Got an email from a bank saying my account has been put in a restricted state because they have been unable to reach me. Their emails reach me fine. They rarely send paper mail but when they do I can see that they have the correct address on file.

Then I looked closer at their email, examined the HTML, and found that they insert a tracker pixel in their messages. So if I were to use a graphical mail client with default configs, they would surreptitiously get a signal telling them my IP (thus whereabouts) and time of day every time I open my email from them. I use a text client so the tracker pixels get ignored.

Would a bank conclude from lack of tracker pixels signals that they are not reaching a customer, and then lock down their account?

I’m not going to call them and ask… fuck them for interrupting my day and making me dance. I don’t lick boots like that. I just wonder if anyone else who does not trigger tracker pixels has encountered this situation.

  • panicnow@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    2 hours ago

    Apple’s mail client messes with tracking pixels and has for a few years now, but I have never seen had an issue from that. But I only use a handful of financial institutions so it might not be representative.

    In Apple’s implementation, the tracking pixels are all fetched at the server level so every tracking pixels fires as soon as the email hits the server regardless of whether I ever open the email. This is a different take on breaking the tracking than what you are doing, so it might result in a different outcome.

  • BearOfaTime@lemm.ee
    link
    fedilink
    arrow-up
    6
    ·
    5 hours ago

    I never even open emails from my credit union, the few I get.

    Change banks. Move to a credit union.

    I save $500/year in fees because I have multiple accounts and banks change for that.

    My credit union doesn’t care. Everything works the same, still have an app if I want, can do balance checks and transfers via text (and if I’m Sim-jacked, that’s disabled, I’ve tested it).

    If they see unusual transactions I’ll get a text and a phone call. I then call the number I have (not the one they give me) or login via the website (which uses 2 verification mechanisms).

  • shortwavesurfer
    link
    fedilink
    arrow-up
    7
    ·
    6 hours ago

    Fuck all that noise. I would be switching banks as soon as I feasibly could. Because fuck no.

  • protist@mander.xyz
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    5
    ·
    edit-2
    7 hours ago

    If there’s actually a problem with your account, and you ignore it, the only thing you’re accomplishing is putting any money you have in that account at risk. Why are you so bothered by your bank sending you an email using extremely common informatics technology, especially after you already planned for this and literally aren’t sending them any of the data you’re concerned about? Try calling them

    • evenwicht@lemmy.sdf.orgOPM
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      39 minutes ago

      Yeah I’ll have to deal with it at some point one way or another. I’m sure I will close the account at the first opportunity but it’s impossible to find a non-shitty bank or CU. It’s not something I can do at the drop of a hat. It seems not a single bank or CU targets the market of consumers who have some self-respect and a bit of street wisdom.

      Why are you so bothered by your bank sending you an email using extremely common informatics technology,

      I don’t give a shit how popular tracker pixels are. It doesn’t justify them being in my comms, so I have a duty to not trigger them and I’m happy to treat pushers of these trackers as adversaries and threat actors. They are being dishonest and sneaky. The honest thing to do is to follow the RFC on return receipts, which is transparent and gives the customer appropriate control over their own disclosures.

      especially after you already planned for this and literally aren’t sending them any of the data you’re concerned about?

      I use a text mail client for other reasons but incidentally it’s good for avoiding tracker pixels. Actually I have to check on something… I not 100% that spamassassin does not trigger tracker pixels. SA has some vulns, like the DNS leak vuln. But if SA does not trigger the tracker pixels, then indeed I’m secure enough.

  • neatchee@lemmy.world
    link
    fedilink
    arrow-up
    23
    arrow-down
    1
    ·
    10 hours ago

    There are so many ways these trackers can break and they are almost always anonymised as aggregate metadata anyway by the tracking service

    It is far more likely that they have been trying to call you or have expected some kind of response to the mail they are sending but have not received any contact from you in a long time

    • evenwicht@lemmy.sdf.orgOPM
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      10 hours ago

      Can you explain why they would want to anonymise the tracker pixels? Doesn’t that defeat the purpose?

        • evenwicht@lemmy.sdf.orgOPM
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          7 hours ago

          I did not think of the marketing angle – although even then, knowing the times that each individual opens their mail and their location has value for personalized marketing.

          We are talking about banks in the case at hand. It’s unclear how many people have not come to the realization that bankers are now doing the job of cops. KYC/AML. In this particular sector, anonymization is unlikely. Banks have no limits on their snooping. They have a blank check and no consequences for overcollection. No restraint. When they get breached, they just sign people up for credit monitoring and any overcollection has the immunity of KYC law.

          At best, perhaps a marketing division would choose some canned bulk mailing service which happens to give them low resolution on engagement. But even that’s a stretch because anyone in the marketing business also wants to market their own service as making the most of data collection.

          • coolkicks@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            3 hours ago

            I’ve done quite a bit of work implementing abandoned property analytics and escheatment processes at multiple large finance firms, and marketing engagement isn’t part of the criteria.

            Banks want to keep your money at all costs, so even seeing that an email didn’t bounce back is enough of a sign of life to try to justify not escheating your assets to the state, which is part of the reason why marketing data isn’t part of the criteria.

      • conciselyverbose@sh.itjust.works
        link
        fedilink
        arrow-up
        4
        ·
        10 hours ago

        I don’t think most do and for sure don’t trust them and block them.

        But they’re also used to judge campaigns. You take a random, small subset of your mailing list, and a/b test by sending half one email and half a different email. The tracking pixels give you a good approximation of which gets more people to read it, and you use that headline for the rest of the list. You can also do the same thing just to generally keep an eye on what types of messages work best, etc.

        But fuck them, I’m not giving up privacy I can protect.

    • evenwicht@lemmy.sdf.orgOPM
      link
      fedilink
      arrow-up
      3
      ·
      10 hours ago

      No that’s not it. My address is unique to the bank, full headers & path match up with other mail from them, and the means to reach them back correct (yes I examine every character for imposters using od -c).