Skip to content
Email has been around for over 50 years. Back in 1971, what is widely regarded as the first email was sent by Ray Tomlinson as a test of an email feature on Arpanet. Since no one had told him what the historical event was, he just sent it to himself and the content was something like “QWERTYUIOP,” he said in an interview in the late 1990s.
The protocol still used to send emails, smtp, has been around since 1981. The most common protocol for retrieving and managing email, imap, was introduced in 1988. The biggest technical changes since then are the addition of encrypted connections using ssl/tls.
At no time in the early decades of email was privacy and protection of personal data included in the development of the email technology itself. Encryption for those who need to send secrets came fairly early with PGP (1991) and s/mime (1995), but 30 years later it has still not taken hold in the market. Other developments have meant that email today has less privacy protection than ever.
Threats to and from
Email can pose a privacy problem on two completely different fronts, with completely different requirements for protective measures. One is the monitoring of your communication along the path between you and the recipient — that is, an external threat to your emails. But a far greater concern for most people today is the threat that comes from within the email — various techniques to track and spy on you via the technical content of the emails you open.
Måns Jonasson at The Swedish Internet Foundation.
Internetstiftelsen/Kristina Alexanderson
How you are tracked
As soon as you open an email, the person who sent it can find out where you are, when and how many times you open it. All this is thanks to so-called tracking pixels — tiny images, just a single white pixel, generated on the sender’s server with a random file name linked to you. This is used in everything from spam to newsletters and one-off emails.
Måns Jonasson, internet expert at the Swedish Internet Foundation, points out that tracking via the scanning of images with unique file names linked to user profiles or accounts is not limited to tracking pixels.
It can be any image in an HTML email.
“HTML emails also allow you to track recipients using other techniques such as cookies and dynamic content,” says Cooper Quintin, senior public interest technologist at the Electronic Frontier Foundation (EFF).
Both Måns Jonasson and Cooper Quintin also talk about the other common way you are tracked: While tracking pixels and the like work passively, tracking links are an active type of tracking. There are basically two types of tracking links: links that don’t go to the final destination at all, but reach it via a server that tracks the click and sends you on,