Got an email from a bank saying my account has been put in a restricted state because they have been unable to reach me. Their emails reach me fine. They rarely send paper mail but when they do I can see that they have the correct address on file.
Then I looked closer at their email, examined the HTML, and found that they insert a tracker pixel in their messages. So if I were to use a graphical mail client with default configs, they would surreptitiously get a signal telling them my IP (thus whereabouts) and time of day every time I open my email from them. I use a text client so the tracker pixels get ignored.
Would a bank conclude from lack of tracker pixels signals that they are not reaching a customer, and then lock down their account?
I’m not going to call them and ask… fuck them for interrupting my day and making me dance. I don’t lick boots like that. I just wonder if anyone else who does not trigger tracker pixels has encountered this situation.
Yeah I’ll have to deal with it at some point one way or another. I’m sure I will close the account at the first opportunity but it’s impossible to find a non-shitty bank or CU. It’s not something I can do at the drop of a hat. It seems not a single bank or CU targets the market of consumers who have some self-respect and a bit of street wisdom.
I don’t give a shit how popular tracker pixels are. It doesn’t justify them being in my comms, so I have a duty to not trigger them and I’m happy to treat pushers of these trackers as adversaries and threat actors. They are being dishonest and sneaky. The honest thing to do is to follow the RFC on return receipts, which is transparent and gives the customer appropriate control over their own disclosures.
I use a text mail client for other reasons but incidentally it’s good for avoiding tracker pixels. Actually I have to check on something… I not 100% that spamassassin does not trigger tracker pixels. SA has some vulns, like the DNS leak vuln. But if SA does not trigger the tracker pixels, then indeed I’m secure enough.