack."
|
| I mean good? Like you, I struggle to see the downside of this,
| really. Probably the only risk in the bigger picture is the
| degree to which wealthy billionaires fund free lies such as
| Brietbart or the Murdoch papaers, while actual research and
| journalism is pay-for. But the wealthy billionaires are doing
| that anyway, so it's hard to see much change.
| Barrin92 wrote:
| because one possible consequence of this is that it forces
| people to move towards closed platforms like Apple's own if
| they want to effectively advertise and that includes forking
| over substantial amount of money to those platforms.
|
| Which is of course the economic incentive that a company like
| Apple has to introduce these measures, it creates an asymmetry
| where Apple has all kinds of user information, but competitors
| don't.
|
| And if you want to see the effect that declining ad revenue has
| on journalism you can just look at the decline of local
| journalism across the US as revenue shifted from advertisers to
| digital platforms.
| kergonath wrote:
| > it creates an asymmetry where Apple has all kinds of user
| information, but competitors don't
|
| That is true only if Apple competes with them, which is not
| the case at all.
| nickfromseattle wrote:
| It's believed Apple generates ~$2B per year from
| advertising revenue (through Appstore PPC) and that could
| increase to over $10B in 2025. [0]
|
| [0] https://9to5mac.com/2019/11/15/apple-ad-revenue/
| kergonath wrote:
| This is paid keywords in the stores. They don't do
| targeted advertising and are not an ad broker, which are
| the companies whining about being unable to track people.
| smoldesu wrote:
| Fine: call it _Dynamic Advertisement_ if it helps you
| sleep at night, but Apple is still targeting the user
| with an ad that is relevant to the content they 're
| searching for. Furthermore, Apple's policy seems to only
| apply to their own platform: it's estimated that they
| spend hundreds of millions of dollars on AdSense
| marketing campaigns, which are highly targeted and among
| the least respectful ad platforms around. Evidently their
| motto of "privacy is a human right" only applies if they
| deem you "human" enough...
| rickdeckard wrote:
| This asymmetry is already very real, and a quite dominant
| pattern of Apple's strategy is now to build mechanisms to
| protect explicitly their ability to monetize all aspects of
| their _users_, not so much their devices.
|
| These small steps taken under the banner of "preserving the
| users' privacy" are also steps to make sure that all those
| clumsy users don't get offered something without giving
| Apple the opportunity to profit from it first.
|
| And the only disarming response to this so far is "yeah,
| but that's fine for me. I WANT Apple to take control,
| they're the good guys with the cool products!"
| Barrin92 wrote:
| But they do? Apple is literally in the news business, the
| services business (many of which rely on ad revenue to
| compete with Apple's own services), increasingly in the ad
| business itself (revenue is expected to rise to 11 billion
| in 2025, growing quickly)[1], and as I just laid out in the
| post above, has a huge interest in just laying waste to
| independent revenue streams outside of their own channels,
| in the exact same way digital platforms overall benefited
| from laying waste to the small and mid-sized ad-industry.
|
| [1]https://9to5mac.com/2019/11/15/apple-ad-revenue/
| kergonath wrote:
| > Apple is literally in the news business, the services
| business (many of which rely on ad revenue to compete
| with Apple's own services)
|
| They are a news aggregator and distributor, they are a
| customer of media and news agencies. Or a parasite,
| depending on point of view. Still not a competitor. They
| also still don't compete with ad brokers and don't do any
| targeted advertising.
|
| > increasingly in the ad business itself (revenue is
| expected to rise to 11 billion in 2025, growing quickly)
|
| These ads are in the Stores and keyword-based. Which _is_
| distasteful, but not quite the same level. Again, they
| don't distribute ads, and are not in the market for
| targeted advertising. They don't compete with ad
| networks, and if they weren't doing that there would just
| be no ads on the store. Like it was not that long ago.
|
| > in the exact same way digital platforms overall
| benefited from laying waste to the small and mid-sized
| ad-industry.
|
| If the mid-sized ad industry does not rely on tracking,
| blocking invisible pixels in newsletter won't affect it.
| If it does rely on tracking, then it can't die soon
| enough.
| JimBlackwood wrote:
| These features Apple introduce sell well because people
| (including me) want them.
|
| If that means journalists lose revenue, they should look for
| other ways. Using intrusive ads as an excuse for "otherwise
| we don't have money" is just dumb. They're free to think of
| other ways.
|
| The best journalism I've read (ftm.nl, dutch) is a
| subscription service and they don't rely on ads or tracking.
| The sites that do this kind of tracking, in my anecdotal
| experience, produce shitty journalism.
|
| If this is bad for journalism, we'll end up in that crisis
| and figure out a way that doesn't use these methods.
| smoldesu wrote:
| > These features Apple introduce sell well because people
| (including me) want them.
|
| You want the service, you don't necessarily need it from
| Apple though. That's the crux of this entire argument:
| Apple's black-box model is terrible for the industry. Apple
| is opposed to any roads that don't run through taxable
| lands, so it should come as no surprise that they want to
| tear down everything that keeps the web currently working.
| The less functional the internet becomes, the higher
| pressure there is to use native apps: that's likely part of
| why Safari is woefully broken and outdated compared to
| Chrome and Firefox.
|
| > If this is bad for journalism, we'll end up in that
| crisis and figure out a way that doesn't use these methods.
|
| We are already in that crisis. Whenever a paywalled link
| crops up on Hacker News, the first comment is always an
| archived version for the 99% of readers who would otherwise
| be unable to read that. Compared to the past 15 years of
| reporting, that's a direct downgrade. Adding synthetic
| friction to the flow of information never works: games get
| cracked, movies get shared, shows get ripped and music gets
| leaked. It's nothing new, and pretending like it's somehow
| _not_ going to affect the next decade of reporting seems a
| little disingenuous to me.
| grishka wrote:
| Apple doesn't offer an alternative even if you want to pay
| them. It's simply saying "you can no longer do this to our
| users, it's now illegal".
| bjustin wrote:
| In this case and things like ATT, Apple is saying "you can
| no longer do this to our users _unless they agree to it
| first_ ". And they default to asking users. That users are
| the ones making these choices is an important point.
| tshaddox wrote:
| > Which is of course the economic incentive that a company
| like Apple has to introduce these measures, it creates an
| asymmetry where Apple has all kinds of user information, but
| competitors don't.
|
| It's completely fair to speculate that this is Apple's _true_
| goal, but I actually do feel a little bit better about Apple
| doing this than, say, Facebook, or Google. The reason I feel
| a little bit better is that Apple at least still has an
| actual business model where people give them money in
| exchange for a product. I 'm willing to be charitable and
| speculate that at least _some_ of the reason Apple releases
| services like this is that it will cause people to continue
| to buy iPhones (which are wildly profitable).
| amelius wrote:
| I hate advertisers like the next guy, but what I hate even more
| is a company acting as a regulator.
| als0 wrote:
| When will Apple bring back RSS to Mail?
| Hoasi wrote:
| Mail privacy is the right thing to do and implement it will be a
| major improvement!
|
| That doesn't threaten email newsletters that are legitimate and
| of interest to real subscribers. Communication should never rely
| on espionage tactics even for the sake of metrics. Forgo
| monitoring people, customers, or would-be customers, and save a
| ton of time as a result.
|
| Marketing experts will start talking about how two ways
| conversation is the ultimate email strategy that works. Send a
| non-tracked email, let them hit reply. Brands and consumers,
| united in conversation, finally. That is as horizontal as it
| gets.
| graeme wrote:
| Have you ever managed a newsletter? Mail providers such as
| gmail use things like open rates to determine if a message
| should be in important, promotions, or spam.
|
| Also, a sizeable chunk of people refuse to click unsubscribe
| links and instead hit the spam button. This can be a sensible
| response, as a lot of spam senders ignore unsubscribe. But it
| is also hard for legit newsletters.
|
| So what is the best practice? Pruning your list of people who
| never open it. This improves open rates, makes gmail like you,
| and unsubscribes people who already would prefer not to read
| your letter.
|
| Now it will be much harder to know who is inactive so you'll
| end up sending more mail to people who don't want it. And no
| double opt in doesn't solve this.
|
| There are other ways around the problem, but you seem to be in
| complete ignorance of what newsletter senders use tracking for.
|
| Open rates also let you diagnose deliverability issues.
| jedberg wrote:
| Doesn't Gmail and Outlook already anonymize tracking pixels? When
| I heard that announcement what I heard was, "we implemented a
| feature that Gmail and Outlook have had for years!". I don't
| think it will change the landscape all that much.
| stingraycharles wrote:
| They don't anonimize it, they just request it from the backend.
| They still request the exact same URL, so you can carefully
| track email opens on a person-by-person basis, you just cannot
| track IP addresses and/or set tracking cookies or whatnot.
| lstamour wrote:
| Gmail and similar providers proxy all image URLs they receive
| at the time they receive the email, so you can't tell when a
| user later opens the email. That said there might be bugs to
| make your images un-cacheable such that Gmail still loads
| them later, directly or indirectly, when you open an email.
|
| Compare this with Apple Mail which proxies emails from a
| different, presumably non-Google IP address and which does so
| only when an email is downloaded in the background. So while
| you can't track IP address, yes, and you never could set
| cookies that I'm aware of without clicking a link first, this
| means you can still track "downloads" of your email to a
| local client, just not "opens" - and if your Mail app already
| downloaded images when the email was downloaded, then it's
| possible it won't even change that - you might not have been
| tracking opens this whole time... maybe.
| gruez wrote:
| >Gmail and similar providers proxy all image URLs they
| receive at the time they receive the email, so you can't
| tell when a user later opens the email.
|
| I searched around and found some articles that makes the
| same claim[1], but in my own testing that doesn't seem to
| be the case (ie. I had to click on the email before image
| would start loading).
|
| [1] https://sendloop.com/articles/the-effect-of-gmail-
| image-prox...
| jalk wrote:
| I did the same test (although some years ago) and gmail
| didn't request the images until the email was opened.
| Caching the images lazily also means that Google can save
| a ton in network bandwidth / storage for all those emails
| that are never opened (which is probably most emails the
| handle)
| jankeymeulen wrote:
| Will Apple do it differently?
| jedberg wrote:
| Right, exactly the same way Apple Mail will work.
| gruez wrote:
| The wording[1] also suggests they request the images even if
| you haven't opened the email, which obfuscates whether you've
| opened the email or not. With other services like gmail the
| images are only requested when you open the email, so it's
| possible to infer whether you opened the email or not based
| on whether the image was loaded.
|
| [1] https://twitter.com/rjonesy/status/1401993816001978375/ph
| oto...
| webmobdev wrote:
| This is why I find it hard to trust Apple products - if Apple
| funnels the request through their servers Apple also now has
| access to this data. Now, your personal data / metadata is
| available with more people than before. But you are supposed
| to believe this is all to protect you. /s
|
| (And no, I don't trust Apple not to associate this data with
| a user's Apple ID and datamine it in the future - _if your
| country has lax privacy laws Apple will exploit it till the
| law says otherwise_.)
|
| Edit:
|
| Here's another perspective - now, even if I don't use Apple's
| iCloud backup or email services, Apple has found another
| _clever_ way to learn about some of the marketing emails I
| receive. That information is very valuable.
| macintux wrote:
| > if your country has lax privacy laws Apple will exploit
| it till the law says otherwise
|
| Given the wretched state of privacy laws in the U.S. that
| seems an uncharitable position. Apple has far more business
| motivation to treat its customers well in that regard than
| to try to squeeze money out of their data.
|
| Although you'd think they'd have motivation to treat
| developers better than demanding a 30% cut, so there's
| that.
| floatingatoll wrote:
| Typically they have an off switch for things that are
| considered sensitive data, and when they don't they seem
| inclined to course correct. If they don't have an off
| switch in the WWDC developer betas, that would be a bug for
| everyone to report via Feedback Assistant.
| lstamour wrote:
| If Apple re-uses iCloud Private Relay for this feature,
| which they might or might not be doing, then there are
| actually two entities involved and Apple presumably knows
| what user made the request but not what URL was requested:
| https://appleinsider.com/articles/21/06/10/how-apple-
| icloud-...
| maxpert wrote:
| I literally use a tool for hiring that tells me exactly when
| mail was opened and which links were clicked. So no, That is
| not anonymization!
| amelius wrote:
| I have a tool which opens emails and randomly clicks links.
| jedberg wrote:
| Anonimization as in the IP address and location of the
| requester. Just like Apple Mail will do.
| [deleted]
| smoldesu wrote:
| I have never used an email client that doesn't block it by
| default. I was surprised (and somewhat worried) when I heard it
| being announced for Mail.
| lstamour wrote:
| Yep.
|
| When Gmail first introduced this image proxy feature in 2013 it
| started showing images in emails by default, which is great. I
| researched blog posts from then and apparently a workaround
| that still worked was to serve a fake HTTP Content-Length
| header of "0" and Gmail's proxies wouldn't cache the image.
| It's unclear if this bug has been fixed or not, or if similar
| bugs affect Outlook's proxies, for example.
|
| The rest of this post is speculation -
|
| I wonder if it won't affect Apple's Mail app because Apple
| isn't loading images directly from a proxy, instead, the
| original URL is sent to the Mail app over IMAP or Exchange and
| then Apple will download the image by asking the Apple proxy
| for the unmodified URL. This means even if an existing Gmail or
| Outlook image proxy server can be tricked, it shouldn't affect
| the Apple Mail app.
|
| That's not to say Apple Mail won't have other issues - for
| example, it shouldn't stop at images. Apple Mail supports CSS
| and web fonts, so theoretically all network traffic not
| destined to hit the IMAP server should go through the proxy if
| complete privacy is desired. I think the wording of the Mail
| app suggests it's more than just images.
|
| And the way it's implemented, because it's not server-side, it
| does indicate that an email address checked using Apple Mail
| downloaded your email, so you know it's pretty likely there's a
| human at the other end and they use Apple Mail even if they
| don't know exactly when you opened the email for the first
| time, they know when your Mail app downloaded it and possibly
| when you received a push notification about it. Unless it
| caches content with every request, which it might, you might
| also know how many different Apple Mail clients downloaded the
| message and when which might still indicate patterns of use
| especially if you can create a network of tracking pixels
| across different email messages. Finally, nothing about the
| feature actually anonymizes links or prevents specifically
| tracking pixels, but that's probably a good thing until we
| invent local Content Blocker extensions for Mail app, for
| example.
| trasz wrote:
| "93.5% of all email opens on phones come in Apple Mail on iPhones
| or iPads"
|
| How?
| bombcar wrote:
| 93.5% of all _trackable_ email opens on phones comes from Apple
| Mail on iPhones or iPads.
|
| If Google is already doing something similar for gmail then
| android statistics would be ignored or worthless.
| ryantgtg wrote:
| When Casey Newton (author of the article) first launched his
| Substack newsletter, he was alarmed that the full posts were not
| displayed for gmail users - instead there was a "jump" (that many
| users probably don't see, because it's formatted as "... [Message
| clipped] View Entire Message"). The issue is that gmail clips
| emails at 102k, and the substack emails easily hit that limit
| when posts contain lots of urls due to 1) inline styling on
| links, and 2) the ballooning hyperlinks due to the tracking
| strings.
|
| This person found that substack was ballooning a 59 character url
| to over 400 characters.
|
| https://tedium.co/2020/12/22/gmail-102kb-email-size-limit-hi...
| (same author, more detail):
| https://twitter.com/ShortFormErnie/status/133992146683031961...
|
| I was hoping this incident would cause substack and others to
| pull back on the reins a little bit. The urls on these emails are
| redonk, and clearly the authors aren't happy about users missing
| out on content.
| shortformblog wrote:
| I wrote the story on the size limit issue you linked and have
| thoughts on the issue listed here. (Long story short: This
| whole issue is a byproduct of the lack of standardization in
| the email space, something highlighted by the use of tables in
| emails, which are another reason why emails are so large. Long
| story short, email is in need of modernization, which could
| lead to better options for tracking than tracking pixels, which
| are not anonymized enough for publisher use cases.)
|
| I agree that the amount of tracking going on in the Substack
| links is a bit aggressive, but I want to be careful to not put
| too much of the blame on them for the long links. Part of the
| problem is the service that Substack is using, Mailgun, is
| intended for transactional emails, rather than the newsletters
| that Substack is sending. My feeling is that Substack ramped up
| using Mailgun but probably needs to start building their own
| tech for doing this, because it's clearly not suited for the
| Substack use case.
|
| Thanks for sending the link--it is super-relevant to this
| issue.
| Animats wrote:
| I've had image loading turned off in Thunderbird for a decade or
| more.
| midasuni wrote:
| I don't think I've ever had a mail client that loads images by
| default. Maybe Eudora in the late 90s? I have a feeling html
| mail was coming in around then, and it was before I moved to
| pine.
| symfoniq wrote:
| Unless I'm misunderstanding how this new feature is implemented,
| tracking pixels will still work, but the data that can be gleaned
| from them will be more generic (the IP address will belong to a
| proxy).
|
| Senders that are using these pixels to measure engagement (as
| opposed to building user profiles) shouldn't have much to worry
| about.
| iancarroll wrote:
| "Mail Privacy Protection works by hiding your IP address and
| loading remote content privately in the background, even when
| you don't open the message."
| taylorfinley wrote:
| Does this give Apple an excuse to send the content of
| received emails to their servers, for the background proxy
| loading process? "Even when you don't open the message" is
| very creepy to me. I'm suspicious of any company that wants
| to read my emails to 'protect' my privacy.
| symfoniq wrote:
| Not necessarily. Tracking pixels are implemented using
| images (usually transparent ones), so all Apple Mail
| _needs_ to do is send the image URLs to the proxies, not
| the entire contents of the email. What they 're _actually_
| doing remains to be seen.
| crooked-v wrote:
| The simplest implementation here would probably be
| something where the server pulls a copy of images and then
| bundles them into an inline blob in the IMAP email storage.
|
| They're "reading your emails" for functionality like spam
| filtering anyway. This seems like it would work on
| basically the same level as that kind of stuff.
| warkdarrior wrote:
| > They're "reading your emails" for functionality like
| spam filtering anyway. This seems like it would work on
| basically the same level as that kind of stuff.
|
| This is how Gmail started as well, and now Gmail is a big
| source of profiling info for Google advertising.
| AlexandrB wrote:
| Betteridge's law of headlines applies to this one. Though this
| quote from another article was particularly inexplicable to me:
|
| > "This is another sign that Apple's war against targeted
| advertising isn't just about screwing Facebook," Joshua Benton
| wrote in Nieman Lab. "They're also coming for your Substack."
|
| Substack's whole appeal (at least to me) is that it's not bogged
| down by the seemingly mandatory ads, popovers, and autoplay
| videos that plague every other news site.
| stonogo wrote:
| Substack's value prop is that subscribers receive richly-
| formatted emails of the posts; it's essentially a newsletter
| service with a web publishing feature.
| dylan604 wrote:
| Why is it that Apple is coming for anyone specific rather than
| just trying to protect user privacy in general regardless to
| who it is affecting? Of course, other than not being click-
| baity enough.
| AlexandrB wrote:
| Reading some of the takes on this topic makes me realize that
| my consent is completely irrelevant to this whole industry at
| this point: https://mattietk.medium.com/apples-mail-privacy-
| protection-i...
|
| > Apple's fight for privacy is really a fight against the
| web. In signing up for a newsletter, a publisher or marketer
| already has a more valuable piece of PII: your email address.
| By focusing on IP addresses, and blocking trackers rather
| than proxying them on a fuzzy delay (which would provide the
| same useful publisher data without any PII leak of location
| or time), Apple are not really fighting for their users so
| much as they are fighting against email.
|
| No. Embedding invisible elements that report back information
| I never intended you to have is "fighting against email".
| Terrestrial mail does not allow you to track where, when, or
| by whom it's opened. I think that's the expectation of most
| people for email as well. The fact that marketers have gotten
| away with something different thus far is a _vulnerability in
| the standard_ as far as I 'm concerned and should be fixed.
| felipemesquita wrote:
| Unless Apple's proxy loads every image in all emails
| independently of the user opening them, it's still possible to
| track when a message is viewed by having images with unique URLs
| for each recipient.
| gruez wrote:
| The picture in the embedded tweet[1] suggests that the images
| are loaded even if they're not opened.
|
| [1]
| https://twitter.com/rjonesy/status/1401993816001978375/photo...
| crooked-v wrote:
| > Mail Privacy Protection works by hiding your IP address and
| loading remote content privately in the background, even when
| you don't open the message.
|
| It does load all the images independently of the user opening
| it.
|
| My guess is that the server will pull a copy of everything as
| soon as the email is received and bundle it all into an inline
| blob that goes to the client.
___________________________________________________________________
(page generated 2021-06-10 23:00 UTC)